1 2 3 Previous Next 37 Replies Latest reply: Jan 20, 2014 7:59 AM by jansi senthil RSS

remote ejb client username is encrypted at the server(JBOSS7.1 Final)

Ganesh Saithala Newbie

we are using remote EJB JNDI based units tests to test the code and we are evaluating JBOSS7.1 CR1. With JBOSS7.1 CR1, username sent from the remote ejb client is encrypted at the server, database query using the encrypted username is returning no passwords and login is failing. We are stuck with this problem to continue evaluation of JBOSS7.1 CR1 release. Can you please suggest how to fix this issue.

 

I have referred the following links to get the relevant information but unsuccessful

 

https://issues.jboss.org/browse/AS7-2942

 

https://issues.jboss.org/browse/AS7-2999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

 

https://issues.jboss.org/browse/AS7-3002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

 

Server Exception :

 

18:54:39,652 ERROR [org.jboss.remoting.remote] (Remoting "machine1" read-1) JBREM000200: Remote connection failed: java.io.IOException: An existing connection was forcibly closed by the remote host
18:57:45,423 DEBUG [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@10d0fc9
18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) Begin isValid, principal:a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) defaultLogin, principal=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (pool-9-thread-2) Begin getAppConfigurationEntry(iS3Login), size=4
18:57:45,423 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (pool-9-thread-2) End getAppConfigurationEntry(iS3Login), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: sufficient
Options:
name=hashAlgorithm, value=SHA-256
name=principalsQuery, value=select password from sessionuser where name=?
name=hashEncoding, value=base64
name=dsJndiName, value=java:/jdbc/exampleds
name=rolesQuery, value=select role, 'Roles' from sessionrole where name=?
[1]
LoginModule Class: org.jboss.security.auth.spi.LdapLoginModule
ControlFlag: LoginModuleControlFlag: sufficient
Options:
name=java.naming.provider.url, value=ldap://ldap.xxx.xxx.com:123/
name=principalDNSuffix, value=,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com
name=principalDNPrefix, value=CN=

18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) initialize
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Security domain: iS3Login
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Password hashing activated: algorithm = SHA-256, encoding = base64, charset = {default}, callback = null, storeCallback = null
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) DatabaseServerLoginModule, dsJndiName=java:/jdbc/exampleds

18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) principalsQuery=select password from sessionuser where name=?
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) rolesQuery=select role, 'Roles' from sessionrole where name=?
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) suspendResume=true
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) login
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) suspendAnyTransaction
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Excuting query: select password from sessionuser where name=?, with username: a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Query returned no matches from db
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) resumeAnyTransaction
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) initialize
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Security domain: iS3Login
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) login
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Logging into LDAP server, env={java.naming.provider.url=ldap://ldap.xxx.xxx.com:123/, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, jboss.security.security_domain=iS3Login, principalDNPrefix=CN=, principalDNSuffix=,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com, java.naming.security.authentication=simple, java.naming.security.principal=CN=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com, java.naming.security.credentials=***}
18:57:45,423 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Bad password for username=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) abort
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) abort
18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) Login failure: javax.security.auth.login.FailedLoginException: PB00019: Processing Failed:No matching username found in Principals
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:186) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:248) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source) [:1.6.0_29]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_29]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_29]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [:1.6.0_29]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_29]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_29]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_29]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_29]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:402) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.proceedWithJaasLogin(JaasSecurityManagerBase.java:341) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:329) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:207) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:267) [jboss-as-security-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:234) [jboss-as-security-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:283) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:61) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:191) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_29]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_29]
at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_29]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_29]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)

18:57:45,439 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) End isValid, false
18:57:45,439 ERROR [org.jboss.ejb3.invocation] (pool-9-thread-2) JBAS014134: EJB Invocation failed on component SessionBean for method public abstract java.security.Principal demo.SessionBeanInterface.getPrincipal(): javax.ejb.EJBAccessException: Invalid User
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54)
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45)
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:283)
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:61)
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:191)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_29]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_29]
at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_29]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_29]
at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.0.0.GA.jar:2.0.0.GA]

  • 1. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    Ganesh Saithala Newbie

    With JBOSS7.1 Final version also Iam getting encrypted username at the server and database login is failing.

     

    standalone.xml file contents :

     

    <security-realm name="ApplicationRealm">
                    <authentication>
                        <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                    </authentication>
                </security-realm>

     

    <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm">
                    <sasl>
                        <policy>
                            <no-anonymous value="true"/>
                            <no-plain-text value="false"/>
                            <pass-credentials value="true"/>
                        </policy>
                    </sasl>
                </connector>
            </subsystem>

     

    <security-domain name="MYLogin" cache-type="default">
                        <authentication>
                            <login-module code="Remoting" flag="optional">
                                <module-option name="password-stacking" value="useFirstPass"/>
                            </login-module>
                            <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="sufficient">
                                <module-option name="dsJndiName" value="java:/jdbc/example"/>
                                <module-option name="principalsQuery" value="select password from sessionuser where name=?"/>
                                <module-option name="rolesQuery" value="select role, 'Roles' from sessionrole where name=?"/>
                                <module-option name="hashAlgorithm" value="SHA-256"/>
                                <module-option name="hashEncoding" value="base64"/>
                            </login-module>
                        </authentication>
                    </security-domain>

    ...

     

    EJB is using Security Domain annotation

    @SecurityDomain

    (value = "MYLogin")

     

    Can you please suggest how to configure standalone.xml for remote ejb authentication to work properly using database login module.

  • 2. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    Darran Lofthouse Master

    Don't worry about the SASL options, they are selected automatically based on the capabilities of the authentication mechanism you choose.

     

    What you will need to do is reference the JAAS domain from the realm, an example of this is here: -

     

     

     <security-realm name="ManagementRealm">
     <authentication>
     <jaas name="darrans-domain" />
     </authentication>
     </security-realm>
    
  • 3. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    apparaonali Newbie

    I am also facing the user name encrypted issue.

    I tried with the above suggestion, still it failed to login due to encrypted vaule of Principal/user.

    I enabled trace and verified the Principal/user value it is always encrypted value and different for run to run.

     

    I added below lines as per your suggestion:

    ================================

    <security-realm name="ManagementRealm">
    <authentication>
    <jaas name="AppuLogin" />
    </authentication>
    </security-realm>

     

    I also added below lines as remote socket binding referring to "ApplicationRealm <subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/> </subsystem>"

     

    security-realm name="ApplicationRealm">
                    <authentication>
                        <jaas name="iS3Login"/>
                    </authentication>
                </security-realm>

     

    Here is server side trace, I underlined the principal value:

     

    8:35:26,010 DEBUG [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@cfed14
    08:35:26,010 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) Begin isValid, principal:f048cdad-baf6-4aef-8591-186a7414350f
    08:35:26,010 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) defaultLogin, principal=f048cdad-baf6-4aef-8591-186a7414350f
    08:35:26,010 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (EJB default - 1) Begin getAppConfigurationEntry(AppuLogin), size=3
    08:35:26,026 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (EJB default - 1) End getAppConfigurationEntry(AppuLogin), authInfo=AppConfigurationEntry[]:
    [0]
    LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
    ControlFlag: LoginModuleControlFlag: sufficient
    Options:
    name=hashAlgorithm, value=SHA-256
    name=principalsQuery, value=select password from sessionuser where name=?
    name=hashEncoding, value=base64
    name=dsJndiName, value=java:/jdbc/AppuDS
    name=rolesQuery, value=select role, 'Roles' from sessionrole where name=?

    08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) initialize
    08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Security domain: AppuLogin
    08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Password hashing activated: algorithm = SHA-256, encoding = base64, charset = {default}, callback = null, storeCallback = null
    08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) DatabaseServerLoginModule, dsJndiName=java:/jdbc/AppuDS
    08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) principalsQuery=select password from sessionuser where name=?
    08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) rolesQuery=select role, 'Roles' from sessionrole where name=?
    08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) suspendResume=true
    08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) login
    08:35:26,041 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) suspendAnyTransaction
    08:35:26,041 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Excuting query: select password from sessionuser where name=?, with username: f048cdad-baf6-4aef-8591-186a7414350f
    08:35:26,072 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Query returned no matches from db
    08:35:26,072 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) resumeAnyTransaction
    08:35:26,072 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) abort
    08:35:26,072 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) Login failure: javax.security.auth.login.FailedLoginException: PB00019: Processing Failed:No matching username found in Principals
    at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:186) [picketbox-4.0.6.final.jar:4.0.6.final]
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:248) [picketbox-4.0.6.final.jar:4.0.6.final]

  • 4. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    Darran Lofthouse Master

    The username and password are not encrypted, they are random values as the values from the client connection are not arriving at the server.

     

    What call are you making to the server at the time this is logged?

  • 5. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    Darran Lofthouse Master

    Also where is your client located?  Looking at your log I think the local authentication mechanism could be getting selected which would explain why there is no username or password propagated to the login module.

  • 6. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    apparaonali Newbie

    Thanks for your quick reply.

     

    When my test sesion bean trying to get the principal from the EJBContext, it is throwing the above error. Please find the detais of my test below.

     

    TestBean:

    =======

     

     

     

     

    @Stateless

    @SecurityDomain(value = "AppuLogin")

    public class SessionBean implements

    SessionBeanInterface {

         @Resource private EJBContext context;

              Principal pp =  context.getCallerPrincipal();

         @Override

         public String getPrincipal() {

              System.out.println(pp.toString());

     

     

              return (String) (context.getCallerPrincipal().getName());

         }

     

     

     

     

     

    }

     

    Standalone Remote Client code:

    =========================

    public class RemoteEJBClient {
       
        private static final String USER_LOGIN_NAME = "admin";
        private static final String USER_PASSWORD = "admin";
       
        static {
            Security.addProvider(new JBossSaslProvider());
        }

       
        public static final String AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
       
        public static final String AUTH_CONF = "/auth.conf";

        public static void main(String[] args) throws Exception {
           
            if (System.getProperties().getProperty(RemoteEJBClient.AUTH_LOGIN_CONFIG) == null) {
                URL url = RemoteEJBClient.class.getClass().getResource(RemoteEJBClient.AUTH_CONF);
                if (url != null) {
                    System.getProperties().setProperty(RemoteEJBClient.AUTH_LOGIN_CONFIG, url.toString());
                }
            }
           

            AppCallbackHandler callbackHandler = new AppCallbackHandler(USER_LOGIN_NAME, USER_PASSWORD.toCharArray());
            LoginContext loginContext = new LoginContext("logincontextname", callbackHandler);
            loginContext.login();

           
            final Hashtable jndiProperties = new Hashtable();
            jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
            final Context context = new InitialContext(jndiProperties);


            invokeStatelessBean(context);
        }

        private static void invokeStatelessBean(Context context) throws NamingException, LoginException {

            final SessionBeanInterface statelessSessionBeanInterface = lookupRemoteStatelessCalculator(context);
            System.out.println("Obtained a remote stateless SessionBeanInterface for invocation");
            try {
                final String principal = statelessSessionBeanInterface.getPrincipal();
                System.out.println("EJB principal " + statelessSessionBeanInterface.getPrincipal());
            } catch (RuntimeException e) {
                e.printStackTrace();
            }
        }


        private static SessionBeanInterface lookupRemoteStatelessCalculator(Context context) throws NamingException, LoginException {

           

            final String appName = "TestEAR";
            final String moduleName = "TestEJB";
            final String distinctName = "";
            final String beanName = "SessionBean";
            final String viewClassName = SessionBeanInterface.class.getName();
            System.out.println("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);

            return (SessionBeanInterface) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName
                    + "!" + viewClassName);
        }

    }

     

    Client ejb properties:

    ===============

     

     

     

     

     

     

     

    remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

     

    remote.connections=default

     

    remote.connection.default.host=

    localhost

     

    remote.connection.default.port = 4447

    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

     

    remote.connection.two.host=

    localhost

     

    remote.connection.two.port = 4447

    remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

     

    aut.conf:

    ======

    logincontextname

    {

    org.jboss.security.ClientLoginModule required

    ;

    };

  • 7. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    Darran Lofthouse Master

    Can you try the following client properties: -

     

    remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

    remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

     

    I believe from the message you show that the client and server are running local to each other so the authentication is ocurring silently and locally, these properties first allow for the username and password to be sent to the server and secondly will allow the password to be passed plain text to the server which is required to pass it to JAAS.

  • 8. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    apparaonali Newbie

    I added these properties, still I am geting these exceptions.

     

    Client side I obsrsed the below warning related to new property

     

    WARN: Invalid option 'org.xnio.Options..SASL_DISALLOWED_MECHANISMS' in property 'remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS':

    java.lang.IllegalArgumentException : Class 'org.xnio.Options.' not found

     

    Thanks for your quck replies.

     

    Here is file ejb client properties I used to run the test:

    =======================================

    remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=

    remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

    remote.connections=default

    remote.connection.default.host=localhost

    remote.connection.default.port = 4447

    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

    remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

    remote.connection.two.host=localhost

    remote.connection.two.port = 4447

    remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

    remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

  • 9. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    jw Newbie

    Remove the .. in the property:

     

    remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS

     

    should be

     

    remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS

     

    But I still have the same problem you have

  • 10. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    jaikiran pai Master

    Darran Lofthouse wrote:

     

    Can you try the following client properties: -

     

    remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

    remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

     

    There are a couple of typos in there. What Darran meant was:

     

    remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

     

    (Notice the connection name is "default" and not "two").

  • 11. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    jw Newbie

     

    auth.conf:


     

     

     

    logincontextname

    {

     

     

    org.jboss.security.ClientLoginModule required

    ;

    };

     

     

     

     

     

    Is this supported again? I thought this JAAS module is not compatible anymore (as of 7.1.0.Cr1)

  • 12. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    Darran Lofthouse Master

    jw - that is a new question so I would suggest starting a new thread - but no that module is not currently supported.

  • 13. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    Darran Lofthouse Master

    jw - can you also please describe your environment?

  • 14. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
    jw Newbie

    Darran Lofthouse schrieb:

     

    jw - that is a new question so I would suggest starting a new thread - but no that module is not currently supported.

    your're right. Just saw this in apparaonali's example. Thouht it could be a hint.

1 2 3 Previous Next