Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-4668

Transaction recovery of remote ejb calls should not be using static Default AuthenticationContext

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Critical
    • Resolution: Unresolved
    • 10.0.0.Beta9
    • None
    • Security
    • None

    Description

      The issue WFCORE-4599 removed the `AuthenticationContext` would be static. This started to cause troubles for transaction recovery processing when remote ejb calls are invoked.
      The configuration that was used earlier for server to server ejb calls[1] (used with `-Dwildfly.config.url`) stopped working.
      It was possible to configure the default authentication context in the `standalone.xml` for the whole elytron subsystem (in way like [2]). But this change started to cause threads being stuck on execution of remote ejb calls in WFTC (somewhere here [3]).
      Because of that the WFCORE-4659 reverted back the functionality of static global authentication context. This was rather a bit workaround as the functionality should be rather working as Stuart pointed out

      • Add an explicit config to specify the authentication context used by transaction recovery
      • If this is not set fall back to the default authentication context that is used by deployments
      • If none of the above are set then the auth context should be empty

      [1]

      <configuration>
          <authentication-client xmlns="urn:elytron:1.0">
      	<authentication-rules>
                  <rule use-configuration="jta">
                      <match-abstract-type name="jta" authority="jboss"/>
      	    </rule>
              </authentication-rules>
              <authentication-configurations>
      	     <configuration name="jta">
                       <sasl-mechanism-selector selector="DIGEST-MD5"/>
                       <providers>
                           <use-service-loader />
      	         </providers>
      		 <set-user-name name="ejb"/>
      	         <credentials>
                            <clear-password password="ejb"/>
      	         </credentials>
                       <set-mechanism-realm name="ApplicationRealm" />
                   </configuration>
              </authentication-configurations>
          </authentication-client>
      </configuration>
      

      [2]

      <subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto" default-authentication-context="jta">
          <authentication-client>
              <authentication-configuration name="jta" authentication-name="ejb" realm="ApplicationRealm" sasl-mechanism-selector="DIGEST-MD5">
                  <credential-reference clear-text="ejb"/>
              </authentication-configuration>
              <authentication-context name="jta">
                  <match-rule match-abstract-type-authority="jboss" authentication-configuration="jta"/>
              </authentication-context>
          </authentication-client>
      

      [3] https://github.com/wildfly/wildfly-transaction-client/blob/master/src/main/java/org/wildfly/transaction/client/provider/remoting/RemotingRemoteTransactionPeer.java#L84

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              ochaloup@redhat.com Ondrej Chaloupka
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: