3 Replies Latest reply on Oct 18, 2018 4:38 PM by jim_b_o

    WildFly 14.0.1.Final jboss-client sasl failure on JMC7/JDK 11

    jim_b_o

      Whilst trying to configure JDK Mission Control 7 EA (JMC) to connect via JMX to WildFly 14.0.1.Final using the -Xbootclasspath/a:%JBOSS_HOME%/bin/client/jboss-client.jar approach, I am seeing the following error:

       

      org.openjdk.jmc.rjmx.ConnectionException caused by javax.security.sasl.SaslException: org/ietf/jgss/GSSManager [Caused by java.lang.NoClassDefFoundError: org/ietf/jgss/GSSManager]
        at org.openjdk.jmc.rjmx.internal.RJMXConnection.connect(RJMXConnection.java:442)
        at org.openjdk.jmc.rjmx.internal.ServerHandle.doConnect(ServerHandle.java:116)
        at org.openjdk.jmc.rjmx.internal.ServerHandle.connect(ServerHandle.java:106)
        at org.openjdk.jmc.console.ui.editor.internal.ConsoleEditor$ConnectJob.run(ConsoleEditor.java:99)
        at org.eclipse.core.internal.jobs.Worker.run(Worker.java:60)
      Caused by: javax.security.sasl.SaslException: org/ietf/jgss/GSSManager [Caused by java.lang.NoClassDefFoundError: org/ietf/jgss/GSSManager]
        at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:426)
        at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
        at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
        at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
        at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
        at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
        at ...asynchronous invocation...(Unknown Source)
        at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:571)
        at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:533)
        at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:521)
        at org.jboss.remotingjmx.RemotingConnector.internalRemotingConnect(RemotingConnector.java:268)
        at org.jboss.remotingjmx.RemotingConnector.internalConnect(RemotingConnector.java:156)
        at org.jboss.remotingjmx.RemotingConnector.connect(RemotingConnector.java:103)
        at org.openjdk.jmc.rjmx.internal.RJMXConnection.connectJmxConnector(RJMXConnection.java:488)
        at org.openjdk.jmc.rjmx.internal.RJMXConnection.establishConnection(RJMXConnection.java:465)
        at org.openjdk.jmc.rjmx.internal.RJMXConnection.connect(RJMXConnection.java:435)
        ... 4 more
      Caused by: java.lang.NoClassDefFoundError: org/ietf/jgss/GSSManager
        at java.base/java.lang.Class.getDeclaredConstructors0(Native Method)
        at java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3138)
        at java.base/java.lang.Class.getConstructor0(Class.java:3343)
        at java.base/java.lang.Class.getConstructor(Class.java:2152)
        at java.base/java.security.Provider.newInstanceUtil(Provider.java:152)
        at java.base/java.security.Provider$Service.newInstance(Provider.java:1824)
        at org.wildfly.security.sasl.util.SecurityProviderSaslClientFactory.createSaslClient(SecurityProviderSaslClientFactory.java:94)
        at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66)
        at org.wildfly.security.sasl.util.ProtocolSaslClientFactory.createSaslClient(ProtocolSaslClientFactory.java:50)
        at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66)
        at org.wildfly.security.sasl.util.ServerNameSaslClientFactory.createSaslClient(ServerNameSaslClientFactory.java:50)
        at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66)
        at org.wildfly.security.sasl.util.ServerNameSaslClientFactory.createSaslClient(ServerNameSaslClientFactory.java:50)
        at org.wildfly.security.sasl.util.FilterMechanismSaslClientFactory.createSaslClient(FilterMechanismSaslClientFactory.java:102)
        at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66)
        at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory.createSaslClient(LocalPrincipalSaslClientFactory.java:76)
        at org.wildfly.security.sasl.util.PrivilegedSaslClientFactory.lambda$createSaslClient$0(PrivilegedSaslClientFactory.java:64)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at org.wildfly.security.sasl.util.PrivilegedSaslClientFactory.createSaslClient(PrivilegedSaslClientFactory.java:64)
        at org.wildfly.security.auth.client.AuthenticationConfiguration.createSaslClient(AuthenticationConfiguration.java:1363)
        at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.createSaslClient(AuthenticationContextConfigurationClient.java:409)
        at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:420)
        at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
        at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
        at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
        at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
        at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

       

      This appears to be because org/ietf/jgss/GSSManager is no longer in the JDK 11 bundled with JMC but org.wildfly.security.sasl.gssapi.AbstractGssapiMechanism requires it.

      Is this something that can be overcome via security config or is it likely to require code changes in WildFly?

       

      WildFly 14.0.1.Final otherwise seems to be running well on JDK 11.

        • 1. Re: WildFly 14.0.1.Final jboss-client sasl failure on JMC7/JDK 11
          dmlloyd

          You might have to add "--add-modules=jdk.security.jgss" to the JVM launch flags of the bundled JMC.

          • 2. Re: WildFly 14.0.1.Final jboss-client sasl failure on JMC7/JDK 11
            jim_b_o

            David,

             

            Thanks, I've given that a try but unfortunately any/all "--add-modules=XXX" is being stripped out and does not make it to the runtime config.  Seems similar to 535414 – Eclipse equinox launcher does not recognise OpenJ9 java 10 as modular VM  although I presume it's the OpenJDK that is bundled so should not be that specific issue.

             

            So if I include the following in jmc.ini:

            -vmargs
            -Xbootclasspath/a:/Users/james/dev/wf/jboss-cli-client.jar
            --add-modules=jdk.security.jgss
            -XX:+FlightRecorder
            ...

             

            I only see this JMC's 'About | Installation Details | Configuration' dialog:

            eclipse.vmargs=-Xbootclasspath/a:/Users/james/dev/wf/jboss-cli-client.jar
            -XX:+FlightRecorder
            ...

             

            Regards, James.

            • 3. Re: WildFly 14.0.1.Final jboss-client sasl failure on JMC7/JDK 11
              jim_b_o

              A bit more progress...  The --add-modules=jdk.security.jgss was being stripped because the JMC bundled JDK does not include it.  After overriding the JDK to use a full version, the --add-modules=jdk.security.jgss makes it through to the runtime config.

               

              Unfortunately the exact same exception is still occurring.  So I'm guessing this is an Eclipse Platform/JMC issue at this point.

               

              So to 'Plan B'.  With WildFly 10 I was using the standard com.sun.management.jmxremote settings and getting around the JMX java.util.logging.manager dependency by configuring it in the standalone.conf as documented in various places.  Here's what I'm using:

               

                    JAVA_OPTS="$JAVA_OPTS -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
                    JBOSS_MODULES_SYSTEM_PKGS="$JBOSS_MODULES_SYSTEM_PKGS,org.jboss.logmanager"
                    JBOSS_LOG_MANAGER_LIB="$(echo $JBOSS_HOME/modules/system/layers/base/org/jboss/logmanager/main/jboss-logmanager-*.jar)"
                    JAVA_OPTS="-Xbootclasspath/a:$JBOSS_LOG_MANAGER_LIB $JAVA_OPTS"

               

              This no longer works in WildFly 14 with the error shown below.

               

              java.lang.IllegalStateException: The LogManager was not properly installed (you must set the "java.util.logging.manager" system property to "org.jboss.logmanager.LogManager")
                at org.jboss.logmanager.Logger.getLogger(Logger.java:57)
                at org.jboss.as.server@6.0.2.Final//org.jboss.as.server.Main.main(Main.java:89)
                at org.jboss.modules.Module.run(Module.java:352)
                at org.jboss.modules.Module.run(Module.java:320)
                at org.jboss.modules.Main.main(Main.java:593)

               

              This is the same error you get if you don't provide the config above but I'm pretty sure it's working and the real problem is a ClassLoader issue.  The following post and it's various issue links suggest that the logging changed in WildFly 12.

               

              Update for WildFly 12 · Issue #131 · wildfly/wildfly-arquillian · GitHub

               

              Is it still possible to use the standard JMX connection?  Is there new/different config required to get the logging up and running with it?