Bug 908236 - Defining a secure socket for http management without a security realm results in a NullPointerException
Summary: Defining a secure socket for http management without a security realm results...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Domain Management
Version: 6.0.1
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: DR2
: EAP 6.4.0
Assignee: Darran Lofthouse
QA Contact: Petr Kremensky
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-02-06 08:46 UTC by Hisanobu Okuda
Modified: 2019-08-19 12:45 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, model validation was not being performed to ensure an HTTP management interface configured to enable SSL also referenced a security realm to obtain its SSLContext. Without the validation, the SecurityRealm was null, which lead to a `NullPointerException`. In this release the time updates are applied to the management model and additional checks are performed to ensure a security realm is associated with the HTTP management interface is SSL is being enabled. If a user attempts to define a HTTP management interface with SSL but no SecurityRealm an error message is reported instead of the `NullPointerException`.
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Issue Tracker WFCORE-82 Major Resolved Defining a HTTP management interface with secure-port or https socket binding but not security realm causes NullPointerE... 2016-06-27 05:39:25 UTC

Description Hisanobu Okuda 2013-02-06 08:46:18 UTC
Description of problem:

Configuring as follow:-

        <management-interfaces>
            <native-interface  security-realm="ManagementRealm">
                <socket-binding native="management-native"/>
            </native-interface>
            <http-interface>
                <socket-binding http="management-http" https="management-https"/>
            </http-interface>
        </management-interfaces>

NPE is thrown at startup:-

16:55:03,318 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service jboss.serverManagement.controller.management.http: org.jboss.msc.service.StartException in service jboss.serverManagement.controller.management.http: java.lang.NullPointerException
	at org.jboss.as.server.mgmt.HttpManagementService.start(HttpManagementService.java:220) [jboss-as-server-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA-redhat-2.jar:1.0.2.GA-redhat-2]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA-redhat-2.jar:1.0.2.GA-redhat-2]
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_37]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_37]
	at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_37]
Caused by: java.lang.NullPointerException
	at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:157)
	at org.jboss.as.server.mgmt.HttpManagementService.start(HttpManagementService.java:184) [jboss-as-server-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]
	... 5 more



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 3 Darran Lofthouse 2014-07-08 13:54:29 UTC
Taking this one, however the fix will most likely be an error message and aborted server start up as the realm is required if https is being enabled.

Comment 4 Petr Kremensky 2014-07-18 07:23:56 UTC
I think we shouldn't allow user to remove realm if https is enabled (enable https if realm is not present), because by aborting the server startup we disallow user to fix EAP by management operations (manual edit of config file would be the only option left).

Comment 5 Darran Lofthouse 2014-07-18 11:12:07 UTC
Petr, what you are describing is a different issue - this BZ has been opened on the basis of an existing XML configuration and a NullPointerException being the result.  A dev_ack has been added on that basis, increasing the scope now is not appropriate.

If you have a sequence of operations in this area that take the server from a bootable state to a non-bootable state please raise as a separate BZ and it will be triaged accordingly.

Comment 6 Petr Kremensky 2014-07-18 12:42:56 UTC
I thought that the configuration in piece of xml in description was achieved by management operations, but now I see, that EAP won't let user to add https and remove security realm at the same time, so I totally agree with proposed fix.

Comment 8 Petr Kremensky 2014-09-26 10:53:27 UTC
Verified on EAP 6.4.0.DR2


Note You need to log in before you can comment on or make changes to this bug.