[jboss-jira] [JBoss JIRA] (ELY-1230) Attribute security-domain from Elytron authentication-configuration does not propagate credentials

Ondrej Lukas (JIRA) issues at jboss.org
Tue Jun 6 07:27:01 EDT 2017 

Ondrej Lukas created ELY-1230:
---------------------------------

             Summary: Attribute security-domain from Elytron authentication-configuration does not propagate credentials
                 Key: ELY-1230
                 URL: https://issues.jboss.org/browse/ELY-1230
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Ondrej Lukas
            Assignee: Darran Lofthouse
            Priority: Critical


When client-server schema as 'Client -> Server A -> Server B' is used and intermediate server (server A) uses {{authentication-configuration.security-domain}} and DIGEST-MD5 mechanism is used then application (i.e. EJB) from intermediate server cannot authenticate to server B. It seems that DIGEST-MD5 mechanism cannot be chosen by SASL mechanism selector when no user and credentials are explicitly allowed.

As we understand attribute {{authentication-configuration.security-domain}} correctly (since there is not any sufficient documentation or example project), then intermediate server should be able to obtain credentials from given security domain and use them for authentication.

See reproducer for more details.

Exception from intermediate server:
{code}
ERROR [org.jboss.as.ejb3.invocation] (default task-6) WFLYEJB0034: EJB Invocation failed on component Intermediate for method public abstract java.lang.String example.ejb.WhoAmIBeanRemote.whoAmI(): javax.ejb.EJBException: java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB matching "StatelessEJBLocator for "/server-side/WhoAmIBean", view is interface example.ejb.WhoAmIBeanRemote, affinity is None"
	at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:188)
	at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:277)
	at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:332)
	at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:240)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:327)
	at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
	at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:89)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:138)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:256)
	at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609)
	at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	at org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:380)
	at org.jboss.as.ejb3.remote.AssociationImpl.invokeWithIdentity(AssociationImpl.java:460)
	at org.jboss.as.ejb3.remote.AssociationImpl.invokeMethod(AssociationImpl.java:455)
	at org.jboss.as.ejb3.remote.AssociationImpl.lambda$receiveInvocationRequest$0(AssociationImpl.java:165)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB matching "StatelessEJBLocator for "/server-side/WhoAmIBean", view is interface example.ejb.WhoAmIBeanRemote, affinity is None"
	at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:719)
	at org.jboss.ejb.client.EJBClientContext.performLocatedAction(EJBClientContext.java:701)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:162)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:112)
	at com.sun.proxy.$Proxy48.whoAmI(Unknown Source)
	at example.ejb.Intermediate.whoAmI(Intermediate.java:21)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:327)
	at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:90)
	at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:101)
	at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275)
	... 44 more
	Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (JBOSS-LOCAL-USER, DIGEST-MD5) are supported
		at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:438)
		at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:246)
		at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
		at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
		at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
		at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
		at ...asynchronous invocation...(Unknown Source)
		at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:545)
		at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:513)
		at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:84)
		at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:57)
		at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:464)
		at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:410)
		at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:126)
		at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:139)
		at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:216)
		at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.lambda$discover$0(RemotingEJBDiscoveryProvider.java:103)
		at java.security.AccessController.doPrivileged(Native Method)
		at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:103)
		at org.wildfly.discovery.impl.AggregateDiscoveryProvider.discover(AggregateDiscoveryProvider.java:58)
		at org.wildfly.discovery.Discovery.discover(Discovery.java:94)
		at org.jboss.ejb.client.EJBClientContext.discover(EJBClientContext.java:442)
		at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:714)
		... 74 more
{code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list