Uploaded image for project: 'WildFly WIP'
  1. WildFly WIP
  2. WFWIP-92

SNI - circular dependency causes server to crash

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • Hide

      Note: application.keystore has to be present in standalone/configuration server directory

      /subsystem=elytron/key-store=ks:add(credential-reference={clear-text=password},type=JKS,relative-to=jboss.server.config.dir,path=application.keystore)
/subsystem=elytron/key-manager=km:add(credential-reference={clear-text=password},key-store=ks)
/subsystem=elytron/server-ssl-context=srvSslCtx:add(key-manager=km)
/subsystem=elytron/server-ssl-sni-context=srvSniSslCtx:add(default-ssl-context=srvSslCtx)
batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=srvSniSslCtx)
run-batch
reload
/subsystem=elytron/server-ssl-sni-context=srvSniSslCtx/sni-mapping=server:add(ssl-context=srvSniSslCtx)
reload
      Show
      Note: application.keystore has to be present in standalone/configuration server directory /subsystem=elytron/key-store=ks:add(credential-reference={clear-text=password},type=JKS,relative-to=jboss.server.config.dir,path=application.keystore) /subsystem=elytron/key-manager=km:add(credential-reference={clear-text=password},key-store=ks) /subsystem=elytron/server-ssl-context=srvSslCtx:add(key-manager=km) /subsystem=elytron/server-ssl-sni-context=srvSniSslCtx:add( default -ssl-context=srvSslCtx) batch /subsystem=undertow/server= default -server/https-listener=https:undefine-attribute(name=security-realm) /subsystem=undertow/server= default -server/https-listener=https:write-attribute(name=ssl-context,value=srvSniSslCtx) run-batch reload /subsystem=elytron/server-ssl-sni-context=srvSniSslCtx/sni-mapping=server:add(ssl-context=srvSniSslCtx) reload

      When I try to utilize recently added server-ssl-sni-context and put its reference again in the sni-mapping, after a server reload the server completely crash and one has to restore configuration manually:

      command example
      /subsystem=elytron/server-ssl-sni-context=srvSniSslCtx/sni-mapping=server:add(ssl-context=srvSniSslCtx)
      server.log output
      22:58:51,998 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 44) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-sni-context" => "srvSniSslCtx")
]): org.jboss.msc.service.CircularDependencyException: Container jboss-as has a circular dependency: [service org.wildfly.security.ssl-context.srvSniSslCtx]
	at org.jboss.msc.service.ServiceContainerImpl.detectCircularity(ServiceContainerImpl.java:803)
	at org.jboss.msc.service.ServiceContainerImpl.detectCircularity(ServiceContainerImpl.java:784)
	at org.jboss.msc.service.ServiceContainerImpl.install(ServiceContainerImpl.java:761)
	at org.jboss.msc.service.ServiceTargetImpl.install(ServiceTargetImpl.java:260)
	at org.jboss.msc.service.ServiceControllerImpl$ChildServiceTarget.install(ServiceControllerImpl.java:2056)
	at org.jboss.msc.service.ServiceTargetImpl.install(ServiceTargetImpl.java:260)
	at org.jboss.msc.service.ServiceControllerImpl$ChildServiceTarget.install(ServiceControllerImpl.java:2056)
	at org.jboss.msc.service.ObsoleteServiceBuilderImpl.install(ObsoleteServiceBuilderImpl.java:293)
	at org.jboss.as.controller.OperationContextImpl.installService(OperationContextImpl.java:2034)
	at org.jboss.as.controller.OperationContextImpl.access$600(OperationContextImpl.java:132)
	at org.jboss.as.controller.OperationContextImpl$2$1.installService(OperationContextImpl.java:761)
	at org.jboss.as.controller.OperationContextImpl$ContextServiceBuilder.install(OperationContextImpl.java:2165)
	at org.jboss.msc.service.DelegatingServiceBuilder.install(DelegatingServiceBuilder.java:104)
	at org.wildfly.extension.elytron.TrivialAddHandler.performRuntime(TrivialAddHandler.java:72)
	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:159)
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
	at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1349)
	at java.lang.Thread.run(Thread.java:748)
	at org.jboss.threads.JBossThread.run(JBossThread.java:485)

      I understand that such configuration does not make sense, although it would be nice if we could detect this problem ahead to avoid server crush. Is it possible?

            sdouglas1@redhat.com Stuart Douglas
            jstourac@redhat.com Jan Stourac
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: