[Red Hat JIRA] (WFLY-14284) WildFly doesn't stop while waiting for PeriodicRecovery
by Ondrej Chaloupka (Jira)
[ https://issues.redhat.com/browse/WFLY-14284?page=com.atlassian.jira.plugi... ]
Ondrej Chaloupka commented on WFLY-14284:
-----------------------------------------
hi [~adrianots].
I checked the behaviour of the {{http-remoting}} with [~tomekadamski] and he considers it as an issue. I created a jira for it: https://issues.redhat.com/browse/WEJBHTTP-53
To your questions
ad 1. yes, agree. With use of {{remote+http}} the container should not be stopped hanging endlessly.
ad 2. that depends on your application and I would really **not** recommend it as a generic rule of thumb. The heuristic error means there was some unexpected error in the transaction processing (ie. 2PC protocol can't proceed in deterministic way). The reason should be verified first and then you can proceed with the deletion. You may take a look e.g. on guidance at https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_ap... , something about troubleshooting here https://docs.wildfly.org/19.1/Developer_Guide.html#in-ejbs
ad 3. it depends on configuration but I assume it should be possible. E.g. if the app works that the connection is opened, be directed to one of the server, is established and retained until finished then the ejb client recovery will point to that particular server and recovery will probably not be touching the loadbalancer. From transaction perspective is important that the server behind the loadbalancer keeps the ip and the transaction log.
But I'm not able to say how exactly this works in your environment.
ad 4. Here I'm really not sure. In general every next WFLY release should contain fixes on top of the previous one. It's a generic question which may depend on your workload. I would suggest to place this type of question at https://groups.google.com/g/wildfly.
> WildFly doesn't stop while waiting for PeriodicRecovery
> -------------------------------------------------------
>
> Key: WFLY-14284
> URL: https://issues.redhat.com/browse/WFLY-14284
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Transactions
> Affects Versions: 18.0.1.Final, 20.0.1.Final
> Reporter: Adriano Teixeira de Souza
> Assignee: Michael Musgrove
> Priority: Major
> Attachments: ejb-configs.sh, jboss-ejb-client.xml, server(transaction).log, thread-dump-stop-1.txt
>
>
> I'm testing wildfly 20.0.1 (and 21.0.2 was tested too) for replace our old version of Wildfly 10.
> it happens that frequently we have seen that the stop function of server does not work and we need to kill the process by manual operation on the OS.
> It sounds like a dead look.
> I attatch the thread dump on this.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 5 months
[Red Hat JIRA] (ELY-1976) Elytron provider not being used with credential store and SASL authentication on the Client Side
by Farah Juma (Jira)
[ https://issues.redhat.com/browse/ELY-1976?page=com.atlassian.jira.plugin.... ]
Farah Juma updated ELY-1976:
----------------------------
Fix Version/s: 1.10.11.Final
> Elytron provider not being used with credential store and SASL authentication on the Client Side
> ------------------------------------------------------------------------------------------------
>
> Key: ELY-1976
> URL: https://issues.redhat.com/browse/ELY-1976
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Client
> Reporter: Sonia Zaldana
> Assignee: Sonia Zaldana
> Priority: Major
> Fix For: 1.10.11.Final, 1.13.0.CR1
>
>
> Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows:
> {code:java}
> Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential]
> at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160)
> at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102)
> at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245)
> at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75)
> at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219)
> at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98)
> at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54)
> at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55)
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55)
> at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649)
> at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991)
> at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: java.io.IOException: ELY01030: Unable to read credential
> at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92)
> at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207)
> at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841)
> at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93)
> at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156)
> ... 16 more
> Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683)
> at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303)
> at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287)
> at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88)
> ... 20 more
> Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear"
> at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122)
> at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679)
> ... 23 more
> {code}
> Here is my wildfly-config.xml where the credential-store-reference has been configured.
> {code:java}
> <configuration>
> <authentication-client xmlns="urn:elytron:client:1.5">
> <credential-stores>
> <credential-store name="mycredstore">
> <attributes>
> <attribute name="keyStoreType" value="JCEKS"/>
> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute>
> </attributes>
> <protection-parameter-credentials>
> <clear-password password="StorePassword"/>
> </protection-parameter-credentials>
> </credential-store>
> </credential-stores>
> <authentication-rules>
> <rule use-configuration="default-config"/>
> </authentication-rules>
> <authentication-configurations>
> <configuration name="default-config">
> <set-user-name name="quickstartUser"/>
> <credentials>
> <credential-store-reference store="mycredstore" alias="quickstartUser"/>
> </credentials>
> <sasl-mechanism-selector selector="SCRAM-SHA-512"/>
> <providers>
> <use-service-loader />
> </providers>
> </configuration>
> </authentication-configurations>
> </authentication-client>
> </configuration>
> {code}
> The provider configuration in wildfly-config.xml is specified correctly:
> {code:java}
> <providers>
> <use-service-loader />
> </providers>
> {code}
> The problem seems to be in PasswordFactory.getInstance() in KeyStoreCredentialStore where we aren't setting the providers we have configured. Instead, it seems to use INSTALLED_PROVIDERS which does not have the Elytron providers.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 5 months