[jboss-jira] [JBoss JIRA] (WFLY-9973) WildFly 12 IIOP always requires SSL

Wed Mar 7 09:28:00 EST 2018

Ivan Straka created WFLY-9973:
---------------------------------

             Summary: WildFly 12 IIOP always requires SSL
                 Key: WFLY-9973
                 URL: https://issues.jboss.org/browse/WFLY-9973
             Project: WildFly
          Issue Type: Bug
          Components: IIOP
    Affects Versions: 12.0.0.Final, 11.0.0.Final
            Reporter: Ivan Straka
            Assignee: Tomasz Adamski

When app deployed to WF 10.1 calls an EJB deployed to WF 12.0 via IIOP, the call will fail because WF 12.0 responds (Location Forward message - GIOP protocol) that It requires SSL even if It does not (to the best of my knowledge).

WF 12.0 standard IIOP subystem configuration:
{code:xml}
        <subsystem xmlns="urn:jboss:domain:iiop-openjdk:2.0">
            <orb socket-binding="iiop"/>
            <initializers security="identity" transactions="spec"/>
            <security server-requires-ssl="false" client-requires-ssl="false"/>
        </subsystem>
{code}

It is observable [here|https://github.com/wildfly/wildfly/blob/10.1.0.Final/iiop-openjdk/src/main/java/org/wildfly/iiop/openjdk/csiv2/CSIV2IORToSocketInfo.java#L142] (client side debugging). ssl.target_requires is true and ssl.target_supports is false.

This does not happen when 
* server side is WF 10.1 - ssl.target_requires is false and ssl.target_supports is true.
* client side is WF 12.0 - it works due to better condition at client side [here|https://github.com/wildfly/wildfly/blob/12.0.0.Final/iiop-openjdk/src/main/java/org/wildfly/iiop/openjdk/csiv2/CSIV2IORToSocketInfo.java#L138] which results to not using SSL

If IIOP subsystem is configured to use iiop ssl socket, It will work - EAP just does not responds correctly if ssl is not configured.

It is possible that I have malconfigured server side EAP and I am missing something.

Deployments used as reproducers are simple.

client-side: simple servlet that calls an EJB
{code:java}
@WebServlet(urlPatterns = "/")
public class ClientServlet extends HttpServlet {

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {
        try {

            Context ctx = new InitialContext(new Properties());
            Object iiopObj = ctx.lookup("corbaname:iiop:127.0.0.1:3628#Bean");
            BeanHome home = (BeanHome) PortableRemoteObject.narrow(iiopObj, BeanHome.class);
            BeanRemote beanRemote = home.create();
            String string = beanRemote.invoke();
            System.out.println("Bean obtained by IIOP returned: " + string);
            resp.getWriter().append("Bean obtained by IIOP returned: ").append(string).append("\n");
        } catch (Exception e) {
            resp.getWriter().append("Calling bean failed: ");
            e.printStackTrace(resp.getWriter());
            throw new RuntimeException(e);
        }
    }
}
{code}

server-side: simple EJB
{code:java}
public class Bean {
    public String invoke() {
        return "server side invocation: success";
    }
}
{code}

--
This message was sent by Atlassian JIRA
(v7.5.0#75005)