OOB messages



I’m using this new block scheme in Word Press, and I can say: I suck on this. Like totally, I don’t know where do to anything. Totally, is like learning a new language, I know nothing about it. But does not seem that bad, in fact.

OOB Messages

Out Of Band messages – are sent periodically from the members. Is a message with a tag Message.OOB and is processed by a specific thread pool: out-of-band thread pool at the receiver’s side and they are handled at the transport level.

Message msg=new Message();
msg.setFlag(Message.OOB, Message.NO_FC);

Configuration of the oob thread pool:

    public Executor getOOBThreadPool()

    public void setOOBThreadPool(Executor oob_thread_pool)

Removing OOB Thread Pool

For simplicity, JGroups ended up removing OOB Thread Pool, which was combined with the regular thread pool, reducing the number of thread pools in JGroups 4. This means the configuration above, for oob thread pool, becomes obsolete and the new configuration is done as follows:




Quick servlet



Gonna show how to do a small servlet here.


Basically the main part is to extend HttpsServlet

public class StarterServlet extends HttpServlet {

private static final long serialVersionUID = 1L;

public void init(ServletConfig servletConfiguration) throws ServletException {


System.out.println(“SERVLET STARTED!”);

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {


PrintWriter printWriter = response.getWriter();

printWriter.println(“Hello world”);

Creating the war file

jar -cvf myapp.war *


cp myapp.war /home/fdemeloj/jboss-eap-7.3/standalone/deployments

Accessing it


Linkedin Social Selling Index


Heads up

Linkedin has an index of social influence, is called SSI. Basically is how much you impact your social network – SSI. Although I usually don’t care much about index in social media, this one might be relevant since it is related to work career.

How is calculated

Basically is a sum of the 4 items:

  • Establish your professional brand (1-25)

  • Find the right people (1-25)

  • Engage with insights (1-25)

  • Build relationships (1-25)

How to improve your Social Selling Index:

There is a presentation about this directly from Linkedin.




Wildfly-config file



During the process of discovery a client requires access to its configuration, the classpath is scanned for and the first thing is to look at Wildfly file or can be set with a system-configuration as well – which will load several properties.

In  EJB replaces jboss-ejb-client.properties file which is configured for EJB standalone client applications.

Wildfly-config file

There are several usages for wildfly-config but authentication is one of them:

<?xml version="1.0" encoding="UTF-8"?>

    <authentication-client xmlns="urn:elytron:1.0">

More information can find here

Replacing: jboss-ejb-client.properties::

Using this can be helpful to set several properties, invocation-timeouts and can be used to add connections, which is used to specify an EJB client connection but also can add an interceptors element – I will post about interceptors on this year.


Basically, getting the EJB-security you will see the following architecture after the compilation:

[ejb-security]$ tree
 ├── src
 │   └── main
 │       ├── java
 │       │   └── org
 │       │       └── jboss
 │       │           └── as
 │       │               └── quickstarts
 │       │                   └── ejb_security
 │       │                       ├── RemoteClient.java <----- the client
 │       │                       ├── SecuredEJB.java <--- EJB
 │       │                       └── SecuredEJBRemote.java <--- EJB
 │       └── resources
 │           └── wildfly-config.xml <---- wildlfly-config.xml
 └── target <--- yes, mvn clean install has passed here
     ├── checkstyle-cachefile
     ├── checkstyle-checker.xml
     ├── checkstyle-header.txt
     ├── checkstyle-result.xml
     ├── classes
     │   ├── META-INF
     │   │   └── build.metadata
     │   ├── org
     │   │   └── jboss
     │   │       └── as
     │   │           └── quickstarts
     │   │               └── ejb_security
     │   │                   ├── RemoteClient.class
     │   │                   ├── SecuredEJB.class
     │   │                   └── SecuredEJBRemote.class
     │   └── wildfly-config.xml <---- on the target you will see the wildfly-config.xml file
 28 directories, 28 files

Running the example should be trivial (after adding the quickstartUser in the application-users.properties), and the result should be:

$ mvn exec:exec -X
  Successfully called secured bean, caller principal quickstartUser
  Principal has admin permission: true #if quickstartUser=guest, admin
  Principal has admin permission: false #if quickstartUser=guest


