This repository has been archived by the owner on Mar 18, 2022. It is now read-only.
SSL is always required by Glassfish 3.1.2.2 #13
Assignees
Labels
Comments
|
Reported by tobb |
|
tobb said: |
|
heiner said: |
|
This issue was imported from java.net JIRA GLASSFISH_CORBA-13 |
Pandrex247
referenced
this issue
in payara/patched-src-glassfish-corba
Sep 27, 2017
…ps (pull request #13) PAYARA-1861 PAYARA-1884 fixes Approved-by: Michael Ranaldo <michael.ranaldo@payara.fish>
|
Hi, We are facing this problem in our Production environment Glassfish 3.1.2.2. Thanks. Rgds, |
|
Closing this as this issue is migrated to eclipse-ee4j/orb#13 |
|
Is there a jar file or something I can do to patch my Glassfish 3.1.2.2 machines? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I have recently upgradet from Glassfish 3.0.1 to Glassfish 3.1.2.2 on a client-server application using EJB. As it is part of a closed intranet, SSL is not used for the communication between the client and server.
To upgrade to a new Glassfish version, I just basically copied the setup of the old glassfish-server, page by page. Still, when I tried to do a login against the server, it repeatedly failed due to CORBA NO PERMISSION errors. After a bit of debugging, I found that it was due to the server having SSL required, and when the client tried to connect without SSL, it failed due to mismatch in this respect.
The way it is determined whether the server requires SSL is in the SecurityMechanismSelector class. Here, in the postConstruct method, a (actually 2) EjbIORConfigurationDescriptor are made. This object holds values describing whether SSL is required on the server or not. These values default to SUPPORTED, but if the property "com.sun.CSIV2.ssl.server.required" (orbHelper.getCSIv2Props()).getProperty(GlassFishORBHelper.ORB_SSL_SERVER_REQUIRED)
is set to true, it will override a couple of values regarding SSL to REQUIRED. The value of the property is set in the GlassFishORBManager class, and it is based on the iiop-connectors of the server (method initProperties). What it basically does to find this out is to loop through the iiop connectors, and check if they have an SSL-element. If there is one connector that does not have an SSL-element, SSL is not required, if all have it SSL is required.
The problem with this is that per default, all connectors (even the orb-listener-1) have an SSL-element in their domain.xml-representation. I've tried simply removing the SSL-element of the orb-listener-1 from the domain.xml, and then authentication works just fine. But, if I in the admin console enter the SSL-tab of this listener, it will create the SSL-element again. So, it's not a very robust solution to the problem.
Whether or not SSL is required should be specified in a different way, so that one does not need to hack the domain.xml in order to have ORB-communication without SSL, nor need to worry that someone will enter the wrong page in the admin console and mess everything up.
Environment
Glassfish 3.1.2.2
Affected Versions
[current]
The text was updated successfully, but these errors were encountered: