Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-9978

resource adapter sometimes fails to start when it uses legacy security-domain

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 11.0.0.Final, 12.0.0.Final
    • Fix Version/s: 14.0.0.Beta2
    • Component/s: JCA
    • Labels:
    • Environment:

      WildFly 11
      JBoss EAP 7.1.0

    • Steps to Reproduce:
      Hide
      1. Configure legacy security domain and resource adapter as below or use attached standalone.xml
      2. Start server few times, reproducible in ~ 1 of 7 starts
        <resource-adapter id="generic-jms-ra">
            <module slot="main" id="org.jboss.genericjms"/>
            <transaction-support>LocalTransaction</transaction-support>
            <connection-definitions>
                <connection-definition class-name="org.jboss.resource.adapter.jms.JmsManagedConnectionFactory" jndi-name="java:/jms/TibcoEmsLocalTxFactory" enabled="true" use-java-context="true" pool-name="GenericJmsXA" use-ccm="true">
                    <config-property name="ConnectionFactory">
                        QueueConnectionFactory
                    </config-property>
                    <config-property name="SessionDefaultType">
                        javax.jms.Queue
                    </config-property>
                    <config-property name="JndiParameters">
                        java.naming.factory.initial=com.tibco.tibjms.naming.TibjmsInitialContextFactory;java.naming.provider.url=tcp:/xxxxx
                    </config-property>
                    <pool>
                        <min-pool-size>0</min-pool-size>
                        <max-pool-size>20</max-pool-size>
                        <prefill>false</prefill>
                        <use-strict-min>false</use-strict-min>
                        <flush-strategy>FailingConnectionOnly</flush-strategy>
                    </pool>
                    <security>
                        <security-domain-and-application>TibcoEmsRealm</security-domain-and-application>
                    </security>
                </connection-definition>
            </connection-definitions>
        </resource-adapter>
        
        <security-domain name="TibcoEmsRealm" cache-type="default">
            <authentication>
                <login-module code="ConfiguredIdentity" flag="required">
                    <module-option name="principal" value="xxxx"/>
                    <module-option name="userName" value="xxxx"/>
                    <module-option name="password" value="xxxx"/>
                </login-module>
            </authentication>
        </security-domain>
        
      Show
      Configure legacy security domain and resource adapter as below or use attached standalone.xml Start server few times, reproducible in ~ 1 of 7 starts <resource-adapter id= "generic-jms-ra" > <module slot= "main" id= "org.jboss.genericjms" /> <transaction-support> LocalTransaction </transaction-support> <connection-definitions> <connection-definition class-name= "org.jboss.resource.adapter.jms.JmsManagedConnectionFactory" jndi-name= "java:/jms/TibcoEmsLocalTxFactory" enabled= "true" use-java-context= "true" pool-name= "GenericJmsXA" use-ccm= "true" > <config-property name= "ConnectionFactory" > QueueConnectionFactory </config-property> <config-property name= "SessionDefaultType" > javax.jms.Queue </config-property> <config-property name= "JndiParameters" > java.naming.factory.initial=com.tibco.tibjms.naming.TibjmsInitialContextFactory;java.naming.provider.url=tcp:/xxxxx </config-property> <pool> <min-pool-size> 0 </min-pool-size> <max-pool-size> 20 </max-pool-size> <prefill> false </prefill> <use-strict-min> false </use-strict-min> <flush-strategy> FailingConnectionOnly </flush-strategy> </pool> <security> <security-domain-and-application> TibcoEmsRealm </security-domain-and-application> </security> </connection-definition> </connection-definitions> </resource-adapter> <security-domain name= "TibcoEmsRealm" cache-type= "default" > <authentication> <login-module code= "ConfiguredIdentity" flag= "required" > <module-option name= "principal" value= "xxxx" /> <module-option name= "userName" value= "xxxx" /> <module-option name= "password" value= "xxxx" /> </login-module> </authentication> </security-domain>
    • Workaround Description:
      Hide

      possible workaround might be to replace legacy security with elytron

      Show
      possible workaround might be to replace legacy security with elytron

      Description

      When resource adapter is configured with legacy security domain, it sometimes fails to start.

      Error:

      2018-03-07 16:04:34,300 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 62) MSC000001: Failed to start service jboss.ra.deployment."org.jboss.genericjms:main_generic-jms-ra": org.jboss.msc.service.StartException in service jboss.ra.deployment."org.jboss.genericjms:main_generic-jms-ra": WFLYJCA0046: Failed to start RA deployment [generic-jms-ra]
      	at org.jboss.as.connector.services.resourceadapters.deployment.AbstractResourceAdapterDeploymentService$2.run(AbstractResourceAdapterDeploymentService.java:332)
      	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1349)
      	at java.lang.Thread.run(Thread.java:748)
      	at org.jboss.threads.JBossThread.run(JBossThread.java:485)
      Caused by: org.jboss.jca.deployers.common.DeployException: IJ020056: Deployment failed: file:/tmp/wildfly-13.0.0.Alpha1-SNAPSHOT/modules/system/layers/base/org/jboss/genericjms/main/
      	at org.jboss.jca.deployers.common.AbstractResourceAdapterDeployer.createObjectsAndInjectValue(AbstractResourceAdapterDeployer.java:2064)
      	at org.jboss.as.connector.services.resourceadapters.deployment.ResourceAdapterXmlDeploymentService$WildFlyRaXmlDeployer.doDeploy(ResourceAdapterXmlDeploymentService.java:173)
      	at org.jboss.as.connector.services.resourceadapters.deployment.ResourceAdapterXmlDeploymentService.start(ResourceAdapterXmlDeploymentService.java:116)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1714)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1693)
      	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1540)
      	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: java.lang.IllegalStateException
      	at org.jboss.msc.value.InjectedValue.getValue(InjectedValue.java:47)
      	at org.jboss.as.connector.services.resourceadapters.deployment.AbstractResourceAdapterDeploymentService$AbstractWildFlyRaDeployer.getSubjectFactory(AbstractResourceAdapterDeploymentService.java:635)
      	at org.jboss.jca.deployers.common.AbstractResourceAdapterDeployer.createObjectsAndInjectValue(AbstractResourceAdapterDeployer.java:1666)
      	... 10 more
      

      Full logs for good and bad start with enabled trace logging for org.jboss.as.connector, org.jboss.as.security and org.jboss.security are attached.

      Priority set to blocker because it seems to be regression against WildFly 10 (and JBoss EAP 7.0.0) where I wasn't able to reproduce this.

        Gliffy Diagrams

          Attachments

          1. bad.txt
            54 kB
          2. good.txt
            55 kB
          3. standalone.xml
            30 kB

            Issue Links

              Activity

                People

                • Assignee:
                  maeste Stefano Maestri
                  Reporter:
                  simkam Martin Simka
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  9 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: