1 2 Previous Next 26 Replies Latest reply on Apr 17, 2013 9:56 AM by cduicu Branched to a new discussion.

    Custom Login Module with remote EJB

    francois.swiegers

      Hi there,

       

      I am in the process of migrating a JBoss 4 application to JBoss 7, and am having difficulty with security over remote RMI EJB's. Specifically, I'm trying to add a custom login module to Jaikiran's post on EJB remoting (https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI).

       

      After adding the custom security module (described in more detail later in this post), I get the following exception on my client:

       

      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)

                at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

       

      Upon debugging org.jboss.remoting3.remote.ClientConnectionOpenListener, it seems that the problem is that the only mechanism passed to the connection is PLAIN, but the connection listener only has client factories for the following mechanisms registered:

       

      DIGEST-MD5=[org.jboss.sasl.digest.DigestMD5ClientFactory@1f4bcf7, com.sun.security.sasl.digest.FactoryImpl@8997d1],

      ANONYMOUS=[org.jboss.sasl.anonymous.AnonymousClientFactory@a4488],

      EXTERNAL=[com.sun.security.sasl.ClientFactoryImpl@18a6e6e], CRAM-MD5=[com.sun.security.sasl.ClientFactoryImpl@18a6e6e],

      GSSAPI=[com.sun.security.sasl.gsskerb.FactoryImpl@e99ce5]}

       

      Because it can't find a factory for the PLAIN mechanism, no SASL client is loaded, and the exception is thrown.

       

      This seems to happen entirely on the client, even before the authentication is attempted on the server. Is there a way that I can add a factory for the PLAIN mechanism in my client connection? I recall that the PLAIN mechanism is required for JBOSS to pass the authentication on to the Jaas service - or is there a better way to do remote authentication?

       

      Many thanks in advance for any help in this regard.

       

      (From here I am just describing the process by which I added the custom security module, in case it could be the source of the problem)

      standalone.xml

       

      First thing I did was to change the application realm to use my Jaas authenticator:

       

      <security-realm name="ApplicationRealm">

           <authentication>

                <jaas name="alchemy"/>

            </authentication>

      </security-realm>

      ...

      <security-domains>

           <security-domain name="alchemy" cache-type="default">

                <authentication>

                     <login-module code="org.zboss.login.module.TestLoginModule" flag="required"/>

                </authentication>

           </security-domain>

      </security-domains>

      ...

      <subsystem xmlns="urn:jboss:domain:remoting:1.1">

           <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>

      </subsystem>

       

      Custom Login Module

       

      Then I added my custom login module as a module to JBoss by putting it in

       

      jboss\modules\org\zboss\login\module\main

           -> zboss-login-module.jar

           -> module.xml

       

      <?xml version="1.0" encoding="UTF-8"?>

       

      module.xml contains:

       

      <module xmlns="urn:jboss:module:1.0" name="org.zboss.login.module">

        <resources>

          <resource-root path="zboss-login-module.jar"/>

              <!-- Insert resources here -->

        </resources>

        <dependencies>

           <module name="javax.api"/>

           <module name="org.picketbox"/>

        </dependencies>

      </module>

       

      jboss-ejb-client.properties

       

      endpoint.name=client-endpoint

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

      remote.connections=default

      remote.connection.default.host=localhost

      remote.connection.default.port=6447

      remote.connection.default.username=swiegersf

      remote.connection.default.password=abc

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

      remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

       

      Client code

       

      final Hashtable<String, Object> jndiProperties = new Hashtable<String, Object>();

      jndiProperties.put(Context.URL_PKG_PREFIXES,                                                  "org.jboss.ejb.client.naming");

      jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY,                                                  InitialContextFactory.class.getName());

      jndiProperties.put(Context.PROVIDER_URL, "remote://localhost:6447/");

      jndiProperties.put(InitialContext.SECURITY_PRINCIPAL, "swiegersf");

      jndiProperties.put(InitialContext.SECURITY_CREDENTIALS, "abc");

      jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS",                                                                      false);

      jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",                                                                      false);

      jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS",                                                                      "JBOSS-LOCAL-USER");

       

      Context context = new InitialContext(jndiProperties);

      Calculator calculator = (Calculator) context.lookup(name);

       

      int result = calculator.add(3, 8); // error!

