Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-4192

Server-server EJB invocation fails if no security is defined on target bean due to faulty permission check

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.0.0.Beta1, 7.0.0.Final
    • 7.0.0.Alpha4, 7.0.0.Final
    • Security
    • None
    • Hide

      git clone http://git.host.prod.eng.bos.redhat.com/git/jbossqe/eap-tests-ejb.git
      cd eap-tests-ejb/ejb-multi-server-ts/
      git checkout origin/security-exception-anonymous
      mvn clean test -Dtest=ServerToServerCallsFromStatelessToStatefulBean_JBEAP13730_TestCase -Deap.zip=/path/to/jboss-eap-7.1.0.CR4.zip

      Show
      git clone http://git.host.prod.eng.bos.redhat.com/git/jbossqe/eap-tests-ejb.git cd eap-tests-ejb/ejb-multi-server-ts/ git checkout origin/security-exception-anonymous mvn clean test -Dtest=ServerToServerCallsFromStatelessToStatefulBean_JBEAP13730_TestCase -Deap.zip=/path/to/jboss-eap-7.1.0.CR4.zip

    Description

      Customer impact:
      Possibly in testing scenarios, production scenarios will very likely use security.

      Scenario description: Automated test (source code) which does these steps:
      1. starts two servers (with standalone-ha.xml profile, but they don't form a cluster): CLUSTER1_NODE1 and CLUSTER2_NODE1 (the original scenario was simplified from 2 clusters to 2 servers)
      2. creates remote outbound connection on CLUSTER1_NODE1 to CLUSTER2_NODE1:

              <subsystem xmlns="urn:jboss:domain:remoting:4.0">
            <endpoint/>
            <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
            <outbound-connections>
                <remote-outbound-connection name="connection-to-cluster2" outbound-socket-binding-ref="connection-to-cluster2"/>
            </outbound-connections>
        </subsystem>

      3. deletes security-realm="ApplicationRealm" from CLUSTER2_NODE1:

          <subsystem xmlns="urn:jboss:domain:remoting:4.0">
      <endpoint/>
      <http-connector connector-ref="default" name="http-remoting-connector"/>
    </subsystem>

      4. deploys intermediary bean on CLUSTER1_NODE1 (source code) and target bean on CLUSTER2_NODE1 (source code)
      5. invokes intermediary bean with this code:

              final Properties properties = new Properties();
        properties.put(Context.INITIAL_CONTEXT_FACTORY, WildFlyInitialContextFactory.class.getName());
        final InitialContext ejbCtx = new InitialContext(properties);
        final IntermediaryBeanRemote bean = (IntermediaryBeanRemote)ejbCtx
                .lookup("ejb:/bean-intermediary/" + IntermediaryBeanStateless.class.getSimpleName() + "!"
                        + IntermediaryBeanRemote.class.getName());
        for (int i = 0; i < 200; i++) {
            bean.call();
        }

      When intermediary bean tries to invoke target bean, it gets this exception:

      CLUSTER1_NODE1: 09:29:34,536 ERROR [org.jboss.as.ejb3.invocation] (default task-6) WFLYEJB0034: EJB Invocation failed on component IntermediaryBeanStateless for method public abstract void org.jboss.qa.ejb.tests.jbeap10217.beans.IntermediaryBeanRemote.call(): java.lang.SecurityException: WFTXN0013: The peer threw a SecurityException; see peer logs for more information
        at org.wildfly.transaction.client.provider.remoting.TransactionClientChannel.setRollbackOnly(TransactionClientChannel.java:178)
        at org.wildfly.transaction.client.provider.remoting.RemotingRemoteTransactionPeer$1.end(RemotingRemoteTransactionPeer.java:158)
        at org.wildfly.transaction.client.SubordinateXAResource.end(SubordinateXAResource.java:130)
        at com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionImple.doEnd(TransactionImple.java:1089)
        at com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionImple.endAssociation(TransactionImple.java:1060)
        at com.arjuna.ats.internal.jta.resources.arjunacore.XAResourceRecord.endAssociation(XAResourceRecord.java:1287)
        at com.arjuna.ats.internal.jta.resources.arjunacore.XAResourceRecord.topLevelAbort(XAResourceRecord.java:313)
        at com.arjuna.ats.arjuna.coordinator.BasicAction.doAbort(BasicAction.java:3023)
        at com.arjuna.ats.arjuna.coordinator.BasicAction.doAbort(BasicAction.java:3002)
        at com.arjuna.ats.arjuna.coordinator.BasicAction.Abort(BasicAction.java:1674)
        at com.arjuna.ats.arjuna.coordinator.BasicAction.Abort(BasicAction.java:1615)
        at com.arjuna.ats.arjuna.coordinator.TwoPhaseCoordinator.end(TwoPhaseCoordinator.java:99)
        at com.arjuna.ats.arjuna.AtomicAction.commit(AtomicAction.java:162)
        at com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionImple.commitAndDisassociate(TransactionImple.java:1289)
        at com.arjuna.ats.internal.jta.transaction.arjunacore.BaseTransaction.commit(BaseTransaction.java:126)
        at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89)
        at org.wildfly.transaction.client.LocalTransaction.commitAndDissociate(LocalTransaction.java:73)
        at org.wildfly.transaction.client.ContextTransactionManager.commit(ContextTransactionManager.java:71)
        at org.jboss.as.ejb3.tx.CMTTxInterceptor.endTransaction(CMTTxInterceptor.java:92)
        at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:279)
        at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:332)
        at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:240)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
        at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
        at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:89)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
        at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609)
        at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
        at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
        at org.jboss.as.ejb3.remote.AssociationImpl$$Lambda$1232/202321503.apply(Unknown Source)
        at org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:380)
        at org.jboss.as.ejb3.remote.AssociationImpl.invokeWithIdentity(AssociationImpl.java:535)
        at org.jboss.as.ejb3.remote.AssociationImpl.invokeMethod(AssociationImpl.java:530)
        at org.jboss.as.ejb3.remote.AssociationImpl.lambda$receiveInvocationRequest$0(AssociationImpl.java:193)
        at org.jboss.as.ejb3.remote.AssociationImpl$$Lambda$1230/1343168004.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: Remote exception java.lang.SecurityException: WFTXN0088: User anonymous does not have permission ("org.wildfly.transaction.client.RemoteTransactionPermission" "")
        at org.wildfly.transaction.client.provider.remoting.TransactionServerChannel.getSecurityIdentity(TransactionServerChannel.java:745)
        at org.wildfly.transaction.client.provider.remoting.TransactionServerChannel.handleXaTxnRollbackOnly(TransactionServerChannel.java:390)
        at org.wildfly.transaction.client.provider.remoting.TransactionServerChannel$ReceiverImpl.handleMessage(TransactionServerChannel.java:132)
        at org.jboss.remoting3.remote.RemoteConnectionChannel.lambda$handleMessageData$3(RemoteConnectionChannel.java:430)
        at org.jboss.remoting3.remote.RemoteConnectionChannel$$Lambda$901/21589536.run(Unknown Source)
        at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
        at org.jboss.remoting3.EndpointImpl$TrackingExecutor$$Lambda$885/1175809082.run(Unknown Source)
        ... 3 more

      It seems, that transaction client is trying to check the "org.wildfly.transaction.client.RemoteTransactionPermission". This permission is bound to Elytron but Elytron is not running?

      The permission is defined in standalone-ha.xml on CLUSTER2_NODE1:

                <permission-mapping>
            <principal name="anonymous"/>
            <permission module="org.wildfly.extension.batch.jberet" target-name="*" class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission"/>
            <permission module="org.wildfly.transaction.client" class-name="org.wildfly.transaction.client.RemoteTransactionPermission"/>
            <permission module="org.jboss.ejb-client" class-name="org.jboss.ejb.client.RemoteEJBPermission"/>
          </permission-mapping>

      Please check https://github.com/wildfly/wildfly-transaction-client/blob/master/src/main/java/org/wildfly/transaction/client/provider/remoting/TransactionServerChannel.java#L744

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-13730 (7.2.z) Server-server EJB invocation fails if no security is defined on target bean due to faulty permission check

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              jondruse@redhat.com Jiri Ondrusek
              jondruse@redhat.com Jiri Ondrusek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: