[JBoss JIRA] (WFLY-9973) WildFly 12 IIOP always requires SSL

Wednesday, 7 March 2018

     [
https://issues.jboss.org/browse/WFLY-9973?page=com.atlassian.jira.plugin....
]

Ivan Straka updated WFLY-9973:
------------------------------
    Steps to Reproduce: 
Lets have two server, WF 10.1 (client role), WF 12.0 (server role)
# deploy client-side.war to WF 10.1
# deploy server-side.jar to WF 12.0
# start  WF 10.1 with command "./bin/standalone.sh -c standalone-full.xml
-Djboss.node.name=1"
# start  WF 12.0 with command "./bin/standalone.sh -c standalone-full.xml
-Djboss.node.name=2 -Djboss.socket.binding.port-offset=100"
# access localhost:8080 to run the scenario

You can see in WF 10.1 console output that it has got into infinite loop trying to connect
to unaccessible IIOP SSL socket.

  was:
Lets have two server, WF 10.1 (client role), WF 12.0 (server role)
# deploy client-side.war to WF 10.1
# deploy server-side.jar to WF 12.0
# start  WF 10.1 with command "./bin/standalone.sh -c standalone-full.xml
-Djboss.node.name=1"
# start  WF 12.0 with command "./bin/standalone.sh -c standalone-full.xml
-Djboss.node.name=2 -Djboss.socket.binding.port-offset=100"
# access localhost:8080 to run the scenario

You can see in WF 10.1 console output that it has got into infinite loop trying to connect
to IIOP SSL socket which is not accessible.

...
 WildFly 12 IIOP always requires SSL
 -----------------------------------

                 Key: WFLY-9973
                 URL: https://issues.jboss.org/browse/WFLY-9973
             Project: WildFly
          Issue Type: Bug
          Components: IIOP
    Affects Versions: 11.0.0.Final, 12.0.0.Final
            Reporter: Ivan Straka
            Assignee: Tomasz Adamski

 When app deployed to WF 10.1 calls an EJB deployed to WF 12.0 via IIOP, the call will
fail because WF 12.0 responds (Location Forward message - GIOP protocol) that It requires
SSL even if It does not (to the best of my knowledge).
 WF 12.0 standard IIOP subystem configuration:
 {code:xml}
         <subsystem xmlns="urn:jboss:domain:iiop-openjdk:2.0">
             <orb socket-binding="iiop"/>
             <initializers security="identity"
transactions="spec"/>
             <security server-requires-ssl="false"
client-requires-ssl="false"/>
         </subsystem>
 {code}
 It is observable
[here|https://github.com/wildfly/wildfly/blob/10.1.0.Final/iiop-openjdk/sr...]
(client side debugging). ssl.target_requires is true and ssl.target_supports is false.
 This does not happen when 
 * server side is WF 10.1 - ssl.target_requires is false and ssl.target_supports is true.
 * client side is WF 12.0 - it works due to better condition at client side
[here|https://github.com/wildfly/wildfly/blob/12.0.0.Final/iiop-openjdk/sr...]
which results to not using SSL
 If IIOP subsystem is configured to use iiop ssl socket, It will work - EAP just does not
responds correctly if ssl is not configured.
 It is possible that I have malconfigured server side EAP and I am missing something.
 Deployments used as reproducers are simple.
 client-side: simple servlet that calls an EJB
 {code:java}
 @WebServlet(urlPatterns = "/")
 public class ClientServlet extends HttpServlet {
     @Override
     protected void doGet(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
         try {
             Context ctx = new InitialContext(new Properties());
             Object iiopObj = ctx.lookup("corbaname:iiop:127.0.0.1:3628#Bean");
             BeanHome home = (BeanHome) PortableRemoteObject.narrow(iiopObj,
BeanHome.class);
             BeanRemote beanRemote = home.create();
             String string = beanRemote.invoke();
             System.out.println("Bean obtained by IIOP returned: " + string);
             resp.getWriter().append("Bean obtained by IIOP returned:
").append(string).append("\n");
         } catch (Exception e) {
             resp.getWriter().append("Calling bean failed: ");
             e.printStackTrace(resp.getWriter());
             throw new RuntimeException(e);
         }
     }
 }
 {code}
 server-side: simple EJB
 {code:java}
 public class Bean {
     public String invoke() {
         return "server side invocation: success";
     }
 }
 {code} 

--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006