search

oracle / weblogic-deploy-tooling

WebLogic Deploy Tooling
https://oracle.github.io/weblogic-deploy-tooling/
Universal Permissive License v1.0
152 stars 90 forks source link

WLSDPLY-09015 when using custom auth provider in offline mode #1511

Closed belfo closed 10 months ago

belfo commented 10 months ago

Hello,

i'm getting again an issue that was solved long time ago (https://github.com/oracle/weblogic-deploy-tooling/issues/1128)

1. WLSDPLY-09015: updateDomain deployment failed: cd(/SecurityConfiguration/base_domain/Realm/myrealm/AuthenticationProvider/ECASIdentityAsserterV2) in offline mode failed: no such nested element AuthenticationProvider named ECASIdentityAsserterV2

difference is that now even when creating the domain it call updateDomain so it also fail when creating initial domain.

The mbean/schema are defined and present in the defined path:

[oracle@admin-int-introspector-hh6xz oracle]$ ls /u01/domains/base_domain/wlsdeploy/custom/mbean/
eulogin-weblogic-12-authprovider-8.5.0-jdk8.jar  uumds-identity-asserter-10.3.0-SNAPSHOT.jar
[oracle@admin-int-introspector-hh6xz oracle]$ ls /u01/domains/base_domain/wlsdeploy/custom/schema/
eulogin-weblogic-12-authprovider-8.5.0-jdk8.schema.jar  uumds-identity-asserter-10.3.0-SNAPSHOT.schema.ja

The WLSDEPLOY_PROPERTIES is set

WLSDEPLOY_PROPERTIES='-Dfmwconfig.alternateTypesDirectory=/u01/domains/base_domain/wlsdeploy/custom/mbean -Dfmwconfig.alternateSchemaDirectory=/u01/domains/base_domain/wlsdeploy/custom/schema

If the mbean / schema are in weblogic default directory it works, but if in the custom it fail. I'm using latest operator and Deploy tool 3.3.0. I'm rebuilding my images with 3.4.0 to test but i see no related changes in the readme.

Something changed in the differents tool that i forgot to update or is this a new issue? (Attached the full logs of the introspector when creating a new domain) Regards

Slack Message

robertpatrick commented 10 months ago

@belfo I am not convinced that this has ever worked with the custom security provider jars in the archive file. #1128 did not result in any WDT change that I can see so it was a WebLogic Operator issue and not related to the problem you are currently facing.

As we document here, WDT has never advertised that we supported putting the custom security provider JARs in the archive file. Currently, the code that extracts the files from the archive's custom location occurs too late in the invocation of the tool so that they are not available for the Security Provider configuration. We will make the code changes to support this one-off use case.

belfo commented 10 months ago

Indeed previous issue was a fix on Operator. I don't have access to the jira issue i can't tell the difference but clearly at the time it was fixing the issue. i was able to create/update the domain using the custom provider that was part of the archive.

https://oracle.github.io/weblogic-deploy-tooling/samples/securityproviders-model/#custom-security-providers It doesn't explicitly said that it need to be part of base image.

For the MBean jar, WebLogic allows you to define an alternate directory other than WLSERVER/server/lib/mbeantypes by using the system property -Dfmwconfig.alternateTypesDirectory=dir. For the WebLogic MBean schema type jar, you can use an alternate location by using -Dfmwconfig.alternateSchemaDirectory=dir. In order for the custom provider jars to be loaded correctly by WLST when discovering or configuring a domain, set this system property in the WLSDEPLOY_PROPERTIES environment variable. Both of the properties take a comma separated list of paths to directories containing the corresponding type of jar.

We will make the code changes to support this one-off use case.

Thanks. Do you have an estimate timeline?

robertpatrick commented 10 months ago

i was able to create/update the domain using the custom provider that was part of the archive.

This was sheer luck then and not by design.

Do you have an estimate timeline?

The code change is already in main (see). As to the timing for the next release, I will try to get it done prior to leaving for the Thanksgiving break (which is the end of next week).

belfo commented 10 months ago

@robertpatrick @jshum2479 I builded main branch locally and tested, still have the same error: Issue Log for updateDomain version 3.4.1-SNAPSHOT running WebLogic version 12.2.1.4.0.231010 offline mode:

SEVERE Messages:

    1. WLSDPLY-09015: updateDomain deployment failed: cd(/SecurityConfiguration/base_domain/Realm/myrealm/AuthenticationProvider/ECASIdentityAsserterV2) in offline mode failed: no such nested element AuthenticationProvider named ECASIdentityAsserterV2

Total: SEVERE : 1 WARNING : 0

updateDomain.sh failed (exit code = 2)

robertpatrick commented 10 months ago

@belfo Please provide the complete updateDomain.log file.

belfo commented 10 months ago

admin-int-introspector_3.log Here teh log

jshum2479 commented 10 months ago

It appears there is an issue with your schema jar file. This can be reproduced in standalone WebLogic environment by copying the provider and schema jar to the respective directories in the WebLogic installation.

<Nov 14, 2023 10:15:51 AM> <__extend_domain_with_select_template>

java.lang.NullPointerException at com.oracle.cie.domain.security.SecurityProviderHelper.processCustomSchemaJar(SecurityProviderHelper.java:350) at com.oracle.cie.domain.security.SecurityProviderHelper.processCustomSecurityProviderJars(SecurityProviderHelper.java:221) at com.oracle.cie.domain.aspect.WLSXBeanDomainTypeBuilder.getSchemaTypeLoader(WLSXBeanDomainTypeBuilder.java:1189) at com.oracle.cie.domain.aspect.XBeanDomainTypeBuilder.unmarshallXML(XBeanDomainTypeBuilder.java:395) at com.oracle.cie.domain.aspect.XBeanDomainTypeBuilder.unmarshallXML(XBeanDomainTypeBuilder.java:333) at com.oracle.cie.domain.aspect.WLSXBeanConfigAspectBuilder.createDomainConfigAspect(WLSXBeanConfigAspectBuilder.java:210) at com.oracle.cie.domain.WLSTemplateBuilder.parseConfig(WLSTemplateBuilder.java:255) at com.oracle.cie.domain.WLSTemplateBuilder.parseConfig(WLSTemplateBuilder.java:237) at com.oracle.cie.domain.WlsTemplateLoader.getDomainConfig(WlsTemplateLoader.java:61) at com.oracle.cie.domain.WLSTemplateBuilder.parseTemplate(WLSTemplateBuilder.java:680) at com.oracle.cie.domain.WLSTemplateBuilder.parseDomainTemplate(WLSTemplateBuilder.java:624) at com.oracle.cie.domain.WLSTemplateBuilder.buildDomainTemplate(WLSTemplateBuilder.java:2426) at com.oracle.cie.domain.WLSTemplateBuilder.buildTemplate(WLSTemplateBuilder.java:2155) at com.oracle.cie.domain.WLSTemplateBuilder.buildTemplate(WLSTemplateBuilder.java:2177) at com.oracle.cie.domain.script.ScriptExecutor.loadTemplates(ScriptExecutor.java:793) at com.oracle.cie.domain.script.jython.WLScriptContext.loadTemplates(WLScriptContext.java:661) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.oracle.cie.domain.script.jython.WLSTState.processCommand(WLSTState.java:226) at com.oracle.cie.domain.script.jython.WLScriptContext.runCmd(WLScriptContext.java:732) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.python.core.PyReflectedFunction.call(Unknown Source) at org.python.core.PyMethod.call(Unknown Source) at org.python.core.PyObject.call(Unknown Source) at org.python.core.PyInstance.invoke(Unknown Source) at org.python.pycode._pyx5.command$1(/private/var/folders/41/wj15fqdd6_nf4v63kt44gg_80000gq/T/WLSTOfflineIni4146189975739508786.py:19) at org.python.pycode._pyx5.call_function(/private/var/folders/41/wj15fqdd6_nf4v63kt44gg_80000gq/T/WLSTOfflineIni4146189975739508786.py) at org.python.core.PyTableCode.call(Unknown Source) at org.python.core.PyTableCode.call(Unknown Source) at org.python.core.PyTableCode.call(Unknown Source) at org.python.core.PyFunction.call(PyFunction.java:181) at org.python.pycode._pyx5.loadTemplates$8(/private/var/folders/41/wj15fqdd6_nf4v63kt44gg_80000gq/T/WLSTOfflineIni4146189975739508786.py:45) at org.python.pycode._pyx5.call_function(/private/var/folders/41/wj15fqdd6_nf4v63kt44gg_80000gq/T/WLSTOfflineIni4146189975739508786.py) at org.python.core.PyTableCode.call(Unknown Source) at org.python.core.PyTableCode.call(Unknown Source) at org.python.core.PyFunction.call(PyFunction.java:178) at wlsdeploy.tool.util.wlst_helper$py.load_templates$35(/Users/JSHUM/dev/oracle/weblogic-deploy-tooling/installer/target/weblogic-deploy/lib/python/wlsdeploy/tool/util/wlst_helper.py:709) at wlsdeploy.tool.util.wlst_helper$py.call_function(/Users/JSHUM/dev/oracle/weblogic-deploy-tooling/installer/target/weblogic-deploy/lib/python/wlsdeploy/tool/util/wlst_helper.py)

belfo commented 10 months ago

Indeed. with an updated jar, the generated schema jar is working. I don't know why the initial one was causing an issue but it's now ok.

Thanks