Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-4668

Transaction recovery of remote ejb calls should not be using static Default AuthenticationContext



    • Bug
    • Resolution: Unresolved
    • Critical
    • None
    • 10.0.0.Beta9
    • Security
    • None


      The issue WFCORE-4599 removed the `AuthenticationContext` would be static. This started to cause troubles for transaction recovery processing when remote ejb calls are invoked.
      The configuration that was used earlier for server to server ejb calls[1] (used with `-Dwildfly.config.url`) stopped working.
      It was possible to configure the default authentication context in the `standalone.xml` for the whole elytron subsystem (in way like [2]). But this change started to cause threads being stuck on execution of remote ejb calls in WFTC (somewhere here [3]).
      Because of that the WFCORE-4659 reverted back the functionality of static global authentication context. This was rather a bit workaround as the functionality should be rather working as Stuart pointed out

      • Add an explicit config to specify the authentication context used by transaction recovery
      • If this is not set fall back to the default authentication context that is used by deployments
      • If none of the above are set then the auth context should be empty


          <authentication-client xmlns="urn:elytron:1.0">
                  <rule use-configuration="jta">
                      <match-abstract-type name="jta" authority="jboss"/>
      	     <configuration name="jta">
                       <sasl-mechanism-selector selector="DIGEST-MD5"/>
                           <use-service-loader />
      		 <set-user-name name="ejb"/>
                            <clear-password password="ejb"/>
                       <set-mechanism-realm name="ApplicationRealm" />


      <subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto" default-authentication-context="jta">
              <authentication-configuration name="jta" authentication-name="ejb" realm="ApplicationRealm" sasl-mechanism-selector="DIGEST-MD5">
                  <credential-reference clear-text="ejb"/>
              <authentication-context name="jta">
                  <match-rule match-abstract-type-authority="jboss" authentication-configuration="jta"/>

      [3] https://github.com/wildfly/wildfly-transaction-client/blob/master/src/main/java/org/wildfly/transaction/client/provider/remoting/RemotingRemoteTransactionPeer.java#L84


        Issue Links



              Unassigned Unassigned
              ochaloup@redhat.com Ondrej Chaloupka (Inactive)
              0 Vote for this issue
              4 Start watching this issue