[JBoss JIRA] (ELY-1230) Attribute security-domain from Elytron authentication-configuration does not propagate credentials
3:18 p.m.
[
https://issues.jboss.org/browse/ELY-1230?page=com.atlassian.jira.plugin.s...
]
Pedro Igor commented on ELY-1230:
---------------------------------
Another fix on the way in order to fix remoting in WFCORE in order to properly configure
identity propagation to outbound connections.
Attribute security-domain from Elytron authentication-configuration
does not propagate credentials
--------------------------------------------------------------------------------------------------
Key: ELY-1230
URL: https://issues.jboss.org/browse/ELY-1230
Project: WildFly Elytron
Issue Type: Bug
Affects Versions: 1.1.0.Beta47
Reporter: Ondrej Lukas
Assignee: Pedro Igor
Priority: Critical
When client-server schema as 'Client -> Server A -> Server B' is used and
intermediate server (server A) uses {{authentication-configuration.security-domain}} and
DIGEST-MD5 mechanism is used then application (i.e. EJB) from intermediate server cannot
authenticate to server B. It seems that DIGEST-MD5 mechanism cannot be chosen by SASL
mechanism selector when no user and credentials are explicitly allowed.
As we understand attribute {{authentication-configuration.security-domain}} correctly
(since there is not any sufficient documentation or example project), then intermediate
server should be able to obtain credentials from given security domain and use them for
authentication.
See reproducer for more details.
Exception from intermediate server:
{code}
ERROR [org.jboss.as.ejb3.invocation] (default task-6) WFLYEJB0034: EJB Invocation failed
on component Intermediate for method public abstract java.lang.String
example.ejb.WhoAmIBeanRemote.whoAmI(): javax.ejb.EJBException:
java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB matching
"StatelessEJBLocator for "/server-side/WhoAmIBean", view is interface
example.ejb.WhoAmIBeanRemote, affinity is None"
at
org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:188)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:277)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:332)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:240)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:327)
at
org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
at
org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:89)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:138)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:256)
at
org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609)
at
org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
at
org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:380)
at
org.jboss.as.ejb3.remote.AssociationImpl.invokeWithIdentity(AssociationImpl.java:460)
at org.jboss.as.ejb3.remote.AssociationImpl.invokeMethod(AssociationImpl.java:455)
at
org.jboss.as.ejb3.remote.AssociationImpl.lambda$receiveInvocationRequest$0(AssociationImpl.java:165)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB
matching "StatelessEJBLocator for "/server-side/WhoAmIBean", view is
interface example.ejb.WhoAmIBeanRemote, affinity is None"
at
org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:719)
at
org.jboss.ejb.client.EJBClientContext.performLocatedAction(EJBClientContext.java:701)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:162)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:112)
at com.sun.proxy.$Proxy48.whoAmI(Unknown Source)
at example.ejb.Intermediate.whoAmI(Intermediate.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:327)
at
org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:90)
at
org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:101)
at
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
at
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at
org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275)
... 44 more
Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the
mechanisms presented by the server (JBOSS-LOCAL-USER, DIGEST-MD5) are supported
at
org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:438)
at
org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:246)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at
org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:545)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:513)
at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:84)
at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:57)
at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:464)
at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:410)
at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:126)
at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:139)
at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:216)
at
org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.lambda$discover$0(RemotingEJBDiscoveryProvider.java:103)
at java.security.AccessController.doPrivileged(Native Method)
at
org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:103)
at
org.wildfly.discovery.impl.AggregateDiscoveryProvider.discover(AggregateDiscoveryProvider.java:58)
at org.wildfly.discovery.Discovery.discover(Discovery.java:94)
at org.jboss.ejb.client.EJBClientContext.discover(EJBClientContext.java:442)
at
org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:714)
... 74 more
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
3235
days inactive
3235
days old
0 comments
1 participants
participants (1)
-
Pedro Igor (JIRA)