[jboss-jira] [JBoss JIRA] (WFLY-9973) WildFly 12 IIOP always requires SSL

Ivan Straka (JIRA) issues at jboss.org
Wed Mar 7 09:29:00 EST 2018 

     [ https://issues.jboss.org/browse/WFLY-9973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ivan Straka updated WFLY-9973:
------------------------------
    Steps to Reproduce: 
Lets have two server, WF 10.1 (client role), WF 12.0 (server role)
# deploy client-side.war to WF 10.1
# deploy server-side.jar to WF 12.0
# start  WF 10.1 with command "./bin/standalone.sh -c standalone-full.xml -Djboss.node.name=1"
# start  WF 12.0 with command "./bin/standalone.sh -c standalone-full.xml -Djboss.node.name=2 -Djboss.socket.binding.port-offset=100"
# access localhost:8080 to run the scenario

You can see in WF 10.1 console output that it has got into infinite loop trying to connect to unaccessible IIOP SSL socket.

  was:
Lets have two server, WF 10.1 (client role), WF 12.0 (server role)
# deploy client-side.war to WF 10.1
# deploy server-side.jar to WF 12.0
# start  WF 10.1 with command "./bin/standalone.sh -c standalone-full.xml -Djboss.node.name=1"
# start  WF 12.0 with command "./bin/standalone.sh -c standalone-full.xml -Djboss.node.name=2 -Djboss.socket.binding.port-offset=100"
# access localhost:8080 to run the scenario

You can see in WF 10.1 console output that it has got into infinite loop trying to connect to IIOP SSL socket which is not accessible.



> WildFly 12 IIOP always requires SSL
> -----------------------------------
>
>                 Key: WFLY-9973
>                 URL: https://issues.jboss.org/browse/WFLY-9973
>             Project: WildFly
>          Issue Type: Bug
>          Components: IIOP
>    Affects Versions: 11.0.0.Final, 12.0.0.Final
>            Reporter: Ivan Straka
>            Assignee: Tomasz Adamski
>
> When app deployed to WF 10.1 calls an EJB deployed to WF 12.0 via IIOP, the call will fail because WF 12.0 responds (Location Forward message - GIOP protocol) that It requires SSL even if It does not (to the best of my knowledge).
> WF 12.0 standard IIOP subystem configuration:
> {code:xml}
>         <subsystem xmlns="urn:jboss:domain:iiop-openjdk:2.0">
>             <orb socket-binding="iiop"/>
>             <initializers security="identity" transactions="spec"/>
>             <security server-requires-ssl="false" client-requires-ssl="false"/>
>         </subsystem>
> {code}
> It is observable [here|https://github.com/wildfly/wildfly/blob/10.1.0.Final/iiop-openjdk/src/main/java/org/wildfly/iiop/openjdk/csiv2/CSIV2IORToSocketInfo.java#L142] (client side debugging). ssl.target_requires is true and ssl.target_supports is false.
> This does not happen when 
> * server side is WF 10.1 - ssl.target_requires is false and ssl.target_supports is true.
> * client side is WF 12.0 - it works due to better condition at client side [here|https://github.com/wildfly/wildfly/blob/12.0.0.Final/iiop-openjdk/src/main/java/org/wildfly/iiop/openjdk/csiv2/CSIV2IORToSocketInfo.java#L138] which results to not using SSL
> If IIOP subsystem is configured to use iiop ssl socket, It will work - EAP just does not responds correctly if ssl is not configured.
> It is possible that I have malconfigured server side EAP and I am missing something.
> Deployments used as reproducers are simple.
> client-side: simple servlet that calls an EJB
> {code:java}
> @WebServlet(urlPatterns = "/")
> public class ClientServlet extends HttpServlet {
>     @Override
>     protected void doGet(HttpServletRequest req, HttpServletResponse resp)
>             throws ServletException, IOException {
>         try {
>             Context ctx = new InitialContext(new Properties());
>             Object iiopObj = ctx.lookup("corbaname:iiop:127.0.0.1:3628#Bean");
>             BeanHome home = (BeanHome) PortableRemoteObject.narrow(iiopObj, BeanHome.class);
>             BeanRemote beanRemote = home.create();
>             String string = beanRemote.invoke();
>             System.out.println("Bean obtained by IIOP returned: " + string);
>             resp.getWriter().append("Bean obtained by IIOP returned: ").append(string).append("\n");
>         } catch (Exception e) {
>             resp.getWriter().append("Calling bean failed: ");
>             e.printStackTrace(resp.getWriter());
>             throw new RuntimeException(e);
>         }
>     }
> }
> {code}
> server-side: simple EJB
> {code:java}
> public class Bean {
>     public String invoke() {
>         return "server side invocation: success";
>     }
> }
> {code}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list