Red Hat Bugzilla – Bug 1259902
[GSS] (6.4.z) EJB IOR contains wrong port (non-SSL port) information when SSL is required
Last modified: 2017-03-23 04:23:04 EDT
Description of problem:
- Configure JBoss to only allow IIOP connections over SSL
- It is possible to do this, but the configuration is confusing (possibly a bug)
Details of the setup/issue:
- When enabling SSL for jacorb, it normally listens on both the non-ssl port and the ssl port
- Setting server-requires="ServerAuth" causes the server to stop listening on non-ssl port
- However, the IOR tells client to connect to non-ssl port ...even though its not listening on it
String lookup = "corbaname:iiop:" + host + ":" + port +"#" + ejbLookupPath;
// lookup the IIOP EJB
Object iiopObj = ctx.lookup(lookup);
// the call to the EJB will fail due to the port being wrong non-ssl vs ssl
- The workaround is to use the following ior-setting to correct the port settings in the IOR
- Shouldn't setting "server-requires=ServerAuth" change the port info in the IOR?
JacORB's dior util can be used to print out the IOR
"Shouldn't setting "server-requires=ServerAuth" change the port info in the IOR?"
Yes this is a bug and I will prepare the fix that works this way.
Tomasz Adamski <email@example.com> updated the status of jira WFLY-5274 to Closed
I am not able to reproduce the issue. According to code revision fix is included.
Included test case does not test the issue.
Verified with EAP 6.4.14.CP.CR2
Released with EAP 6.4.14 on March 14 (ZIPs) and March 22 (RPMs).