[jboss-jira] [JBoss JIRA] (AS7-4099) Clustered EJB invocations for server to server communication fail on secured servers

Thu Mar 8 14:50:36 EST 2012

     [ https://issues.jboss.org/browse/AS7-4099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Greene updated AS7-4099:
------------------------------

    Priority: Blocker  (was: Critical)

Since this effectively prevents servers (and also ee app clients) from acting as clients to a default security cluster config, this should block the 7.1.1 release.

> Clustered EJB invocations for server to server communication fail on secured servers
> ------------------------------------------------------------------------------------
>
>                 Key: AS7-4099
>                 URL: https://issues.jboss.org/browse/AS7-4099
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: EJB
>    Affects Versions: 7.1.0.Final
>            Reporter: jaikiran pai
>            Assignee: jaikiran pai
>            Priority: Blocker
>             Fix For: 7.1.1.Final
>
>
> While writing a documentation for server to server EJB invocations when security is involved, I just noticed that we lack a way to let the user deployments configure security and other connection details for dynamic nodes that participate in the clustered invocation. Consider the following scenario:
> 1) Server A and Server B both running in standalone HA mode. Both server A and B have a deployment "foo" containing clustered SFSBs.
> 2) Server C is a client server (may or may not have cluster capability). 
> 3) Server C has a deployment "bar" containing a jboss-ejb-client.xml with reference to a outbound remoting connection:
> {code:xml}
> <jboss-ejb-client xmlns="urn:jboss:ejb-client:1.0">
>     <client-context>
>         <ejb-receivers>
>             <remoting-ejb-receiver outbound-connection-ref="server-A-outbound-connection" />
>         </ejb-receivers>
>     </client-context>
> </jboss-ejb-client>
> {code}
> Server C has a outbound connection configuration to server A, configured in its remoting subsystem with appropriate security and other connection settings. 
> The "bar" application on server C invokes a SFSB from "foo" application on server A. Server A sends back the cluster topology to server C and that topology includes server B (and other nodes if any). Now server C has no knowledge on how to connect to server B with the appropriate security credentials. The EJB client API falls back on default connection options and will try to connect to server B, but that will obviously fail because those defaults won't be applicable in a secured server environment. 
> The infrastructure is in place, in EJB client API to dynamically connecting to the cluster nodes. What we are missing is a way to let users configure this. For a remote standalone client, we allow this via jboss-ejb-client.properties. We need something similar but more applicable for a client hosted on the server, in the jboss-ejb-client.xml.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira