13 Replies Latest reply: Apr 10, 2012 11:26 AM by rathm1 Branched to a new discussion. RSS

Remote EJB Client Security (Jboss7.1)

rathm1 Newbie

Hello there,

 

I am having an issue that when I specify a username/password programatically using the InitialContext the authentication is not working but when I hardcode the username/password into the jboss-ejb-client.properties the authentication is successful.

I am using a custom security domain connecting to an ldap but that seems to be configured correctly since I can successfully authenticate to it with having the username/password in jboss-ejb-client.properties.

 

The working configuration is:

jboss-ejb-client.properties

 

remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

remote.connections=default

remote.connection.default.host=localhost

remote.connection.default.port=4447

remote.connection.default.username=myUsername

remote.connection.default.password=myPassword

remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

 

local.jboss.jndi.properties

 

java.naming.factory.url.pkgs=org.jboss.ejb.client.naming

 

Client Application Code:

 

jndiProperties.put("jboss.naming.client.ejb.context", true);    

jndiProperties.put(Context.SECURITY_PRINCIPAL, username);

jndiProperties.put(Context.SECURITY_CREDENTIALS, password);

jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", false);

 

Context context = new InitialContext(jndiProperties);

   

String lookUp = "ejb:" + appName + "/" + moduleName + "/" + beanName + "!" + interfaceClassName;

 

TestEJB facade = (TestEJB)context.lookup(lookUp);

 

boolean connectionSuccessful = facade.canConnect();

 

It does not matter what I set in the jndiProperties for the username and password, it will always use the username and password that were set in the jboss-ejb-client.properties.

If I remove the username and password from jboss-ejb-client.properties and leave everything else the same, the lookup is successful but when the service is called an exception thrown on the client side is:

java.lang.IllegalStateException: No EJB receiver available for handling [appName:MyAppEar, moduleName:MyAppJar,distinctname:] combination.

 

I have looked through many other discussion items and it seems that everyone that has gotten security working, has the username and password in the jboss-ejb-client.properties.

 

If anyone has any suggestions that would be great.

Thanks.

  • 1. Re: Remote EJB Client Security (Jboss7.1)
    jaikiran pai Master

    If you are using the ejb: namespace approach then you don't need the jndi.properties file nor the jboss.naming specific properties in your intial context. All you need is this https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI and the jboss-ejb-client.properties.

  • 2. Re: Remote EJB Client Security (Jboss7.1)
    rathm1 Newbie

    Thanks for the quick reply.

     

    I have gotten rid of the jndi.properties files but still have the same error.

    When I specify the username and password in the jboss-ejb-client.properties all is well but I don't want to have it hard coded so I am trying to set the username and password in the InitialContext.

     

    My set up is now:

    jboss-ejb-client.properties

     

    remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

    remote.connections=default

    remote.connection.default.host=localhost

    remote.connection.default.port=4447

    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

    remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

     

    Client Application Code:

     

    final Hashtable jndiProperties = new Hashtable();

     

    jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

    jndiProperties.put(Context.SECURITY_PRINCIPAL, username);

    jndiProperties.put(Context.SECURITY_CREDENTIALS, password);

    Context context = new InitialContext(jndiProperties); 

     

    String lookUp = "ejb:" + appName + "/" + moduleName + "/" + beanName + "!" + interfaceClassName;

     

    TestEJB facade = (TestEJB)context.lookup(lookUp);

    boolean connectionSuccessful = facade.canConnect();

     

    The error again being:

    java.lang.IllegalStateException: No EJB receiver available for handling [appName:MyAppEar, moduleName:MyAppJar,distinctname:] combination.

  • 3. Re: Remote EJB Client Security (Jboss7.1)
    Petr Mates Newbie

    Try set remote.connection.default.callback.handler.class in jboss-ejb-client.properties with your callbackhandler where you can set your username and password

    or

    check this test https://github.com/jbossas/jboss-as/blob/master/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/naming/remote/ejb/RemoteNamingEjbTestCase.java

  • 4. Re: Remote EJB Client Security (Jboss7.1)
    rathm1 Newbie

    Thanks for the help!

    The winning combination was...

     

    jboss-ejb-client.properties

     

    remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

    remote.connections=default

    remote.connection.default.host=localhost

    remote.connection.default.port=4447

    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

    remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

     

    Client Application Code:

     

    final Properties jndiProperties = new Properties();

     

    jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, org.jboss.naming.remote.client.InitialContextFactory.class.getName());

    jndiProperties.put(Context.PROVIDER_URL, "remote://localhost:4447");

    jndiProperties.put("jboss.naming.client.ejb.context", true);

    jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");       

    jndiProperties.put(Context.SECURITY_PRINCIPAL, username);

    jndiProperties.put(Context.SECURITY_CREDENTIALS, password);

    Context context = new InitialContext(jndiProperties); 

     

    String lookUp = appName + "/" + moduleName + "/" + beanName + "!" + interfaceClassName;

     

    TestEJB facade = (TestEJB)context.lookup(lookUp);

    boolean connectionSuccessful = facade.canConnect();

  • 5. Re: Remote EJB Client Security (Jboss7.1)
    Sebastian Bayerlein Newbie

    Hello rathm,

     

    Can you please post the code of your custom login module?

    I'm using a custom UsernamePasswordLoginModule and whenever I call a secured ejb, I get the following exception:

     

    07.03.2012 09:38:52 org.jboss.remoting3.remote.RemoteConnection handleException

    ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechani

    sms failed

    javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslEx

    ception: Authentication failed: all available authentication mechanisms failed]

    ...

     

    Regards,

    Sebastian

  • 6. Re: Remote EJB Client Security (Jboss7.1)
    rathm1 Newbie

    Hi Sebastian,

    We don't have a custom login module.

    We use a custom security domain but that is just the standard ldap configuration with our custom configuration.

    If you look at my previous post, that is all the code that I need to login to the server for authentication and authorization.

    When the initial context is created with the properties including the username and password, the login is authenticated to the ldap.

    The authorization is then done when I call the canConnect() method on the facade.

    Sorry that I can't be more help.

  • 7. Re: Remote EJB Client Security (Jboss7.1)
    Sebastian Bayerlein Newbie

    OK, thanks!

  • 8. Re: Remote EJB Client Security (Jboss7.1)
    rodakr Novice

    Fixing this will be like performance buster for  remote calls...

  • 9. Re: Remote EJB Client Security (Jboss7.1)
    Pooja Varma Newbie

    Hi Rathm,

     

    I'm getting same error as yours

    The error again being:

    java.lang.IllegalStateException: No EJB receiver available for handling [appName:MyAppEar, moduleName:MyAppJar,distinctname:] combination.

     

    Then followed your suggestion, still I see same error.

    Please advise

     

    We are using EJB2.1 and Jboss7.1.0 Final.

     

    Thanks,

    Pooja

  • 10. Re: Remote EJB Client Security (Jboss7.1)
    rathm1 Newbie

    Hi Pooja,

    We are using EJB3.1 and Jboss7.1.0 Final.

    Sorry I can't be more help, but I posted my configuration earlier and that is all I needed to get it working.

  • 11. Re: Remote EJB Client Security (Jboss7.1)
    Pooja Varma Newbie

    Hi Rathm,

     

    Thanks for looking in. I got it working... The problem is in my code. I had context.lookup(""); after loading properties.

     

    Thanks,

    Pooja

  • 12. Re: Remote EJB Client Security (Jboss7.1)
    abhi0123 Newbie

    rathm1 wrote:

     

    Sorry I can't be more help, but I posted my configuration earlier and that is all I needed to get it working.

     

    For those, who came across this post like I did and wished they knew what dependencies to use (trust me, figuring it out is not as easy as you'd think):

     

     

    
    <profile>
          <id>jboss</id>
      <activation>
      <activeByDefault>true</activeByDefault>
      </activation>
      <dependencies>
      <dependency>
          <groupId>org.jboss</groupId>
          <artifactId>jboss-ejb-client</artifactId>
          <version>1.0.5.Final</version>
          <scope>runtime</scope>
      </dependency>
      <dependency>
          <groupId>org.jboss.xnio</groupId>
          <artifactId>xnio-nio</artifactId>
          <version>3.0.0.GA</version>
          <scope>runtime</scope>
      </dependency>
      <dependency>
          <groupId>org.jboss.marshalling</groupId>
          <artifactId>jboss-marshalling-river</artifactId>
          <version>1.3.10.GA</version>
          <scope>runtime</scope>
      </dependency>
      <dependency>
          <groupId>org.jboss.sasl</groupId>
          <artifactId>jboss-sasl</artifactId>
          <version>1.0.0.Final</version>
          <scope>runtime</scope>
      </dependency>
      <dependency>
          <groupId>org.jboss.remoting3</groupId>
          <artifactId>jboss-remoting</artifactId>
          <version>3.2.3.GA</version>
          <scope>runtime</scope>
      </dependency>
      <dependency>
          <groupId>org.jboss.spec</groupId>
          <artifactId>jboss-javaee-6.0</artifactId>
          <version>3.0.0.Final</version>
          <type>pom</type>
           <scope>provided</scope>
      <exclusions>
      <exclusion>
          <groupId>xalan</groupId>
          <artifactId>xalan</artifactId>
      </exclusion>
      </exclusions>
      </dependency>
      <dependency>
          <groupId>xalan</groupId>
          <artifactId>xalan</artifactId>
          <version>2.7.1</version>
          <scope>runtime</scope>
      </dependency>
      <dependency>
          <groupId>org.jboss.as</groupId>
          <artifactId>jboss-as-ejb-client-bom</artifactId>
          <version>7.1.1.Final</version>
          <type>pom</type>
      </dependency>
      </dependencies>
    </profile>
    

     

  • 13. Re: Remote EJB Client Security (Jboss7.1)
    rathm1 Newbie

    Sorry about leaving out that info.

    Here is a snippet from our classpath for our swing application:

     

    SET CLASSPATH=../lib/jboss-client-7.1.0.Final.jar;%CLASSPATH%

    SET CLASSPATH=../lib/jboss-common-core-2.2.17.GA.jar;%CLASSPATH%

    SET CLASSPATH=../lib/jboss-logging-3.1.0.GA.jar;%CLASSPATH%

    SET CLASSPATH=../lib/jboss-remoting-3.2.2.GA.jar;%CLASSPATH%

    SET CLASSPATH=../lib/jta-1.1.jar;%CLASSPATH%

    SET CLASSPATH=../lib/jboss-ejb-api_3.1_spec-1.0.1.Final.jar;%CLASSPATH%

    SET CLASSPATH=../lib/commons-lang-2.4.jar;%CLASSPATH%

    SET CLASSPATH=../lib/log4j-1.2.16.jar;%CLASSPATH%

    SET CLASSPATH=../lib/mail-1.4.4.jar;%CLASSPATH%

    SET CLASSPATH=../lib/hibernate-core-4.0.1.Final.jar;%CLASSPATH%

    SET CLASSPATH=../lib/jboss-metadata-ejb-7.0.0.Final.jar;%CLASSPATH%