-
Bug
-
Resolution: Done
-
Major
-
1.0.16.Final
-
None
A standalone client application is calling EJBs on a backend server through an Undertow loadbalancer.
The client looks like this:
Properties props = new Properties(); props.put(Context.INITIAL_CONTEXT_FACTORY, WildFlyInitialContextFactory.class.getName()); props.put(Context.PROVIDER_URL, "http://10.0.0.1:9080/wildfly-services"); props.put(Context.SECURITY_PRINCIPAL, "some-user"); props.put(Context.SECURITY_CREDENTIALS, "some-password"); InitialContext ctx = new InitialContext(props); String name="ejb:/playground-jar/JBossManIntClientBean!org.jboss.playground.JBossManIntClient"; JBossManIntClient bean = (JBossManIntClient) ctx.lookup(name);
A client invoking the same EJB twice result in thousands of requests from the balancer to the backend servers, e. g.:
- 13468 times:
INFO [io.undertow.accesslog] (default I/O-3) 10.0.0.1 - - [24/Sep/2019:12:03:03 +0200] "POST /wildfly-services/ejb/v1/invoke/-/playground-jar/-/JBossManIntClientBean/-/org.jboss.playground.JBossManIntClient/getHost HTTP/2.0" 401 77 "-" "-" Cookie: "-" Set-Cookie: "-" SessionID: - Thread: "default I/O-3" TimeTaken: 5063
- 2 times:
INFO [io.undertow.accesslog] (default I/O-3) 10.0.0.1 - - [24/Sep/2019:12:06:53 +0200] "POST /wildfly-services/ejb/v1/invoke/-/playground-jar/-/JBossManIntClientBean/-/org.jboss.playground.JBossManIntClient/getHost HTTP/2.0" 200 155 "-" "-" Cookie: "-" Set-Cookie: "-" SessionID: - Thread: "default I/O-3" TimeTaken: 614
Note: This behavior only occurs if there's more than a single backend server running in a cluster...
- is cloned by
-
JBEAP-18605 [GSS](7.3.z) WEJBHTTP-30 - Thousand of unauthorized requests in between balancer and backend if backend is running in a cluster
- Closed
-
WFLY-13527 Thousand of unauthorized requests in between balancer and backend if backend is running in a cluster
- Closed
- is incorporated by
-
JBEAP-17633 [GSS](7.2.z) WEJBHTTP-30 - Thousand of unauthorized requests in between balancer and backend if backend is running in a cluster
- Closed
-
JBEAP-19618 [GSS](7.3.1 patch) WEJBHTTP-30 - Thousand of unauthorized requests in between balancer and backend if backend is running in a cluster
- Closed
- is related to
-
UNDERTOW-1716 Allow colon in the request cookie value regardless of setting ALLOW_HTTP_SEPARATORS_IN_V0
- Resolved
- relates to
-
WEJBHTTP-39 Validate path when setting session affinity
- Resolved