RHEA-2016:0405 - Product Enhancement Advisory

Topic

Updated rhevm-sdk-java packages that fix several bugs and add various enhancements are now available.

Description

The rhevm-sdk-java package provides a Java Software Development Kit to
facilitate the development of custom applications and code that interact with the Red Hat Enterprise Virtualization Manager.

The package contains a Java library that simplifies communication with the Red Hat Enterprise Virtualization Manager REST API by providing an object-oriented view to developers.

Changes to the rhevm-sdk-java component:

• Previously, the Java SDK did not support authentication to a RHEV-M server that was configured with Kerberos. Now, the Java SDK supports authentication using a previously obtained Kerberos ticket. When doing this the SDK will take the credentials from the Kerberos credentials cache and will use them to authenticate with the server.The Kerberos environment must be configured correctly before calling the Java SDK and the credentials cache must be already populated. To configure the environment two files are required, the Kerberos configuration file and the JAAS configuration file. The JAAS configuration file needs to be created with content similar to:

com.sun.security.jgss.login {
com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true doNotPrompt=true;
};

com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true doNotPrompt=true;
};

In addition to these files the following system properties have to be added to the JVM:

• Djava.security.auth.login.config=/etc/jaas.conf
• Djava.security.krb5.conf=/etc/krb5.conf
• Djavax.security.auth.useSubjectCredsOnly=false (BZ#1145237)
• The HTTP components packages required by the Red Hat Enterprise Virtualization Manager Java SDK package have been changed to match release 6.3 of JBoss Enterprise Application Platform. The location of the JAR files provided by the new required packages is different to the previous location, so users with scripts that depend on these locations must update those scripts accordingly. For example, if you have a script such as the following:

java -classpath \
myapp.jar:\
/usr/share/java/rhevm-sdk-java/rhevm-sdk-java.jar:\
/usr/share/java/httpcore.jar:\
/usr/share/java/httpclient.jar \
my.app.Main

The script must be updated to the following:

java -classpath \
myapp.jar:\
/usr/share/java/rhevm-sdk-java/rhevm-sdk-java.jar:\
/usr/share/java/httpcomponents-eap6/httpcore.jar:\
/usr/share/java/httpcomponents-eap6/httpclient.jar \
my.app.Main

Note that the location of the httpcore.jar and httpclient.jar files has changed from /usr/share/java to /usr/share/java/httpcomponents-eap6. (BZ#1113159)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

Affected Products

• Red Hat Virtualization 3.6 x86_64

Fixes

• BZ - 1113159 - Failing to install rhevm-sdk-java with JBoss 6.3.0
• BZ - 1145237 - [RFE] JAVA-SDK: Add support for Kerberos authentication
• BZ - 1240320 - [BREW BUILD ENABLER] Regenerate Java SDK using the latest build of RHEV-M 3.6

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal