Bug 1038368

Summary: Remote API should use serialization or other static version identifier rather then values that may or may not be defined in a MANIFEST.MF file
Product: [JBoss] JBoss Operations Network Reporter: Larry O'Leary <loleary>
Component: CLIAssignee: RHQ Project Maintainer <rhq-maint>
Status: CLOSED WONTFIX QA Contact: Mike Foley <mfoley>
Severity: medium Docs Contact:
Priority: unspecified    
Version: JON 3.2CC: fbrychta, jshaughn
Target Milestone: ---   
Target Release: JON 3.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1038364 Environment:
Last Closed: 2019-03-07 16:10:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Larry O'Leary 2013-12-05 01:45:51 UTC 
Description of problem:
As seen in Bug #1038364, the manifest headers defined in the remote API JAR's MANIFEST.MF are unreliable and potentially unstable. For example, through compilation of a user application based on Maven, it is possible that an Implementation-Version manifest header could be loaded from the wrong RHQ version based on an incorrectly configured repository or other user introduced errors. 

Additionally, when the remote API is consumed by clients in an embedded form, the original JAR's manifest is not even used.

Commit https://git.fedorahosted.org/cgit/rhq/rhq.git/commit/?id=66fd59f643fdf8f39f199129711d77dfbd5ccbc7 introduced a new method named checkServerSupported which expects a manifest to exist that defines Implementation-Version. However, this is only true when the client libraries are packaged by the JBoss ON or RHQ build systems and do not reflect user or other third-party packaging mechanisms or requirements. 

Instead, the expectation is that an API enforces compatibility based on forward and backward implementation logic based on API levels (major and minor) that determine the level of support of the client and the server. This scheme is normally implemented using a serialization version identifier stored in the class itself or some other static version stored in the class itself.
Comment 1 Jay Shaughnessy 2014-09-05 19:02:31 UTC 
I think we used to have a very strict check and moved away from it. Perhaps we should revisit.  This won't make 3.3.0.
Comment 2 Filip Brychta 2019-03-07 16:10:39 UTC 
JBoss ON is coming to the end of its product life cycle. For more information regarding this transition, see https://access.redhat.com/articles/3827121.
This bug report/request is being closed. If you feel this issue should not be closed or requires further review, please create a new bug report against the latest supported JBoss ON 3.3 version.