[jboss-jira] [JBoss JIRA] (WFCORE-3149) Use "remote+http" as the default protocol for an Elytron remote outbound connection if no protocol is specified in the resolved AuthenticationConfiguration

Fri Aug 4 14:52:02 EDT 2017

     [ https://issues.jboss.org/browse/WFCORE-3149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma moved JBEAP-12562 to WFCORE-3149:
--------------------------------------------

        Project: WildFly Core  (was: JBoss Enterprise Application Platform)
            Key: WFCORE-3149  (was: JBEAP-12562)
       Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
    Component/s: Security
                     (was: Security)


> Use "remote+http" as the default protocol for an Elytron remote outbound connection if no protocol is specified in the resolved AuthenticationConfiguration
> -----------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-3149
>                 URL: https://issues.jboss.org/browse/WFCORE-3149
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Farah Juma
>            Assignee: Farah Juma
>            Priority: Blocker
>             Fix For: 3.0.0.CR1
>
>
> Here's a description of the problem from [~sguilhen]:
> {quote}
> Farah Juma Not sure if this is relevant but do you remember a quick chat we had about a month ago when I was converting this QS and I was getting a $local identity when IntermediateEJB attempted to invoke the SecuredEJB? No matter what I did in terms of configuration I was getting $local even if I used a sasl-mech-selector that explicitly defined DIGEST-MD5 as the only mech.
> I found another sample app that was working correctly and the only difference was that the intermediate EJB was injecting the reference to the remote EJB instead of doing a lookup. So I've changed the QS to inject the reference to the SecuredEJB in the IntermediateEJB and it started working. I don't know if this has anything to do with the current issue but I was also getting the $local identity when running this QS.
> {quote}
> The problem occurs for EJB invocations from a remote server when doing a lookup using a PROVIDER_URL when no protocol is set on the {{AuthenticationConfiguration}} that should be used for the remote EJB invocation. In particular, in {{RemoteOutboundConnectionService#start}} when an {{AuthenticationContext}} is specified for a remote outbound connection and no protocol is set on the resolved {{AuthenticationConfiguration}}, we currently use "http-remoting" as the default protocol when constructing the destination URI. In {{EjbClientContextSetupProcessor.RegistrationService#transformOne}}, we create an {{AuthenticationContext}} with a rule that attempts to match on "http-remoting". However, because the {{InitialContext}} is created using "remote+http://localhost:8080" as the PROVIDER_URL, our rule doesn't match this PROVIDER_URL, so the desired {{AuthenticationConfiguration}} doesn't actually get used. We could update {{RemoteOutboundConnectionService#start}} so that "remote+http" is used as the default protocol instead of the "http-remoting" protocol when no protocol is set on {{AuthenticationConfiguration}} that is resolved for an Elytron remote outbound connection. 


--
This message was sent by Atlassian JIRA
(v7.2.3#72005)