This application demonstrates some issues with WildFly 15 and the use of javax.enterprise.concurrent.ContextService.createContextualProxy(T, java.util.Map<java.lang.String,java.lang.String>, java.lang.Class). It evolved while attempting to solve Wildfly ContextService concurrent securityIdentity is null for a user on Stack Overflow.
-
Install WildFly 15.0.1 Final
-
Copy the two demo-* files from the
bindirectory to $WILDFLY_HOME/standalone/configuration/ -
Configure the server
$WILDFLY_HOME/bin/jboss-cli.sh --file=bin/configure.cli -
Build and deploy the demo application
- Attempt to access the URL http://localhost:8080/wf-jms-security-context/ping
- You will be asked for BASIC authentication credentials - use
user1/password123 - The page should show "OK user1"
The WildFly server log will have a stack trace:
16:23:31,360 ERROR [demo.stackoverflow.jms.ContextualMessageHandler] (Thread-33 (ActiveMQ-client-global-threads)) Failed to process message: javax.jms.JMSException: org.jboss.as.ejb3.component.concurrent.EJBContextHandleFactory$EJBContextHandle from [Module "org.apache.activemq.artemis" version 2.6.3.jbossorg-00014 from local module loader @79698539 (finder: local module finder @73f792cf (roots: /Users/steve/servers/wildfly-15.0.1.Final/modules,/Users/steve/servers/wildfly-15.0.1.Final/modules/system/layers/base))]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
...
This appears to be a consequence of the org.apache.activemq.artemis module needing access to classes in
the org.jboss.as.ejb3 module.
In any event adding org.jboss.as.ejb3 to org.apache.activemq.artemis resolves the exception. I don't know if that is
the best place for it though.
This leads to...
The demo.stackoverflow.jms.ContextualMessageHandler receives a deserialized demo.stackoverflow.payload.ActivePayloadBody
proxy and invokes its run method. This call does not appear to have access to to the original callers security
identity.
Inspecting the proxy that is created at line 64 of demo.stackoverflow.service.Ping.ping shows that it has a
org.jboss.as.ee.concurrent.IdentityAwareProxyInvocationHandler instance variable.
The source code for this IdentityAwareProxyInvocationHandler reveals:
private final transient SecurityIdentity securityIdentity;
which clearly does not survive serialization.
How should I use the VM transport suggests that serialization can be disabled, but I could not determine if this can be configured in WildFly right now.