1. EJBCLIENT000409: No more destinations are available

Exception in thread "main" org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available
     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:592) <--- EJB client invocation context, which will call the EJB invocation
     at org.jboss.as.quickstarts.ejb_security.RemoteClient.main(RemoteClient.java:45)
     Suppressed: org.jboss.ejb.client.RequestSendFailedException
         at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:101)
         at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:74)
         at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215)
         at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720)
         at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:949)
         at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
         at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
         at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
         at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
         at java.lang.Thread.run(Thread.java:748)
     Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
    DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication   <---- Rejected Authentication

2. Port is wrong:

Start jboss with port offset: $ ./bin/standalone.sh -Djboss.socket.binding.port-offset=100:

00:19:50,385 INFO [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0006: Undertow HTTP listener default listening on <-- 8180

Using a wildfly-config.xml:

<jboss-ejb-client xmlns="urn:jboss:wildfly-client-ejb:3.0"> 
   <connection uri="remote+http://localhost:8080"/> 

So then since the ports are different, a NoSuchEJBException appears:

Exception in thread "main" javax.ejb.NoSuchEJBException: EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for "/ejb-security/SecuredEJB", view is interface org.jboss.as.quickstarts.ejb_security.SecuredEJBRemote, affinity is None
     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:592)
     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:528)
     at com.sun.proxy.$Proxy0.getSecurityInfo(Unknown Source)
     at org.jboss.as.quickstarts.ejb_security.RemoteClient.main(RemoteClient.java:45)
     Suppressed: java.net.ConnectException: Connection refused <----- expected 
         at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)

Fixing 8180 on the wildfly-config.xml, so then we have:

 Nov 07, 2019 12:23:40 AM org.jboss.remoting3.EndpointImpl 
 INFO: JBoss Remoting version 5.0.8.Final-redhat-1
 Successfully called secured bean, caller principal quickstartUser


I wrote this post listening to Harry Styles (British singer), and it one of the best songs of the album Fine Line (2019), his second album. Yes, same HS that was in One Direction. That’s the only thing I’ll ever do.

JGroups – pt 2 ~ Protocols review


Continuing on JGroups


                        [destination][headers] [payload]


The protocols always are from the org.jgroups.protocolshot

<config xmlns="urn:org:jgroups"
        xsi:schemaLocation="urn:org:jgroups http://www.jgroups.org/schema/jgroups.xsd">
         thread_pool.keep_alive_time="5000" />

    <PING />
    <MERGE3 max_interval="30000" min_interval="10000"/>
    <VERIFY_SUSPECT timeout="1500"  />
    <pbcast.NAKACK2 xmit_interval="500" />
    <UNICAST3 xmit_interval="500" />
    <pbcast.STABLE desired_avg_gossip="50000"
    <pbcast.GMS print_local_addr="true" join_timeout="2000"/>
    <UFC max_credits="2M"
    <MFC max_credits="2M"
    <FRAG2 frag_size="60K"  />


mcast_port specifies the multicast port number. If omitted, the default is 45566

ip_ttl: time to live IP Multicast packets


       For the cluster maintain a list of current member nodes at all times.


This service enables the node coordinators in partitions to put the cluster back again in case of failure and form a single cluster back again.


Fail detection protocol based on sockets.


Failure detection protocol based on simple heartbeat protocol.



Reliable delivery protocol: NAKACK protocol is used for multicast messages, which are numbered in a sequence. In case the receiver misses one message, he can ask to re-transmit it.


Reliable delivery protocol: Unicast is not necessary in case of TCP.


Is responsible to calculate the stable messages (the ones delivered by members), then send <STABLE> events so then the GC can act (with the NAKACK) – the GC applies on the messages we are accumulating  – regulated either by the <> or <>

• desired_avg_gossip
     specifies intervals (in milliseconds) of garbage collection
• max_bytes
     specifies the maximum number of bytes received before the cluster


Group membership protocol. Handles joins/leaves/crashes (suspicions) and emits new views accordingly.


Unified Flow Control protocol based on credit system in which sender has a limited amount implemented using protected java.util.Map<Address,FlowControl.Credit>


Another Flow Control protocol based on credit system in which sender has a limited amount  but implemented using protected CreditMap


This protocol will fragment a message, on this case any that is larger than <60K>

Reading the Protocols

The reading is from top to down so the stack will be built from UDP to FRAG2 protocols  (bottom up) and each protocol is implemented a independent Java class.

Although very outdated, this guide comes in hand to understand it.

RPG for life



When I was a kid I was fascinated by D&D and RPG in general. Not sure, but I think I already commented about it here. RPG had a big role in learning organization skills, team skills and planning. I would recommend and certainly will teach to my kids.

From 9 years, when I started AD&D to D&D a few years later, I can say I’ve learned many lessons: resource management, preparation, list all your weakness and strengths when facing the adversary, to respect the groups input, be aware and prepare against unlucky. And how 1/20 can destroy a fun day.

Every Saturday I’d needed to choose the list of spells for my spellcaster player and prepare for the next battle, make a plan for dungeon invasion and problem solving.

Favorite list of spells:

Finger of death





JDG basically is built on top of JGroups is a toolkit for messaging and is based on protocols. Bela Ban developed it for his post-doc at Cornell University, as he explains on the manual, is a pure java implementation of group communication transport that ended up being used by JBoss (the company).


What is it?

JGroups is a Java library for reliable group communication.

It consists of 3 parts: (1) a socket-like API for application development, (2) a protocol stack, which implements reliable communication, and (3) a set of building blocks, which give the developer high-level abstractions (e.g. ReplicatedHashMap, an implementation of java.util.Map).

Relation to Infinispan

Infinispan <uses> JGroups as its underlying clustering layer. In order to configure the finer details of clustering (discovery, flow control, cross-site, etc) you have to provide a separate XML file with the desired configuration and reference it from your Infinispan XML file as follows – that will have the protocols (which every message will pass through):


<UDP mcast_port=”${jgroups.udp.mcast_port:45588}”


<PING />
<MERGE3 max_interval=”30000″ min_interval=”10000″/>
<VERIFY_SUSPECT timeout=”1500″ />
<pbcast.NAKACK2 xmit_interval=”1000″/>
<UNICAST3 xmit_interval=”1000″/>
<pbcast.STABLE desired_avg_gossip=”50000″
<pbcast.GMS print_local_addr=”true” join_timeout=”2000″/>
<UFC max_credits=”2M” min_threshold=”0.4″/>
<MFC max_credits=”2M” min_threshold=”0.4″/>
<FRAG2 frag_size=”60K” />

Sample Code

      JChannel channel=new JChannel("/home/bela/udp.xml");
      channel.setReceiver(new ReceiverAdapter() {
          public void receive(Message msg) {
              System.out.println("received msg from " + msg.getSrc() + ": " + msg.getObject());
      channel.send(new ObjectMessageSerializable(null, "hello world"));

JGroup and JChannel

While a group is a cluster, a JChannel a is the mean to the members to communicate as well as the building blocks, which are an abstraction above the JChannel. Finally the XML will contain a protocol stack, which has the bi-directional message path, from the building blocks up to the network.


   [fdemeloj@fdemeloj Downloads]$ /home/fdemeloj/Downloads/jdk-11.0.1/bin/java -jar jgroups-5.0.0.Alpha6.jar
Version: 5.0.0.Alpha6 (Stelvio)

 /home/fdemeloj/Downloads/jdk-11.0.1/bin/java -cp jgroups-5.0.0.Alpha6.jar org.jgroups.demos.Draw



[fdemeloj@fdemeloj jgroups]$ /home/fdemeloj/Downloads/jdk-11.0.1/bin/java -cp jgroups-5.0.0.Alpha6.jar org.jgroups.demos.Draw -help

Draw [-help] [-no_channel] [-props <protocol stack definition>] [-clustername <name>] [-state] [-timeout <state timeout>] [-use_unicasts] [-jmx <true | false>] [-name <logical name>] [-send_own_state_on_merge true|false] [-uuid <UUID>]
no_channel: doesn’t use JGroups at all, any drawing will be relected on the whiteboard directly
props: argument can be an old-style protocol stack specification, or it can be a URL. In the latter case, the protocol specification will be read from the URL

Using Identity Store



Was searching here on a small application for deploying in JBoss using ​​Ldap, which is a protocol for managing with services directories.

So, the basic requirement is: An application that has a Ldap custom module for log in.

