[jboss-jira] [JBoss JIRA] (AS7-4099) Clustered EJB invocations for server to server communication fail on secured servers

[jaikiran pai (JIRA)]

jaikiran pai created AS7-4099:
---------------------------------

             Summary: Clustered EJB invocations for server to server communication fail on secured servers
                 Key: AS7-4099
                 URL: https://issues.jboss.org/browse/AS7-4099
             Project: Application Server 7
          Issue Type: Bug
          Components: EJB
    Affects Versions: 7.1.0.Final
            Reporter: jaikiran pai
            Assignee: jaikiran pai
            Priority: Critical
             Fix For: 7.1.1.Final


While writing a documentation for server to server EJB invocations when security is involved, I just noticed that we lack a way to let the user deployments configure security and other connection details for dynamic nodes that participate in the clustered invocation. Consider the following scenario:

1) Server A and Server B both running in standalone HA mode. Both server A and B have a deployment "foo" containing clustered SFSBs.
2) Server C is a client server (may or may not have cluster capability). 
3) Server C has a deployment "bar" containing a jboss-ejb-client.xml with reference to a outbound remoting connection:

{code:xml}
<jboss-ejb-client xmlns="urn:jboss:ejb-client:1.0">
    <client-context>
        <ejb-receivers>
            <remoting-ejb-receiver outbound-connection-ref="server-A-outbound-connection" />
        </ejb-receivers>
    </client-context>
</jboss-ejb-client>
{code}
Server C has a outbound connection configuration to server A, configured in its remoting subsystem with appropriate security and other connection settings. 

The "bar" application on server C invokes a SFSB from "foo" application on server A. Server A sends back the cluster topology to server C and that topology includes server B (and other nodes if any). Now server C has no knowledge on how to connect to server B with the appropriate security credentials. The EJB client API falls back on default connection options and will try to connect to server B, but that will obviously fail because those defaults won't be applicable in a secured server environment. 

The infrastructure is in place, in EJB client API to dynamically connecting to the cluster nodes. What we are missing is a way to let users configure this. For a remote standalone client, we allow this via jboss-ejb-client.properties. We need something similar but more applicable for a client hosted on the server, in the jboss-ejb-client.xml.



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira