| Summary: | EDS adminshell fails to connect to server with IBM JDK | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise SOA Platform 5 | Reporter: | Len DiMaggio <ldimaggi> |
| Component: | EDS | Assignee: | Van Halbert <vhalbert> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 5.1.0.ER7 | CC: | ldimaggi, rareddy, vhalbert |
| Target Milestone: | --- | ||
| Target Release: | 5.1.0 GA | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://jira.jboss.org/jira/browse/SOA-2814 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: |
SOA-P 5.1 ER7 build
java -version
java version "1.6.0"
Java(TM) SE Runtime Environment (build pxi3260sr8-20100409_01(SR8))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux x86-32 jvmxi3260sr8-20100401_55940 (JIT enabled, AOT enabled)
J9VM - 20100401_055940
JIT - r9_20100401_15339
GC - 20100308_AA)
JCL - 20100408_01
uname -a
Linux soa3.qa.atl2.redhat.com 2.6.18-128.4.1.el5 #1 SMP Thu Jul 23 19:59:17 EDT 2009 i686 athlon i386 GNU/Linux
|
|
| Last Closed: | 2011-07-18 20:03:09 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Maybe related to: https://issues.jboss.org/browse/SOA-2309 Link: Added: This issue is related to SOA-2309 We expect the vm to support the TLS_DH_anon_WITH_AES_128_CBC_SHA for anon ssl, which is the default for admin communication. However, with the IBM JDK, it does not support anonymous ciphers. for differences between Sun JDK and IBM JDK, see: http://www.ibm.com/developerworks/java/jdk/security/50/secguides/jsse2Docs/JSSE2RefGuide.html#knowndiffsun There are options: 1) Have the adminshell not use ssl. This would require the changing of the admin connection properties file and turning off ssl. This file will need to be added to the front of the classpath. Also, the Teiid server would need to be changed to non-ssl for admin connections. 2) User has to configure the TrustManager to support annonymous ciphers 3) same as 1 on the client side (unless we put in a change that downgrades the assertionerror to a warning) and have the server use full ssl. Some kind of cert, self-signed or otherwise, would need to be generated. Affects: Added: [Release Notes] Release Notes Docs Status: Added: Documented as Known Issue Release Notes Text: Added: Teiid expects the vm to support the TLS_DH_anon_WITH_AES_128_CBC_SHA for anon ssl, which is the default for admin communication. However, with the IBM JDK, it does not support anonymous ciphers. There are options: 1) Have the adminshell not use ssl. This would require the changing of the admin connection properties file and turning off ssl. This file will need to be added to the front of the classpath. Also, the Teiid server would need to be changed to non-ssl for admin connections. 2) User has to configure the TrustManager to support annonymous ciphers 3) same as 1 on the client side (unless we put in a change that downgrades the assertionerror to a warning) and have the server use full ssl. Some kind of cert, self-signed or otherwise, would need to be generated. For differences between Sun JDK and IBM JDK, see: http://www.ibm.com/developerworks/java/jdk/security/50/secguides/jsse2Docs/JSSE2RefGuide.html#knowndiffsun Van, can you clone this to Teiid. This caused more than required headache already. Link: Added: This issue Cloned to SOA-2952 The issue has be documented in the release notes as to the work around, since this is an issue with the IBM jdk, not Teiid. |
Affects: Release Notes project_key: SOA export JAVA_HOME=/opt/ibm-java-i386-60/jre export PATH=/opt/ibm-java-i386-60/jre/bin/:$PATH sh ./adminshell.sh ====================================================================== Teiid AdminShell Bootstrap Environment TEIID_HOME = /qa/hudson_ws/workspace/teiidAdminShell/BITS/PLATFORM/jdk/openjdk-local/label/RHEL5_x86/jbosssoa/eds/teiid/adminshell CLASSPATH = /qa/hudson_ws/workspace/teiidAdminShell/BITS/PLATFORM/jdk/openjdk-local/label/RHEL5_x86/jbosssoa/eds/teiid/adminshell/lib/patches/*:/qa/hudson_ws/workspace/teiidAdminShell/BITS/PLATFORM/jdk/openjdk-local/label/RHEL5_x86/jbosssoa/eds/teiid/adminshell/lib/teiid-adminshell-7.1.1.jar:/qa/hudson_ws/workspace/teiidAdminShell/BITS/PLATFORM/jdk/openjdk-local/label/RHEL5_x86/jbosssoa/eds/teiid/adminshell/lib/* JAVA = /opt/ibm-java-i386-60/jre/bin/java ====================================================================== ===> [import static org.teiid.adminshell.AdminShell.*; import static org.teiid.adminshell.GroovySqlExtensions.*; import org.teiid.adminapi.*;] Groovy Shell (1.7.2, JVM: 1.6.0) Type 'help' or '\h' for help. ------------------------------------------------------------------------------------------------------------------------------------------ groovy:000> connectAsAdmin("mms://localhost:31443", "admin", "admin", "testing") ERROR java.lang.AssertionError: Assertion failed. at org.teiid.core.util.Assertion.failed (Assertion.java:73) at org.teiid.core.util.Assertion.assertTrue (Assertion.java:68) at org.teiid.core.util.Assertion.assertTrue (Assertion.java:60) at org.teiid.net.socket.SocketUtil.addCipherSuite (SocketUtil.java:135) at org.teiid.net.socket.SocketUtil$SSLSocketFactory.getSocket (SocketUtil.java:85) at org.teiid.net.socket.OioOjbectChannelFactory.createObjectChannel (OioOjbectChannelFactory.java:165) at org.teiid.net.socket.SocketServerInstanceImpl.connect (SocketServerInstanceImpl.java:91) at org.teiid.net.socket.SocketServerConnectionFactory.getServerInstance (SocketServerConnectionFactory.java:276) at org.teiid.net.socket.SocketServerConnection.connect (SocketServerConnection.java:172) at org.teiid.net.socket.SocketServerConnection.selectServerInstance (SocketServerConnection.java:124) at org.teiid.net.socket.SocketServerConnection.<init> (SocketServerConnection.java:94) at org.teiid.net.socket.SocketServerConnectionFactory.getConnection (SocketServerConnectionFactory.java:312) at org.teiid.net.socket.SocketServerConnectionFactory.getConnection (SocketServerConnectionFactory.java:71) at org.teiid.adminapi.AdminFactory$AdminProxy.<init> (AdminFactory.java:53) at org.teiid.adminapi.AdminFactory.createAdmin (AdminFactory.java:159) at org.teiid.adminapi.AdminFactory.createAdmin (AdminFactory.java:149) at org.teiid.adminapi.AdminFactory.createAdmin (AdminFactory.java:120) at org.teiid.adminshell.AdminShell.connectAsAdmin (AdminShell.java:71) at org.teiid.adminshell.AdminShell$connectAsAdmin.callStatic (Unknown Source) at groovysh_evaluate.run (groovysh_evaluate:3) ... groovy:000>