Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 922115

Summary: Creating 2 secured remote-outbound-connections fails - reverting back to 1 is OK.
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Shaun Appleton <sappleto>
Component: RemotingAssignee: Darran Lofthouse <darran.lofthouse>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 6.0.1CC: darran.lofthouse, hokuda
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: EAP 6.0.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-04 11:57:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
testweb.war
none
testejb.jar
none
working example of standalone-full-ha.xml for a client server
none
Example jboss-ejb-client for a clustered client. none

Description Shaun Appleton 2013-03-15 14:06:19 UTC 
Setup: 2 clusters EAP 6.0.1. Clusters

1 client cluster 
1 destination

on the client cluster,create 2 remote-outbound-connection and 2 outbound-socket-binding to enable remote ejb communication from the client cluster to the destination server:

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
	...
        <outbound-socket-binding name="bank-remote1">
            <remote-destination host="devpc016970" port="5101"/>
        </outbound-socket-binding>
        <outbound-socket-binding name="bank-remote2">
            <remote-destination host="devpc016970" port="5201"/>
        </outbound-socket-binding>
    </socket-binding-group>
		
and

        <subsystem xmlns="urn:jboss:domain:remoting:1.1">
            <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
            <outbound-connections>
                <remote-outbound-connection name="remote-ejb-connection1" outbound-socket-binding-ref="bank-remote1" security-realm="ejb-security-realm" username="lodhuser">
                    <properties>
                        <property name="SASL_POLICY_NOANONYMOUS" value="false"/>
                        <property name="SSL_ENABLED" value="false"/>
                    </properties>
                </remote-outbound-connection>
                <remote-outbound-connection name="remote-ejb-connection2" outbound-socket-binding-ref="bank-remote2" security-realm="ejb-security-realm" username="lodhuser">
                    <properties>
                        <property name="SASL_POLICY_NOANONYMOUS" value="false"/>
                        <property name="SSL_ENABLED" value="false"/>
                    </properties>
                </remote-outbound-connection>
            </outbound-connections>
        </subsystem>

both nodes on devpc016970  ( ie 5101 and 5201 ) are up (aka destination servers)

When starting one of the servers of the client cluster the following is seen:
[note w.x.y.z replaces the ip address]

12:04:16,407 INFO  [org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager] (ejb-client-cluster-node-connection-creation-4-thread-2) Could not create a connection for cluster node ClusterNode{clusterName='ejb', nodeName='DEVPC016970_100', clientMappings=[ClientMapping{sourceNetworkAddress=/0:0:0:0:0:0:0:0, sourceNetworkMaskBits=0, destinationAddress='w.x.y.z', destinationPort=5101}], resolvedDestination=[Destination address=w.x.y.z, destination port=5101]} in cluster ejb: java.lang.RuntimeException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
	at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)
	at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:89)
	at org.jboss.ejb.client.ClusterContext$EJBReceiverAssociationTask.call(ClusterContext.java:406)
	at org.jboss.ejb.client.ClusterContext$EJBReceiverAssociationTask.call(ClusterContext.java:380)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [rt.jar:1.6.0_31]
	at java.util.concurrent.FutureTask.run(FutureTask.java:138) [rt.jar:1.6.0_31]
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_31]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_31]
	at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_31]
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
	at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:152) [jsse.jar:1.6]
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:806) [jsse.jar:1.6]
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721) [jsse.jar:1.6]
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607) [jsse.jar:1.6]
	at org.xnio.ssl.JsseConnectedSslStreamChannel.unwrap(JsseConnectedSslStreamChannel.java:443) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.ssl.JsseConnectedSslStreamChannel.read(JsseConnectedSslStreamChannel.java:484) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.ssl.JsseConnectedSslStreamChannel.read(JsseConnectedSslStreamChannel.java:449) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.channels.FramedMessageChannel.receive(FramedMessageChannel.java:87) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Greeting.handleEvent(ClientConnectionOpenListener.java:149) [jboss-remoting-3.2.14.GA-redhat-1.jar:3.2.14.GA-redhat-1]
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Greeting.handleEvent(ClientConnectionOpenListener.java:141) [jboss-remoting-3.2.14.GA-redhat-1.jar:3.2.14.GA-redhat-1]
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.ssl.JsseConnectedSslStreamChannel.handleReadable(JsseConnectedSslStreamChannel.java:180) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
	at org.xnio.nio.NioHandle.run(NioHandle.java:90)
	at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:208)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:121)
	at ...asynchronous invocation...(Unknown Source)
	at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270) [jboss-remoting-3.2.14.GA-redhat-1.jar:3.2.14.GA-redhat-1]
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386) [jboss-remoting-3.2.14.GA-redhat-1.jar:3.2.14.GA-redhat-1]
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)
	at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:87)
	... 7 more
	
When the config is reverted back to 1 connection
ie the following declarations are removed:
 - remote-outbound-connection name="remote-ejb-connection2", and
 - outbound-socket-binding name="bank-remote2"

Then the exception goes away.
Comment 1 Hisanobu Okuda 2013-03-19 06:53:32 UTC 
What you need to reproduce the issue are:-

- using standalone-ha.xml or standalone-full-ha.xml on a destination server where an ejb is deployed.
- @Clustered in the ejb implementation.


Steps to reproduce:-

1. run add-user.sh to add a user "ejb" with password "test".
2. deploy testweb.war on a client server.
3. deploy testejb.jar on a destination server
4. add the following lines in standalone-full-ha.xml of a client server where the war deployed

            <security-realm name="ejb-security-realm">
                <server-identities>
                    <secret value="dGVzdA=="/>
                </server-identities>
            </security-realm>

and

            <outbound-connections>
              <remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb" security-realm="ejb-security-realm" username="ejb">
                <properties>
                  <property name="SASL_POLICY_NOANONYMOUS" value="false"/>
                  <property name="SSL_ENABLED" value="false"/>
                </properties>
              </remote-outbound-connection>
            </outbound-connections>

and

        <outbound-socket-binding name="remote-ejb">
            <remote-destination host="hostname_of_destserver" port="4447"/>
        </outbound-socket-binding>

5. start a client server

    $ ./standalone.sh -c standalone-full-ha.xml -b 0.0.0.0

6. start a destination server

    $ ./standalone.sh -c standalone-full-ha.xml -b 0.0.0.0

7. access http://clientserver:8080/testweb/Hello
Comment 2 Hisanobu Okuda 2013-03-19 06:54:17 UTC 
Created attachment 712431 [details]
testweb.war
Comment 3 Hisanobu Okuda 2013-03-19 06:54:47 UTC 
Created attachment 712432 [details]
testejb.jar
Comment 4 Hisanobu Okuda 2013-03-19 06:55:40 UTC 
Created attachment 712433 [details]
working example of standalone-full-ha.xml for a client server
Comment 12 Darran Lofthouse 2013-04-03 16:49:42 UTC 
I have tested this scenario against the following versions: -

  jboss-as-8.0.0.Alpha1-SNAPSHOT
  The latest development branch for EAP 6.1
  The JBoss EAP 6.1.0 ER4 Release
  JBoss EAP 6.0.1

The only release this is reproducible under is EAP 6.0.1 i.e. this issue has already been fixed upstream.

The following issue however has been identified when running this scenario on the other releases: -

  https://issues.jboss.org/browse/EJBCLIENT-73

Despite the exception the invocations work as expected.

As this specific issue has already been addressed upstream I am going to mark this BZ as closed.
Comment 14 Shaun Appleton 2013-04-04 09:00:50 UTC 
Can you point me to jira that fixed the issue. Without that I cannot backport the fix as I don't know exactly what has changed and the bug will still exist.

Simply closing the case as fixed upstream without this is of no help.
Comment 15 Darran Lofthouse 2013-04-04 11:56:15 UTC 
Created attachment 731565 [details]
Example jboss-ejb-client for a clustered client.

Following further investigation the NPE being experienced and recently fixed was masking that the error was still reproducible.

For the scenario described here what is actually missing is configuration for the cluster when establishing additional outbound connections - the attached jboss-ejb-client.xml demonstrates how to add the additional required configuration.
Comment 16 Darran Lofthouse 2013-04-04 11:57:39 UTC 
Required configuration missing from jboss-ejb.client.xml