search

payara / Payara

Payara Server is an open source middleware platform that supports reliable and secure deployments of Java EE (Jakarta EE) and MicroProfile applications in any environment: on premise, in the cloud or hybrid.
http://www.payara.fish
Other
886 stars 307 forks source link

Inconsitent behaviour of asadmin set property commands for CertificateRealm - FISH-787 #4611

Open borisheithecker opened 4 years ago

borisheithecker commented 4 years ago

Description

Configuring a certificate realm via asadmin commands shows inconsistent behaviour.

Current and expected outcome, steps to reproduce

Callers of resources secured with client certificate authentication are not always assigned to the designated groups. Please, see this repository with code and steps to reproduce: https://github.com/borisheithecker/payara-clientcert-test3

The reason seems to be that on changes in the server configuration, CertificateRealm.init(Properties) is called in an inconsistent manner. This seems to be related to the notification mechanism in Transactions.java at Transactions.ConfigListenerNotifier.prepare(...)

https://github.com/payara/Payara/issues/4596 and https://github.com/payara/Payara/issues/4533 are possibly related.

Environment

fturizo commented 4 years ago

Thanks for this report, @borisheithecker. I've been able to reproduce the problem you are encountering, so I'm investigating the issue in detail before escalating it to our engineering team.

MeroRai commented 4 years ago

Hi @borisheithecker,

I have could reproduce the issue in our current release of Payara community release, which is 5.2020.6. I have now escalated it to our engineering team and created an internal issue FISH-787 to track it. Thank you for your assist.

borisheithecker commented 4 years ago

Yes, it's exactly reproducible in Payara 5.2020.6. I've updated the github respository. HTTP/2 should be disabled for client certificate authentication.