       


       

       

       


        • 1. Re: Custom Login Module with remote EJB
          dlofthouse

          What is the exact AS version you are using?  Also how are you specifying the client class path?

           

          For the JNDI properties can you try passing the false values as Strings?  We did used to have a problem in that area so it may have remained.

          • 2. Re: Custom Login Module with remote EJB
            francois.swiegers

            Thanks for the quick response, Darran.

             

            I am using 7.1.1-Final.

            I am specifying the client classpath using the following maven configuration:

             

            <dependencies>

                                <dependency>

                                          <groupId>org.jboss.as</groupId>

                                          <artifactId>jboss-as-ejb-client-bom</artifactId>

                                          <version>7.1.1.Final</version>

                                          <type>pom</type>

                                </dependency>

                                <dependency>

                                          <groupId>org.jboss.as</groupId>

                                          <artifactId>jboss-as-jms-client-bom</artifactId>

                                          <version>7.1.1.Final</version>

                                          <type>pom</type>

                                </dependency>

            </dependencies>

             

            I have also tried using the jboss-client.jar from the AS, with no success. Also, using an older version (7.1.0.Final) had the exact same problem.

             

            Changing the values in the jndi map to be string values also does not seem to make any difference.

            • 3. Re: Custom Login Module with remote EJB
              francois.swiegers

              OK, FWIW, I do manage to get the remote invocation to work if I use the built in RealmUsersRoles login module:

               

              <security-domain name="alchemy" cache-type="default">

                   <authentication>

                        <login-module code="Remoting" flag="optional">

                             <module-option name="password-stacking" value="useFirstPass"/>

                        </login-module>

                        <login-module code="RealmUsersRoles" flag="required">

                             <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                             <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                             <module-option name="realm" value="ApplicationRealm"/>

                             <module-option name="password-stacking" value="useFirstPass"/>

                        </login-module>

                   </authentication>

              </security-domain>

               

              BUT, once I change the security domain back to my custom login module

               

              <security-domain name="alchemy" cache-type="default">

                   <authentication>

                        <login-module code="org.zboss.login.module.TestLoginModule" flag="required" module="org.zboss.login.module"/>

                   </authentication>

              </security-domain>


               

              the problem reappears.

               

              So it must have something to do with the fact that I'm using a custom login module.

               

              I have tried both approaches for implementing a custom login module described in:

               

              https://community.jboss.org/wiki/JBossAS7SecurityDomainModel

              https://community.jboss.org/wiki/JBossAS7SecurityCustomLoginModules

               

              neither of which proved to be successful.

               

              I have my JBOSS server logging level set to TRACE, but the invocation from the remote client does not cause any activity on the server side, so if there is an error happening at the time of the authentication, then it does not seem to be logged in any way.

               

              The code for my custom login module is as follows (it will allow any username/password to succeed):

               

              /*

              * $Header$

              */

              package org.zboss.login.module;

               

               

              import java.security.acl.Group;

              import java.util.Map;

               

               

              import javax.security.auth.Subject;

              import javax.security.auth.callback.CallbackHandler;

              import javax.security.auth.login.LoginException;

               

               

              import org.jboss.security.SimpleGroup;

              import org.jboss.security.auth.spi.UsernamePasswordLoginModule;

              import org.slf4j.Logger;

              import org.slf4j.LoggerFactory;

               

               

              /**

              * A Jboss login module that does not actually authenticate. Useful for

              * integration testing. Just don't configure JBOSS to use this one in production

              * by accident.

              */

              public class TestLoginModule extends UsernamePasswordLoginModule {

               

               

                        public TestLoginModule() {

                                  super();

                                  System.out.println("Created test login module");

                        }

               

               

                        /**

                         * Initialize this LoginModule.

                         */

                        @Override

                        public void initialize(Subject subject, CallbackHandler callbackHandler,

                                            Map sharedState, Map options) {

                                  super.initialize(subject, callbackHandler, sharedState, options);

               

                                  System.out.println("Initialized " + subject);

               

                        }

               

               

                        /**

                         * Get the expected password for the current username available via the

                         * getUsername() method. This is called from within the login() method after

                         * the CallbackHandler has returned the username and candidate password.

                         *

                         * @return the valid password String

                         */

                        @Override

                        protected String getUsersPassword() throws LoginException {

                                  return "";

                        }

               

               

                        /**

                         * Execute the rolesQuery against the dsJndiName to obtain the roles for the

                         * authenticated user.

                         *

                         * @return Group[] containing the sets of roles

                         */

                        @Override

                        protected Group[] getRoleSets() throws LoginException {

               

                                  System.out.println("Get rolesets for " + super.getUsername());

               

                                  Group secureUser = new SimpleGroup("Roles");

                                  try {

                                            secureUser.addMember(this.createIdentity("SecureUser"));

                                  } catch (Exception e) {

                                            log.error("Failed to create principal: SecureUser", e);

                                  }

                                  Group[] roleSets = new Group[] { secureUser };

               

                                  AlchemyLoginModule m = this;

               

                                  return roleSets;

                        }

               

               

                        /*

                         * (non-Javadoc)

                         * @see

                         * org.jboss.security.auth.spi.UsernamePasswordLoginModule#validatePassword

                         * (java.lang.String, java.lang.String)

                         */

                        @Override

                        protected boolean validatePassword(String inputPassword,

                                            String expectedPassword) {

                                  System.out.println("input pwd: " + inputPassword);

                                  System.out.println("expected pwd: " + expectedPassword);

                                  return true;

                        }

              }

              • 4. Re: Custom Login Module with remote EJB
                john_k

                hi francois, i think i discovered the same problem... (my post: https://community.jboss.org/thread/200013)

                if i use the custom login module it dosent work if i use the RealmUserRoles it gets at least invocated...

                could be maybe related to this but iam not entirely sure!

                Possible classloading problem: can be solved if custom login module inside a jar is added to modules\org\jboss\as\remoting\main

                https://community.jboss.org/thread/195501?start=15&tstart=0

                 

                maybe you have to add to your module   <login-module code="org.zboss.login.module.TestLoginModule" flag="required" module="org.zboss.login.module"/>

                • 5. Re: Custom Login Module with remote EJB
                  francois.swiegers

                  Hi john_k,

                   

                  Thanks for the interest. I have tried adding the module atttribute to my custom <login-module..> tag, but no luck.

                   

                  I also tried the approach described by Jason Greene in https://community.jboss.org/message/723077?tstart=0, which is to make the login module a separately deployable jar, but I still get the exact same problem.

                   

                  Obviously it is important for a security module to "not give the game away", so I can understand the lack of good error messages on the client side. What is a bit baffling is the lack of good server-side logs - even with my JBOSS logging on TRACE, there is simply no logs being generated when the client calls the server.

                  • 6. Re: Custom Login Module with remote EJB
                    john_k

                    hi francois, indeed the logs are somehow problematic :/

                    • 7. Re: Custom Login Module with remote EJB
                      npabst

                      Hi Francois,

                      Did you add this in your logging section ?

                       

                      - <logger category="org.jboss.remoting">
                      <level name="TRACE" />

                      </logger>

                       

                      - <logger category="org.jboss.security">
                      <level name="TRACE" />

                      </logger>

                       

                      If not can you add it and show what logs you get ?

                       

                      • 8. Re: Custom Login Module with remote EJB
                        john_k

                        hi npabst, thanks (even though your message wasnt for me) for your reply i didnt add the org.jboss.remoting so far

                        it gives me at least some more info.

                        ill post it anyway

                         

                        Begin getAppConfigurationEntry(myAppJaas), size=1

                        End getAppConfigurationEntry(myAppJaas), authInfo=AppConfigurationEntry[]:

                        [0]

                        LoginModule Class: my.CustomModule

                        ControlFlag: Anmeldemodul-Steuerflag: required

                        Options:

                        name=debug, value=true

                         

                        Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

                        Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)

                        Flushed channel (direct)

                        Server received capabilities request

                        Server received capability: version 1

                        Server received capability: remote endpoint name "config-based-naming-client-endpoint"

                        Sent message java.nio.HeapByteBuffer[pos=46 lim=46 cap=8192] (direct)

                        Flushed channel (direct)

                        Received connection end-of-stream

                        • 9. Re: Custom Login Module with remote EJB
                          francois.swiegers

                          Hi npabst

                           

                          Thanks for helping out.

                           

                          On the client side, I use the following log4j configuration:

                           

                          log4j.rootLogger=TRACE, Console

                          log4j.appender.Console=org.apache.log4j.ConsoleAppender

                          log4j.appender.Console.layout=org.apache.log4j.PatternLayout

                          log4j.appender.Console.layout.ConversionPattern=%d %-5p [%t] %-17c{2} (%13F:%L) %3x - %m%n

                           

                           

                          I attach the full log. The part around the error is:

                           

                           

                          2012-05-23 15:17:49,675 ERROR [Remoting "client-endpoint" read-1] remote.connection (RemoteConnection.java:99)     - JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.safe-close   ( IoUtils.java:136)     - Closing resource org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <3afb99>

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] channels.framed   (FramedMessageChannel.java:303)     - Fully flushed org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <3afb99>

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] tcp.channel       (NioTcpChannel.java:141)     - Closing TCP socket channel (NIO) <3afb99>

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" write-1] nio.selector      (WorkerThread.java:163)     - Selected on sun.nio.ch.WindowsSelectorImpl@1568fb5

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" write-1] nio.selector      (WorkerThread.java:156)     - Beginning select on sun.nio.ch.WindowsSelectorImpl@1568fb5 (with timeout)

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.nio          (            ?:?)     - Cancelling key sun.nio.ch.SelectionKeyImpl@190ef12 of java.nio.channels.SocketChannel[closed] (same thread)

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.nio          (            ?:?)     - Cancelling key sun.nio.ch.SelectionKeyImpl@1c286e2 of java.nio.channels.SocketChannel[closed] (other thread)

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" write-1] nio.selector      (WorkerThread.java:163)     - Selected on sun.nio.ch.WindowsSelectorImpl@1568fb5

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.listener     (ChannelListeners.java:71)     - Invoking listener Close listener for org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <3afb99> on channel TCP socket channel (NIO) <3afb99>

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" write-1] nio.selector      (WorkerThread.java:156)     - Beginning select on sun.nio.ch.WindowsSelectorImpl@1568fb5 (with timeout)

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.safe-close   ( IoUtils.java:136)     - Closing resource org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <3afb99>

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.safe-close   ( IoUtils.java:136)     - Closing resource TCP socket channel (NIO) <3afb99>

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] remoting.endpoint (IoFuture.java:219)     - Registered exception result

                          javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                                    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315)

                                    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

                                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                                    at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

                                    at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

                                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                                    at org.xnio.nio.NioHandle.run(NioHandle.java:90)

                                    at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] remoting.endpoint (EndpointImpl.java:281)     - Resource closed count 00000001 of endpoint "client-endpoint" <18e261d> (closed a failed connection (2))

                          2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] nio.selector      (WorkerThread.java:152)     - Beginning select on sun.nio.ch.WindowsSelectorImpl@1c7980c

                          2012-05-23 15:17:49,675 WARN  [main] remoting.ConfigBasedEJBClientContextSelector (ConfigBasedEJBClientContextSelector.java:133)     - Could not register a EJB receiver for connection to remote://localhost:6447

                          java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                                    at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

                                    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:121)

                                    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:78)

                                    at org.jboss.ejb.client.EJBClientContext.<clinit>(EJBClientContext.java:77)

                                    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:120)

                                    at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104)

                                    at $Proxy0.add(Unknown Source)

                                    at org.zboss.client.CalculatorClient.main(CalculatorClient.java:84)

                          Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                                    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315)

                                    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

                                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                                    at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

                                    at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

                                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                                    at org.xnio.nio.NioHandle.run(NioHandle.java:90)

                                    at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)

                                    at ...asynchronous invocation...(Unknown Source)

                                    at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

                                    at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)

                                    at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)

                                    at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)

                                    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)

                                    ... 6 more


                           


                           

                          another interesting part in the log is (I highlight in bold the interesting part):

                           

                          sun.nio.ch.WindowsSelectorImpl@1c7980c

                          2012-05-23 15:17:49,797 TRACE [Remoting "client-endpoint" read-1] nio.selector      (WorkerThread.java:179)     - Selected key sun.nio.ch.SelectionKeyImpl@bdc9b3 for java.nio.channels.SocketChannel[connected local=/127.0.0.1:1697 remote=localhost/127.0.0.1:6447]

                          2012-05-23 15:17:49,797 TRACE [Remoting "client-endpoint" read-1] xnio.listener     (ChannelListeners.java:71)     - Invoking listener Read listener for org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <1e91a4d> on channel TCP socket channel (NIO) <1e91a4d>

                          2012-05-23 15:17:49,797 TRACE [Remoting "client-endpoint" read-1] xnio.listener     (ChannelListeners.java:71)     - Invoking listener org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@cc7439 on channel org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <1e91a4d>

                          2012-05-23 15:17:49,797 TRACE [Remoting "client-endpoint" read-1] channels.framed   (FramedMessageChannel.java:118)     - Copying message from java.nio.HeapByteBuffer[pos=4 lim=5 cap=8196] into java.nio.HeapByteBuffer[pos=0 lim=8192 cap=8192]

                          2012-05-23 15:17:50,303 DEBUG [Remoting "client-endpoint" read-1] remote.client     (ClientConnectionOpenListener.java:644)     - Client received authentication rejected for mechanism PLAIN

                          2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] remote.client     (ClientConnectionOpenListener.java:105)     - Client sending capabilities request

                          2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] remoting.remote   (ClientConnectionOpenListener.java:118)     - Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@5e8d7d

                          2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] xnio.listener     (RemoteConnection.java:78)     - Setting channel listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@5e8d7d

                          2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] channels.framed   (FramedMessageChannel.java:230)     - Accepting java.nio.HeapByteBuffer[pos=0 lim=21 cap=8192] into java.nio.HeapByteBuffer[pos=0 lim=8196 cap=8196]

                          2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] channels.framed   (FramedMessageChannel.java:237)     - Accepted a message into java.nio.HeapByteBuffer[pos=25 lim=8196 cap=8196]


                          • 10. Re: Custom Login Module with remote EJB
                            npabst

                            John_k

                             

                            Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

                             

                            I have the same Exception.

                            I don't know why the password is not verified.

                             

                             

                             

                            Francois,

                            just to be sure, my previous message was for the server logs in standalone.xml.

                            • 11. Re: Custom Login Module with remote EJB
                              john_k

                              hi npabst,

                              i have no clue either

                              thanks for your time

                              • 12. Re: Custom Login Module with remote EJB
                                francois.swiegers

                                Ah, of course. On the server, I get:

                                 

                                15:56:00,348 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Excluding mechanism GSSAPI because it is not in the allowed list

                                15:56:00,348 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" read-1) Sent message java.nio.HeapByteBuffer[pos=20 lim=20 cap=8192] (direct)

                                15:56:00,348 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" read-1) Flushed channel (direct)

                                15:56:00,348 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Server received authentication request

                                15:56:00,348 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "sbl9805" task-2) Begin getAppConfigurationEntry(alchemy), size=2

                                15:56:00,348 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "sbl9805" task-2) End getAppConfigurationEntry(alchemy), authInfo=AppConfigurationEntry[]:

                                [0]

                                LoginModule Class: org.zboss.login.module.AlchemyLoginModule

                                ControlFlag: LoginModuleControlFlag: required

                                Options:

                                name=password-stacking, value=useFirstPass

                                 

                                 

                                15:56:00,441 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" task-2) Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

                                15:56:00,441 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" task-2) Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)

                                15:56:00,441 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" task-2) Flushed channel (direct)

                                15:56:00,441 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Server received capabilities request

                                15:56:00,441 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Server received capability: version 1

                                15:56:00,441 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Server received capability: remote endpoint name "client-endpoint"

                                15:56:00,441 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" read-1) Sent message java.nio.HeapByteBuffer[pos=20 lim=20 cap=8192] (direct)

                                15:56:00,441 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" read-1) Flushed channel (direct)

                                15:56:00,457 TRACE [org.jboss.remoting.remote] (Remoting "sbl9805" read-1) Received connection end-of-stream

                                • 13. Re: Custom Login Module with remote EJB
                                  john_k

                                  hi,

                                  at least we all getting the same error

                                  • 14. Re: Custom Login Module with remote EJB
                                    francois.swiegers

                                    Yes, how bizarre

                                    1 2 Previous Next