[
https://issues.redhat.com/browse/WFCORE-4668?page=com.atlassian.jira.plug...
]
Moulali Shikalwadi commented on WFCORE-4668:
--------------------------------------------
[~ochaloup] is this issue still persist? Could you please add some steps to reproduce it.
Transaction recovery of remote ejb calls should not be using static
Default AuthenticationContext
-------------------------------------------------------------------------------------------------
Key: WFCORE-4668
URL:
https://issues.redhat.com/browse/WFCORE-4668
Project: WildFly Core
Issue Type: Bug
Components: Security
Affects Versions: 10.0.0.Beta9
Reporter: Ondrej Chaloupka
Priority: Critical
The issue WFCORE-4599 removed the `AuthenticationContext` would be static. This started
to cause troubles for transaction recovery processing when remote ejb calls are invoked.
The configuration that was used earlier for server to server ejb calls[1] (used with
`-Dwildfly.config.url`) stopped working.
It was possible to configure the default authentication context in the `standalone.xml`
for the whole elytron subsystem (in way like [2]). But this change started to cause
threads being stuck on execution of remote ejb calls in WFTC (somewhere here [3]).
Because of that the WFCORE-4659 reverted back the functionality of static global
authentication context. This was rather a bit workaround as the functionality should be
rather working as Stuart pointed out
{quote}
- Add an explicit config to specify the authentication context used by transaction
recovery
- If this is not set fall back to the default authentication context that is used by
deployments
- If none of the above are set then the auth context should be empty
{quote}
[1]
{code}
<configuration>
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="jta">
<match-abstract-type name="jta"
authority="jboss"/>
</rule>
</authentication-rules>
<authentication-configurations>
<configuration name="jta">
<sasl-mechanism-selector selector="DIGEST-MD5"/>
<providers>
<use-service-loader />
</providers>
<set-user-name name="ejb"/>
<credentials>
<clear-password password="ejb"/>
</credentials>
<set-mechanism-realm name="ApplicationRealm" />
</configuration>
</authentication-configurations>
</authentication-client>
</configuration>
{code}
[2]
{code}
<subsystem xmlns="urn:wildfly:elytron:8.0"
final-providers="combined-providers"
disallowed-providers="OracleUcrypto"
default-authentication-context="jta">
<authentication-client>
<authentication-configuration name="jta"
authentication-name="ejb" realm="ApplicationRealm"
sasl-mechanism-selector="DIGEST-MD5">
<credential-reference clear-text="ejb"/>
</authentication-configuration>
<authentication-context name="jta">
<match-rule match-abstract-type-authority="jboss"
authentication-configuration="jta"/>
</authentication-context>
</authentication-client>
{code}
[3]
https://github.com/wildfly/wildfly-transaction-client/blob/master/src/mai...
--
This message was sent by Atlassian Jira
(v7.13.8#713008)