Configuring multiple EJB Connectors in JBoss EAP 7.4 / 8.0+
Environment
- Red Hat Enterprise Application Platform (EAP)
- 8
- 7.4
Issue
- How to Configure multiple EJB Connectors in JBoss EAP 8.0 ?
- Configuring multiple EJB Connectors in JBoss EAP 7.4
Resolution
The example configurations have http-remoting-connector in the remoting subsystem, which defaults to listening on undertow's default listener which is the http listener on port 8080.
Adding the https remoting connector
Elytron (EAP 8 / EAP 7.1+)
/subsystem=remoting/http-connector=https-remoting-connector:add(connector-ref=https,sasl-authentication-factory=application-sasl-authentication)
Then the EJB subsystem should be configured with connectors: http-remoting-connector and https-remoting-connector such as:
/subsystem=ejb3/service=remote:write-attribute(name=connectors, value=[http-remoting-connector,https-remoting-connector])
This will be reflected on the configuration file (domain.xml or standalone.xml) as:
<!-- the remoting subsystem -->
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<http-connector name="http-remoting-connector" connector-ref="default" sasl-authentication-factory="application-sasl-authentication"/>
<http-connector name="https-remoting-connector" connector-ref="https" sasl-authentication-factory="application-sasl-authentication"/>
</subsystem>
<!-- the ejb subsystem -->
<subsystem xmlns="urn:jboss:domain:ejb3:9.0">
...
<remote cluster="ejb" connectors="http-remoting-connector https-remoting-connector" thread-pool-name="default">
...
Picketbox Legacy Security (EAP 7.x)
/subsystem=remoting/http-connector=https-remoting-connector:add(connector-ref=https, security-realm=ApplicationRealm)
Then the EJB subsystem should be configured with connectors: http-remoting-connector and https-remoting-connector such as:
/subsystem=ejb3/service=remote:write-attribute(name=connectors, value=[http-remoting-connector,https-remoting-connector])
This will be reflected on the configuration file (domain.xml or standalone.xml) as:
<!-- the remoting subsystem -->
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
<http-connector name="https-remoting-connector" connector-ref="https" security-realm="ApplicationRealm"/>
</subsystem>
<!-- the ejb subsystem -->
<subsystem xmlns="urn:jboss:domain:ejb3:9.0">
...
<remote cluster="ejb" connectors="http-remoting-connector https-remoting-connector" thread-pool-name="default">
...
Adding the legacy remoting connector
The legacy remoting connector is used for EAP 6 clients to connect to EAP 7
The legacy (port 4447) remoting connector is added such as :
/socket-binding-group=standard-sockets/socket-binding=remoting:add(port=4447)
/subsystem=remoting/connector=legacy-remoting-connector:add(socket-binding=remoting, security-realm=ApplicationRealm)
Then the EJB subsystem should be configured with connectors: http-remoting-connector and legacy-remoting-connector such as:
/subsystem=ejb3/service=remote:write-attribute(name=connectors, value=[http-remoting-connector, legacy-remoting-connector])
This will be reflected on the configuration file (domain.xml or standalone.xml) as:
<!-- the remoting subsystem -->
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<connector name="legacy-remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
</subsystem>
<!-- the ejb subsystem -->
<subsystem xmlns="urn:jboss:domain:ejb3:9.0">
...
<remote cluster="ejb" connectors="http-remoting-connector legacy-remoting-connector" thread-pool-name="default">
...
Notes
Other possible configurations
To Switch the http-remoting-connector to use https
If only wanting https, instead of adding a 2nd connector, the http-remoting-connector can be switched to use the https undertow connect by:
/subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=connector-ref,value=https)
Remove a connector
Take the example of adding https-remoting-connector along side the http-remoting-connector, where you want to remove the https-remoting-connector.
Remove the https-remoting-connector from the ejb3's connectors with this command:
/subsystem=ejb3/service=remote:list-remove(name=connectors,value=https-remoting-connector)
Remove the https-remoting-connector from the remoting subsystem with this command:
/subsystem=remoting/http-connector=https-remoting-connector:remove()
Note:
There is a known issue in JBoss EAP 7.4 GA through 7.4 Update 2 that the EJB server-side shutdown hangs after accepting an EJB request from a client using remoting protocol. This issue has been fixed in JBoss EAP 7.4 Update 3 see more details. Please apply the latest JBoss EAP 7.4 cumulative patch if it is required remoting protocol.
Root Cause
The connector-ref was deprecated and replaced with connectors such that the ejb remote system can be connected to multiple connectors, which is not in EJB 3.5 schema (and therefore it will break if using connectors tag and EJB 3.5 schema).
See $JBOSS_HOME/docs/schema/wildfly-ejb3_6_0.xsd, schema used for EAP 7.3:
<xs:attribute name="connector-ref" type="xs:string" use="required"/>
And $JBOSS_HOME/docs/schema/wildfly-ejb3_9_0.xsd, schema used for EAP 7.34:
<xs:attribute name="connectors" type="connectorsType" use="required"/>
This means using connectors with ejb 3.5 will not work (and it is expected not to work), And that using connector-ref will break in ejb 3.9.
Example that works in EAP 7.3 and EAP 7.4 (because it sets ejb 3.5):
<subsystem xmlns="urn:jboss:domain:ejb3:5.0"> <!-- ejb3:5-->
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
</channel-creation-options>
</remote>
Diagnostic Steps
Simulation:
$ ./bin/jboss-cli.sh -c
[standalone@localhost:9990 /] /socket-binding-group=standard-sockets/socket-binding=remoting:add(port=4447)
{"outcome" => "success"}
[standalone@localhost:9990 /] /subsystem=remoting/connector=legacy-remoting-connector:add(socket-binding=remoting, security-realm=ApplicationRealm)
{"outcome" => "success"}
...
[standalone@localhost:9990 /] /subsystem=ejb3/service=remote:write-attribute(name=connectors, value=[http-remoting-connector, legacy-remoting-connector])
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
The following changes will be on the configuration file:
<subsystem xmlns="urn:jboss:domain:ejb3:9.0">
<remote cluster="ejb" connectors="http-remoting-connector legacy-remoting-connector" thread-pool-name="default"> <!-- ejb uses connector legacy-remoting-connector -->
...
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<connector name="legacy-remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/> <!-- definition of legacy remoting -->
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
...
<socket-binding name="remoting" port="4447"/> <!-- definition of socket binding -->
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.