1

从 JBoss AS 7 升级到 WildFLy 10 后,我们遇到了来自远程客户端的连接问题,该客户端充当 JMS 生产者。

基于 SSL 的 JMS:客户端启动 STARTTLS 但通道不支持 SSL

服务器配置不打算使用 SSL,客户端也不打算使用 SSL,但客户端正在尝试保护通道,尽管我们不需要它并且我们没有更改之前工作的客户端配置。

客户端上下文属性:

java.naming.security.principal=pubclient
java.naming.security.credentials=xxxxxxxx
java.naming.provider.url=remote://server:4447
java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory
java.naming.factory.url.pkgs=org.jboss.ejb.client.naming
j2ee.clientName=pubadmin
jboss.naming.client.ejb.context=true
java.naming.security.principal=pubclient

服务器配置:

    <subsystem xmlns="urn:jboss:domain:ejb3:4.0">
    ...
        <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
    ...
    <subsystem xmlns="urn:jboss:domain:remoting:3.0">
        <endpoint auth-realm="ApplicationRealm"/>
        <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
        <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
    </subsystem>
    ...

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    ...
        <socket-binding name="remoting" port="4447"/>

堆栈跟踪:

javax.naming.CommunicationException: Failed to connect to any server. Servers tried: [remote://vspidid2:4447 (java.io.IOException: Client starting STARTTLS but channel doesn't support SSL)]
    at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:244) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
    at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:149) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
    at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:130) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
    at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:272) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
    at org.jboss.naming.remote.client.RemoteContext.lookupInternal(RemoteContext.java:104) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
    at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:93) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
    at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:146) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
    at javax.naming.InitialContext.lookup(InitialContext.java:417) ~[na:1.8.0_111]
    at org.wipo.pct.pubadmin.core.oo.OoFactory4POJO.getConnectionFactory(OoFactory4POJO.java:135) ~[classes/:na]
    at org.wipo.pct.pubadmin.core.oo.OoFactory4POJO.createFormatter(OoFactory4POJO.java:68) ~[classes/:na]
    at org.wipo.pct.pubadmin.core.oo.OoFactory4POJO.createFormatter(OoFactory4POJO.java:1) ~[classes/:na]
    at org.wipo.pct.pubadmin.gui.TaskFrame$CreateResources.call(TaskFrame.java:160) ~[classes/:na]
    at org.wipo.pct.pubadmin.gui.TaskFrame$CreateResources.call(TaskFrame.java:1) ~[classes/:na]
    at org.wipo.pct.swing.FailsafeActionListener$1.doInBackground(FailsafeActionListener.java:52) ~[classes/:na]
    at javax.swing.SwingWorker$1.call(SwingWorker.java:295) ~[na:1.8.0_111]
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[na:1.8.0_111]
    at javax.swing.SwingWorker.run(SwingWorker.java:334) ~[na:1.8.0_111]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[na:1.8.0_111]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[na:1.8.0_111]
    at java.lang.Thread.run(Thread.java:745) ~[na:1.8.0_111]
4

1 回答 1

1

我们已通过在远程独立客户端上禁用 SSL,将属性设置jboss.naming.client.connect.options.org.xnio.Options.SSL_STARTTLSfalse.

jboss.naming.client.connect.options.org.xnio.Options.SSL_STARTTLS=false 
# jboss.naming.client.remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
于 2016-12-07T13:23:19.553 回答