[jboss-jira] [JBoss JIRA] (WFLY-9973) WildFly 12 IIOP always requires SSL

Wed Mar 21 06:42:01 EDT 2018

     [ https://issues.jboss.org/browse/WFLY-9973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ivan Straka updated WFLY-9973:
------------------------------
    Attachment:     (was: server-side.war)


> WildFly 12 IIOP always requires SSL
> -----------------------------------
>
>                 Key: WFLY-9973
>                 URL: https://issues.jboss.org/browse/WFLY-9973
>             Project: WildFly
>          Issue Type: Bug
>          Components: IIOP
>    Affects Versions: 11.0.0.Final, 12.0.0.Final
>            Reporter: Ivan Straka
>            Assignee: Tomasz Adamski
>
> When app deployed to WF 10.1 calls an EJB deployed to WF 12.0 via IIOP, the call will fail because WF 12.0 responds (Location Forward message - GIOP protocol) that It requires SSL even if It does not (to the best of my knowledge).
> WF 12.0 standard IIOP subystem configuration:
> {code:xml}
>         <subsystem xmlns="urn:jboss:domain:iiop-openjdk:2.0">
>             <orb socket-binding="iiop"/>
>             <initializers security="identity" transactions="spec"/>
>             <security server-requires-ssl="false" client-requires-ssl="false"/>
>         </subsystem>
> {code}
> It is observable [here|https://github.com/wildfly/wildfly/blob/10.1.0.Final/iiop-openjdk/src/main/java/org/wildfly/iiop/openjdk/csiv2/CSIV2IORToSocketInfo.java#L142] (client side debugging). ssl.target_requires is true and ssl.target_supports is false.
> This does not happen when 
> * server side is WF 10.1 - ssl.target_requires is false and ssl.target_supports is true.
> * client side is WF 12.0 - it works due to better condition at client side [here|https://github.com/wildfly/wildfly/blob/12.0.0.Final/iiop-openjdk/src/main/java/org/wildfly/iiop/openjdk/csiv2/CSIV2IORToSocketInfo.java#L138] which results to not using SSL
> If IIOP subsystem is configured to use iiop ssl socket, It will work - EAP just does not responds correctly if ssl is not configured.
> It is possible that I have malconfigured server side EAP and I am missing something.
> Deployments used as reproducers are simple.
> client-side: simple servlet that calls an EJB
> {code:java}
> @WebServlet(urlPatterns = "/")
> public class ClientServlet extends HttpServlet {
>     @Override
>     protected void doGet(HttpServletRequest req, HttpServletResponse resp)
>             throws ServletException, IOException {
>         try {
>             Context ctx = new InitialContext(new Properties());
>             Object iiopObj = ctx.lookup("corbaname:iiop:127.0.0.1:3628#Bean");
>             BeanHome home = (BeanHome) PortableRemoteObject.narrow(iiopObj, BeanHome.class);
>             BeanRemote beanRemote = home.create();
>             String string = beanRemote.invoke();
>             System.out.println("Bean obtained by IIOP returned: " + string);
>             resp.getWriter().append("Bean obtained by IIOP returned: ").append(string).append("\n");
>         } catch (Exception e) {
>             resp.getWriter().append("Calling bean failed: ");
>             e.printStackTrace(resp.getWriter());
>             throw new RuntimeException(e);
>         }
>     }
> }
> {code}
> server-side: simple EJB
> {code:java}
> public class Bean {
>     public String invoke() {
>         return "server side invocation: success";
>     }
> }
> {code}


--
This message was sent by Atlassian JIRA
(v7.5.0#75005)