Uploaded image for project: 'Red Hat Data Grid'
  1. Red Hat Data Grid
  2. JDG-4688

HotRod does not work with 'Validate' strategy

XMLWordPrintable

      Server does not enable 'EXTERNAL' sasl mechanism for HotRod client when `Validate` strategy is selected via Operator. Rest endpoint works as expected. The same configuration for HotRod client works when `Authenticate` strategy is selected.

      Client config:

      ConfigurationBuilder builder = new ConfigurationBuilder();
         builder.addServer().host(serviceName).port(11222);
         builder.security().authentication().saslMechanism("EXTERNAL").realm("default").serverName("infinispan");
         builder.security().ssl()
                 .keyStoreFileName("/etc/client-secret/keystore").trustStorePassword("password".toCharArray())
                 .trustStoreFileName("/etc/truststore-secret/truststore.p12").keyStorePassword("password".toCharArray());

         RemoteCacheManager rcm = new RemoteCacheManager(builder.build());

      Infinispan CR:

      spec: 
  ...
  security: 
    endpointEncryption: 
      type: secret
      certSecretName: encryption-secret
      clientCert: Validate
      clientCertSecretName: truststore-secret
  ...

      Stacktrace:

      2021-06-29 12:35:40,492 [HotRod-client-async-pool-1-1] INFO  org.infinispan.SECURITY- ISPN000947: Using Java SSL Provider
2021-06-29 12:35:41,437 [http-apr-8080-exec-3] INFO  org.infinispan.HOTROD- ISPN004021: Infinispan version: Infinispan 'Taedonggang' 12.1.4.Final
2021-06-29 12:35:42,130 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:42,305 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:42,516 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:42,674 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:42,887 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:43,029 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:43,179 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:43,353 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:43,542 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:43,674 [HotRod-client-async-pool-1-2] INFO  org.infinispan.HOTROD- ISPN004016: Server not in cluster anymore(datagrid-service:11222), removing from the pool.
2021-06-29 12:35:43,798 [HotRod-client-async-pool-1-2] ERROR org.infinispan.HOTROD- ISPN004007: Exception encountered. Retry 10 out of 10
org.infinispan.client.hotrod.exceptions.TransportException:: java.lang.SecurityException: ISPN004031: The selected authentication mechanism 'EXTERNAL' is not among the supported server mechanisms: []
	at org.infinispan.client.hotrod.impl.transport.netty.ActivationHandler.exceptionCaught(ActivationHandler.java:52)
	at ConfigurationBuilder builder = new ConfigurationBuilder();
         builder.addServer().host(serviceName).port(11222);
         builder.security().authentication().saslMechanism("EXTERNAL").realm("default").serverName("infinispan");
         builder.security().ssl()
                 .keyStoreFileName("/etc/client-secret/keystore").trustStorePassword("password".toCharArray())
                 .trustStoreFileName("/etc/truststore-secret/truststore.p12").keyStorePassword("password".toCharArray());

         RemoteCacheManager rcm = new RemoteCacheManager(builder.build());io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:302)
	at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:281)
	at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:273)
	at io.netty.handler.ssl.SslHandler.exceptionCaught(SslHandler.java:1122)
	at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:302)
	at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:281)
	at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:273)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.exceptionCaught(DefaultChannelPipeline.java:1377)
	at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:302)
	at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:281)
	at io.netty.channel.DefaultChannelPipeline.fireExceptionCaught(DefaultChannelPipeline.java:907)
	at org.infinispan.client.hotrod.impl.transport.netty.AuthHandler.lambda$channelActive$2(AuthHandler.java:86)
	at java.util.concurrent.CompletableFuture.uniExceptionally(CompletableFuture.java:870)
	at java.util.concurrent.CompletableFuture$UniExceptionally.tryFire(CompletableFuture.java:852)
	at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474)
	at java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:1962)
	at org.infinispan.client.hotrod.impl.operations.HotRodOperation.complete(HotRodOperation.java:160)
	at org.infinispan.client.hotrod.impl.operations.AuthMechListOperation.acceptResponse(AuthMechListOperation.java:56)
	at org.infinispan.client.hotrod.impl.transport.netty.HeaderDecoder.decode(HeaderDecoder.java:146)
	at org.infinispan.client.hotrod.impl.transport.netty.HintedReplayingDecoder.callDecode(HintedReplayingDecoder.java:94)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
	at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1504)
	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1253)
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1300)
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508)
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
	at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795)
	at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480)
	at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.SecurityException: ISPN004031: The selected authentication mechanism 'EXTERNAL' is not among the supported server mechanisms: []
	at org.infinispan.client.hotrod.impl.transport.netty.AuthHandler.lambda$channelActive$0(AuthHandler.java:50)
	at java.util.concurrent.CompletableFuture.uniCompose(CompletableFuture.java:952)
	at java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:926)
	... 35 more
java.lang.SecurityException: ISPN004031: The selected authentication mechanism 'EXTERNAL' is not among the supported server mechanisms: []

              remerson@redhat.com Ryan Emerson
              pdrobek@redhat.com Pavel Drobek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: