Uploaded image for project: 'EJB Client Library (AS7+)'
  1. EJB Client Library (AS7+)
  2. EJBCLIENT-221

Cluster-based security credentials not being accessed

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 4.0.15.Final
    • 4.0.0.Beta25
    • None

    Description

      The EJBClient invocation mechanism makes use of Remoting Connections from the client to a remote node when making invocations.

      In order to obtain a connection, RemoteEJBReceiver calls getConnection(URI uri, AuthenticationConfiguration ac, SSLContext ssl) and so must pass general security credentials (AuthenticationConfiguration) and an SSLContext as well if required:

      IoFuture<ConnectionPeerIdentity> getConnection(final EJBLocator<T> locator, AuthenticationConfiguration authenticationConfiguration, SSLContext sslContext)

      The AuthenticaionConfiguartion (for example) is obtained from the AuthenticationContext, with the help of the AuthenticationContextConfigurationClient:

      if (authenticationConfiguration == null) {
    authenticationConfiguration = CLIENT.getAuthenticationConfiguration(target, AuthenticationContext.captureCurrent(), -1, "ejb", "jboss");
}

      The AuthenticationContext is a repository of RuleNodes which describe the way in which we can match invocation requirements (like sending to a specific target URI) to configured AuthenticationConfigurations that we know about.

      The default AuthenticationContext is set up by populating an AuthenticationContext with security credentials from either an Elytron configuration file or the legacy jboss-ejb-client.properties file.

      The class LegacyElytronConfiguration is used to parse a jboss-ejb-client.properties file and create RuleNodes Rule/AuthenticationConfiguration pairs based on the connections, clusters and cluster nodes defined in that file. The generated rules can be matched on these elemsnts:

      connections:
-  match on host:<host>, port:<port> 
- to yield username, realm, password, callbackHandler, mechamismProps
clusters:
- match on protocol:"cluster", urnName:<cluster name> 
- to yield username, realm, password, callbackHandler, mechamismProps
cluster nodes:
- match on protocol:"node", urnName:<node name> 
- to yield username, realm, password, callbackHandler, mechamismProps

      These rules are generated, and available in the default AuthenticationContext, but do not seem to be incorporated into the authentication mechanism for making invocations on clusters.

      Attachments

        Issue Links

          is incorporated by

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) EJBCLIENT-228 Update performLocatedAction/discoverAffinity* to include additional information

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              rachmato@redhat.com Richard Achmatowicz
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: