Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-4668

Transaction recovery of remote ejb calls should not be using static Default AuthenticationContext

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • 10.0.0.Beta9
    • Security
    • None

      The issue WFCORE-4599 removed the `AuthenticationContext` would be static. This started to cause troubles for transaction recovery processing when remote ejb calls are invoked.
      The configuration that was used earlier for server to server ejb calls[1] (used with `-Dwildfly.config.url`) stopped working.
      It was possible to configure the default authentication context in the `standalone.xml` for the whole elytron subsystem (in way like [2]). But this change started to cause threads being stuck on execution of remote ejb calls in WFTC (somewhere here [3]).
      Because of that the WFCORE-4659 reverted back the functionality of static global authentication context. This was rather a bit workaround as the functionality should be rather working as Stuart pointed out

      • Add an explicit config to specify the authentication context used by transaction recovery
      • If this is not set fall back to the default authentication context that is used by deployments
      • If none of the above are set then the auth context should be empty

      [1]

      <configuration>
    <authentication-client xmlns="urn:elytron:1.0">
	<authentication-rules>
            <rule use-configuration="jta">
                <match-abstract-type name="jta" authority="jboss"/>
	    </rule>
        </authentication-rules>
        <authentication-configurations>
	     <configuration name="jta">
                 <sasl-mechanism-selector selector="DIGEST-MD5"/>
                 <providers>
                     <use-service-loader />
	         </providers>
		 <set-user-name name="ejb"/>
	         <credentials>
                      <clear-password password="ejb"/>
	         </credentials>
                 <set-mechanism-realm name="ApplicationRealm" />
             </configuration>
        </authentication-configurations>
    </authentication-client>
</configuration>

      [2]

      <subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto" default-authentication-context="jta">
    <authentication-client>
        <authentication-configuration name="jta" authentication-name="ejb" realm="ApplicationRealm" sasl-mechanism-selector="DIGEST-MD5">
            <credential-reference clear-text="ejb"/>
        </authentication-configuration>
        <authentication-context name="jta">
            <match-rule match-abstract-type-authority="jboss" authentication-configuration="jta"/>
        </authentication-context>
    </authentication-client>

      [3] https://github.com/wildfly/wildfly-transaction-client/blob/master/src/main/java/org/wildfly/transaction/client/provider/remoting/RemotingRemoteTransactionPeer.java#L84

            Unassigned Unassigned
            ochaloup@redhat.com Ondrej Chaloupka (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: