Uploaded image for project: 'WildFly EJB HTTP Client'
  1. WildFly EJB HTTP Client
  2. WEJBHTTP-80

Digest authentication creates URI with port -1 when using standard ports

XMLWordPrintable

    • Hide

      Just deploy a EJB app application and configure the server to run instandard http (80) or https (443) port. Use the URL without any port to call the EJB using the http client:

          private static RemoteCounter lookupRemoteStatefulCounter(String protocol) throws NamingException {
        AuthenticationConfiguration config = AuthenticationConfiguration.empty().useName("user").usePassword("password");
        AuthenticationContext authenticationContext = AuthenticationContext.empty().with(MatchRule.ALL, config);
        AuthenticationContext.getContextManager().setGlobalDefault(authenticationContext);
        final Hashtable<String, String> jndiProperties = new Hashtable<>();
        jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
        jndiProperties.put(Context.PROVIDER_URL,  "http://localhost/wildfly-services");
        final Context context = new InitialContext(jndiProperties);
        return (RemoteCounter) context.lookup("ejb:/ROOT/CounterBean!"
                + RemoteCounter.class.getName() + "?stateful");
    }

      In my tests I have configured HAProxy as reverse proxy (using standard http port 80) in front of EAP installation (port 8080).

      A sample application is in related JBEAP-23622 but any EJB client/server app can be used.

      Show
      Just deploy a EJB app application and configure the server to run instandard http (80) or https (443) port. Use the URL without any port to call the EJB using the http client: private static RemoteCounter lookupRemoteStatefulCounter( String protocol) throws NamingException { AuthenticationConfiguration config = AuthenticationConfiguration.empty().useName( "user" ).usePassword( "password" ); AuthenticationContext authenticationContext = AuthenticationContext.empty().with(MatchRule.ALL, config); AuthenticationContext.getContextManager().setGlobalDefault(authenticationContext); final Hashtable< String , String > jndiProperties = new Hashtable<>(); jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory" ); jndiProperties.put(Context.PROVIDER_URL, "http: //localhost/wildfly-services" ); final Context context = new InitialContext(jndiProperties); return (RemoteCounter) context.lookup( "ejb:/ROOT/CounterBean!" + RemoteCounter. class. getName() + "?stateful" ); } In my tests I have configured HAProxy as reverse proxy (using standard http port 80) in front of EAP installation (port 8080). A sample application is in related JBEAP-23622 but any EJB client/server app can be used.
    • Hide

      In my tests you can make it work configuring the client specifying the default port in the URL. For example:

      jndiProperties.put(Context.PROVIDER_URL,  "http://localhost:80/wildfly-services");
      Show
      In my tests you can make it work configuring the client specifying the default port in the URL. For example: jndiProperties.put(Context.PROVIDER_URL, "http: //localhost:80/wildfly-services" );

      When the EJB server is running in standard http (80) or https (443) port the digest uri used for authentication is generated with port -1 if the port is not specified. This triggers error in the subsequent authentication as the URI seen by the server is different to the one in the request (this check is done in the server inside elytron code). Generating this error at server side:

      TRACE [org.wildfly.security] (default task-2) Handling AuthenticationCompleteCallback: fail
DEBUG [io.undertow.request.security] (default task-2) Authentication failed with message ELY05169: [DIGEST] Clients response token does not match expected token and mechanism DIGEST for HttpServerExchange{ POST /wildfly-services/ejb/v1/open/-/ROOT/-/CounterBean}

      In the client side the request just fails with error 400 (bad request):

      java.io.IOException: WFHTTP000005: Invalid response code 400 (full response ClientResponse{responseHeaders={content-length=[76], content-type=[text/html], date=[Fri, 27 May 2022 07:04:15 GMT]}, responseCode=400, status='', protocol=HTTP/2.0})
	at org.wildfly.httpclient.common.HttpTargetContext$2$1.lambda$completed$4(HttpTargetContext.java:247)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
	at java.base/java.lang.Thread.run(Thread.java:829)

      In my EJB example the URI sent by the client in the digest auth is: http://localhost:-1/wildfly-services/ejb/v1/open/-/ROOT/-/CounterBean. Note the -1 instead of none (80).

              rhn-support-rmartinc Ricardo Martin Camarero
              rhn-support-rmartinc Ricardo Martin Camarero
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: