Bug 780392 (SOA-2814) - EDS adminshell fails to connect to server with IBM JDK
Summary: EDS adminshell fails to connect to server with IBM JDK
Keywords:
Status: CLOSED NEXTRELEASE
Alias: SOA-2814
Product: JBoss Enterprise SOA Platform 5
Classification: JBoss
Component: EDS
Version: 5.1.0.ER7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 5.1.0 GA
Assignee: Van Halbert
QA Contact:
URL: http://jira.jboss.org/jira/browse/SOA...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-19 17:18 UTC by Len DiMaggio
Modified: 2011-07-18 20:03 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
SOA-P 5.1 ER7 build java -version java version "1.6.0" Java(TM) SE Runtime Environment (build pxi3260sr8-20100409_01(SR8)) IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux x86-32 jvmxi3260sr8-20100401_55940 (JIT enabled, AOT enabled) J9VM - 20100401_055940 JIT - r9_20100401_15339 GC - 20100308_AA) JCL - 20100408_01 uname -a Linux soa3.qa.atl2.redhat.com 2.6.18-128.4.1.el5 #1 SMP Thu Jul 23 19:59:17 EDT 2009 i686 athlon i386 GNU/Linux
Last Closed: 2011-07-18 20:03:09 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 779949 0 high CLOSED SOA-P EDS Adminshell interpreter is not handling annotations Groovy scripts 2021-02-22 00:41:40 UTC
Red Hat Issue Tracker SOA-2814 0 None Closed EDS adminshell fails to connect to server with IBM JDK 2012-03-07 15:43:48 UTC
Red Hat Issue Tracker TEIID-1488 0 None Closed EDS adminshell fails to connect to server with IBM JDK 2012-03-07 15:43:48 UTC

Internal Links: 779949

Description Len DiMaggio 2011-01-19 17:18:37 UTC 
Affects: Release Notes
project_key: SOA

export JAVA_HOME=/opt/ibm-java-i386-60/jre
export PATH=/opt/ibm-java-i386-60/jre/bin/:$PATH

sh ./adminshell.sh 
======================================================================

  Teiid AdminShell Bootstrap Environment

  TEIID_HOME  = /qa/hudson_ws/workspace/teiidAdminShell/BITS/PLATFORM/jdk/openjdk-local/label/RHEL5_x86/jbosssoa/eds/teiid/adminshell
  CLASSPATH   = /qa/hudson_ws/workspace/teiidAdminShell/BITS/PLATFORM/jdk/openjdk-local/label/RHEL5_x86/jbosssoa/eds/teiid/adminshell/lib/patches/*:/qa/hudson_ws/workspace/teiidAdminShell/BITS/PLATFORM/jdk/openjdk-local/label/RHEL5_x86/jbosssoa/eds/teiid/adminshell/lib/teiid-adminshell-7.1.1.jar:/qa/hudson_ws/workspace/teiidAdminShell/BITS/PLATFORM/jdk/openjdk-local/label/RHEL5_x86/jbosssoa/eds/teiid/adminshell/lib/*
  JAVA        = /opt/ibm-java-i386-60/jre/bin/java

======================================================================

===> [import static org.teiid.adminshell.AdminShell.*; import static org.teiid.adminshell.GroovySqlExtensions.*; import org.teiid.adminapi.*;]
Groovy Shell (1.7.2, JVM: 1.6.0)
Type 'help' or '\h' for help.
------------------------------------------------------------------------------------------------------------------------------------------
groovy:000> connectAsAdmin("mms://localhost:31443", "admin", "admin", "testing")
ERROR java.lang.AssertionError:
Assertion failed.
        at org.teiid.core.util.Assertion.failed (Assertion.java:73)
        at org.teiid.core.util.Assertion.assertTrue (Assertion.java:68)
        at org.teiid.core.util.Assertion.assertTrue (Assertion.java:60)
        at org.teiid.net.socket.SocketUtil.addCipherSuite (SocketUtil.java:135)
        at org.teiid.net.socket.SocketUtil$SSLSocketFactory.getSocket (SocketUtil.java:85)
        at org.teiid.net.socket.OioOjbectChannelFactory.createObjectChannel (OioOjbectChannelFactory.java:165)
        at org.teiid.net.socket.SocketServerInstanceImpl.connect (SocketServerInstanceImpl.java:91)
        at org.teiid.net.socket.SocketServerConnectionFactory.getServerInstance (SocketServerConnectionFactory.java:276)
        at org.teiid.net.socket.SocketServerConnection.connect (SocketServerConnection.java:172)
        at org.teiid.net.socket.SocketServerConnection.selectServerInstance (SocketServerConnection.java:124)
        at org.teiid.net.socket.SocketServerConnection.<init> (SocketServerConnection.java:94)
        at org.teiid.net.socket.SocketServerConnectionFactory.getConnection (SocketServerConnectionFactory.java:312)
        at org.teiid.net.socket.SocketServerConnectionFactory.getConnection (SocketServerConnectionFactory.java:71)
        at org.teiid.adminapi.AdminFactory$AdminProxy.<init> (AdminFactory.java:53)
        at org.teiid.adminapi.AdminFactory.createAdmin (AdminFactory.java:159)
        at org.teiid.adminapi.AdminFactory.createAdmin (AdminFactory.java:149)
        at org.teiid.adminapi.AdminFactory.createAdmin (AdminFactory.java:120)
        at org.teiid.adminshell.AdminShell.connectAsAdmin (AdminShell.java:71)
        at org.teiid.adminshell.AdminShell$connectAsAdmin.callStatic (Unknown Source)
        at groovysh_evaluate.run (groovysh_evaluate:3)
        ...
groovy:000>
Comment 1 Len DiMaggio 2011-01-19 17:18:54 UTC 
Maybe related to:  https://issues.jboss.org/browse/SOA-2309
Comment 2 Len DiMaggio 2011-01-19 17:19:07 UTC 
Link: Added: This issue is related to SOA-2309
Comment 3 Van Halbert 2011-01-19 19:46:08 UTC 
We expect the vm to support the TLS_DH_anon_WITH_AES_128_CBC_SHA for anon ssl, which is the default for admin communication.    However, with the IBM JDK, it does not support anonymous ciphers.  

for differences between Sun JDK and IBM JDK, see:  http://www.ibm.com/developerworks/java/jdk/security/50/secguides/jsse2Docs/JSSE2RefGuide.html#knowndiffsun

There are options:

1) Have the adminshell not use ssl. This would require the changing of the admin connection properties file and turning off ssl. This file will need to be added to the front of the classpath.  Also, the Teiid server would need to be changed to non-ssl for admin connections.


2) User has to configure the TrustManager to support annonymous ciphers

3)  same as 1 on the client side (unless we put in a change that downgrades the assertionerror to a warning) and have the server use full ssl.    Some kind of cert, self-signed or otherwise, would need to be generated.
Comment 4 Anne-Louise Tangring 2011-01-20 17:48:30 UTC 
Affects: Added: [Release Notes]
Comment 5 Van Halbert 2011-01-21 19:36:39 UTC 
Release Notes Docs Status: Added: Documented as Known Issue
Release Notes Text: Added: Teiid expects the vm to support the TLS_DH_anon_WITH_AES_128_CBC_SHA for anon ssl, which is the default for admin communication. However, with the IBM JDK, it does not support anonymous ciphers.

There are options:

1) Have the adminshell not use ssl. This would require the changing of the admin connection properties file and turning off ssl. This file will need to be added to the front of the classpath. Also, the Teiid server would need to be changed to non-ssl for admin connections.


2) User has to configure the TrustManager to support annonymous ciphers

3) same as 1 on the client side (unless we put in a change that downgrades the assertionerror to a warning) and have the server use full ssl. Some kind of cert, self-signed or otherwise, would need to be generated. 


For differences between Sun JDK and IBM JDK, see: http://www.ibm.com/developerworks/java/jdk/security/50/secguides/jsse2Docs/JSSE2RefGuide.html#knowndiffsun
Comment 6 Ramesh Reddy 2011-03-01 20:19:58 UTC 
Van, can you clone this to Teiid. This caused more than required headache already.
Comment 7 Van Halbert 2011-03-01 20:32:35 UTC 
Link: Added: This issue Cloned to SOA-2952
Comment 8 Van Halbert 2011-04-25 19:37:48 UTC 
The issue has be documented in the release notes as to the work around, since this is an issue with the IBM jdk, not Teiid.
Note You need to log in before you can comment on or make changes to this bug.