The ldapwiki helps a lot actually


The process is partially described here, ie, we want to have inMemoryDirectoryServer this basically starts, stop, and manipulate in general the Ldap configuration. To set all the information on the Server, we use a InMemoryDirectoryServerConfig

InMemoryDirectoryServer: start, stop, manipulate

InMemoryListenerConfig: loads  the configuration file




Application Config

InMemoryDirectoryServerConfig config =
new InMemoryDirectoryServerConfig(“dc=example,dc=com”);
config.addAdditionalBindCredentials(“cn=Directory Manager”, “password”);

// Create the directory server instance, populate it with data from the
// “test-data.ldif” file, and start listening for client connections.
InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
ds.importFromLDIF(true, “app.ldif”);

And to start/stop we can do:

// Disconnect from the server and cause the server to shut down.

When you login, you will see:

<h:outputText value=”Hello World”/>
<!– added sonic the hedgehog –>
<img src=”img/sonic.jpg” alt=”Sonic”></img>

So this:


user.ldif  ~ LDAP Data Interchange Format

We use a ldif file so we can set the users that will access the application, as explained on the link, this file is a bit tricky and has its own.

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

Compilation with Maven



INFO [stdout] (ServerService Thread Pool — 82) —Starting App


The access is done throw http://localhost:8080/app-test/user






Adding users in EJB



I did in another post about a simple Remote Sum EJB  and client. The scheme is pretty straight forward and I will do the opposite of what usually someone do (tutorial then set the user) let’s do the opposite:

Adding the users/roles

Both two steps below can be done with:

$JBOSS_HOME/bin/add-user.sh -a -u 'testUserOne' -p 'testPasswordOne' -g 'guest'
  1. Add the user you will test in the application-users.properties:


2. Add the roles (either guest and/or admin) in the application-roles.properties:


#testUserOne=guest, admin

3. Add Application in the security domain:

<application-security-domain name=”other” security-domain=”ApplicationDomain”/>

4. And add the connector:

<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm" sasl-authentication-factory="application-sasl-authentication"/>

Maven is a friend

Maven is always a friend an helps organize the project in the pom.xml. On this case though, I will go step by step ~ thoroughly ~ so won’t use mvn.

So just do jar -cvf EjbSecure.jar SecureSum.class SecureSumRemote.class resources/


1. Besides what was already there, we just need to add the annotation for the RolesAllowed and the SecurityDomain allowed, as follows:

@RolesAllowed({ “guest” }) //Added
@SecurityDomain(“other“) //Added
public class SecureSum implements SecureSumRemote
public int add(int a, int b){
return a+b;

2. Add the wildfly-config.xml (Jakarta 8 specially) for the security validation, setting up the actually user you want

<set-user-name name=”testUserOne”/>
<clear-password password=”testPasswordOne”/>


  1. Create a Client passing the password that you added on wildfly-config.xml:

if(username != null && password != null) {
props.put(Context.SECURITY_PRINCIPAL, username);
props.put(Context.SECURITY_CREDENTIALS, password);

2. Compile it with jboss-annotations-ejb3-4.2.2.GA.jar, run it:

#java StandaloneSecure
Getting the Remote
…More several
Got the remote InterfaceProxy for remote EJB StatelessEJBLocator for “/EjbSecure/SecureSum”, view is interface SecureSumRemote, affinity is None


1. Not using password (or using a wrong password) there will be a Not Allowed:

02:19:47,143 ERROR [org.jboss.as.ejb3.invocation] (default task-1) WFLYEJB0034: EJB Invocation failed on component SecureSum for method public abstract int SecureSumRemote.add(int,int): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract int SecureSumRemote.add(int,int) of bean: SecureSum is not allowed

2. To add the admin feature specific, just add:

@RolesAllowed(admin) some function, like in [dont forget to add admin role for the user in application-roles.properties]:

public int minus(int a, int b){ return a – b; }


Got the remote InterfaceProxy for remote EJB StatelessEJBLocator for “/EjbSecure/SecureSum”, view is interface SecureSumRemote, affinity is None

Otherwise, you get an exception: WFLYEJB0364: Invocation on method: public abstract int SecureSumRemote.minus(int,int) of bean: SecureSum is not allowed

3. The lookup get’s the remote, so cast to Remote. And to add another method, the method must be on the remote.


Of course the quickstart security. Very well done, it is a bit of an overkill at first but later understanding the basics you can add more on top of it no problem.