13 Replies Latest reply: Jun 7, 2012 1:47 AM by Anssi Hagman RSS

JBoss 7.2.0 nightly build custom login module

Daniel Jipa Newbie

I've downloaded the latest the 7.2.0 Alpha1 version and deployed my application that is running fine in 7.1.1 version and also in a snapshot of 7.1.2.

Unfortunatelly it seems that something is not working with my login module in 7.2.0 Alpfha1  because the authentication is rejected for remoting

What should I change in the 7.1.2 configuration to be able to deploy to 7.2.0 successfuly ?

 

Thank you

  • 1. Re: JBoss 7.2.0 nightly build custom login module
    Tomaz Cerar Master

    noting...

     

    current 7.2.0.alpha1 nightly builds don't have any changes over 7.1.2 in codebase yet, it is essentially the same as 7.1.2 tag with renamed version...

     

    i would look for problem somewhere else.

     

    --

    tomaz

  • 2. Re: JBoss 7.2.0 nightly build custom login module
    Daniel Jipa Newbie

    Maybe something did change between 7.1.2 builds because I have a working version of 7.1.2 snapshot, but for the 7.2.0 version I get this exception

    18:08:10,657 TRACE [org.jboss.remoting.remote.server] (Remoting "vs420" read-1) Server received authentication request

    18:08:10,657 TRACE [org.xnio.nio.selector] (Remoting "vs420" read-1) Beginning select on sun.nio.ch.EPollSelectorImpl@530ce397

    18:08:10,657 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) Begin isValid, principal:SUPPORT, cache entry: org.jboss.securi

    ty.authentication.JBossCachedAuthenticationManager$DomainInfo@5b7e62ad

    18:08:10,658 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) Begin validateCache, info=org.jboss.security.authentication.JBo

    ssCachedAuthenticationManager$DomainInfo@5b7e62ad;credential.class=java.lang.String@686231088

    18:08:10,658 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) End validateCache, isValid=true

    18:08:10,658 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) End isValid, true

    18:08:10,658 TRACE [org.jboss.remoting.remote.server] (Remoting "vs420" task-3) Server sending authentication rejected (javax.security.sasl.SaslException: Callback handler invoc

    ation failed [Caused by javax.security.auth.callback.UnsupportedCallbackException])

     

  • 3. Re: JBoss 7.2.0 nightly build custom login module
    jaikiran pai Master

    What kind of authentication is going on here? I mean what is the usecase where this is failing?

  • 4. Re: JBoss 7.2.0 nightly build custom login module
    jaikiran pai Master

    Looking at the commits here https://github.com/jbossas/jboss-as/commits/master I don't see anything related to security that's changed after May 9 (the day 7.1.2 tag was created).

  • 5. Re: JBoss 7.2.0 nightly build custom login module
    Daniel Jipa Newbie

    Here is a simple example of an app that worked on a 7.1.2 ( I think from April) and on 7.2.0 it gives me the

     

     

    ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
    Exception in thread "main" javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
    
    

     

     

    The login module looks like this:

     

     

    package com.asf.jboss7.security;
    
    
    import java.security.acl.Group;
    
    
    import javax.security.auth.login.LoginException;
    
    
    import org.jboss.security.SimpleGroup;
    import org.jboss.security.SimplePrincipal;
    import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
    
    
    public class TestLoginModule extends UsernamePasswordLoginModule {
    
    
              // initial state
              @Override
              protected String getUsersPassword() throws LoginException {
                        return "1";
              }
    
    
              /*
               * (non-Javadoc)
               * 
               * @see
               * org.jboss.security.auth.spi.UsernamePasswordLoginModule#validatePassword
               * (java.lang.String, java.lang.String)
               */
              @Override
              protected boolean validatePassword(String inputPassword,
                                  String expectedPassword) {
                        System.out.println("--> username: " + super.getUsername());
                        new Throwable("trace login module calls").printStackTrace();
    
    
                        return super.validatePassword(inputPassword, expectedPassword);
              }
    
    
              @Override
              protected Group[] getRoleSets() {
                        Group[] groups = { new SimpleGroup("Roles"), new SimpleGroup("*") };
                        SimplePrincipal role = new SimplePrincipal("ASF_Users");
                        groups[0].addMember(role);
                        return groups;
              }
    
    
    }
    
    

     

     

    The client is this:

     

     

    package com.asf.jndi.jboss7;
    
    
    import java.rmi.RemoteException;
    import java.util.Hashtable;
    
    
    import javax.naming.Context;
    import javax.naming.InitialContext;
    import javax.naming.NamingException;
    
    
    import com.asf.jboss7.RemoteCalculator;
    import com.asf.kollecto.common.exception.AppException;
    
    
    public class JndiTest {
              public static void main(String[] args) throws NamingException,
                                  AppException, RemoteException {
                        final Hashtable<String, Object> jndiProperties = new Hashtable<String, Object>();
    
    
                        jndiProperties.put(Context.URL_PKG_PREFIXES,
                                            "org.jboss.ejb.client.naming");
                        jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY,
                                            "org.jboss.naming.remote.client.InitialContextFactory");
                        jndiProperties.put(Context.PROVIDER_URL,
                                            "remote://vs420.intranet.asf.ro:4447");
                        jndiProperties.put(Context.SECURITY_PRINCIPAL, "support");
                        jndiProperties.put(Context.SECURITY_CREDENTIALS, "1");
                        jndiProperties.put("jboss.naming.client.ejb.context", true);
                        jndiProperties
                                            .put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",
                                                                "false");
    
    
                        final Context context = new InitialContext(jndiProperties);
                        final String appName = "myear";
                        final String moduleName = "myejb3";
                        final String distinctName = "";
                        final String beanName = "CalculatorBean";
                        final String viewClassName = RemoteCalculator.class.getName();
                        String lookup = "ejb:" + appName + "/" + moduleName + "/"
                                            + distinctName + "/" + beanName + "!" + viewClassName;
                        System.out.println("lookup name: " + lookup);
                        RemoteCalculator facade = (RemoteCalculator) context.lookup(lookup);
                        System.out.println(facade);
                        for (int i = 0; i < 3; i++) {
                                  System.out.println("test: " + facade.add(i, 8));
                        }
    
    
              }
    }
    
    
  • 6. Re: JBoss 7.2.0 nightly build custom login module
    Darran Lofthouse Master

    18:08:10,658 TRACE [org.jboss.remoting.remote.server] (Remoting "vs420" task-3) Server sending authentication rejected (javax.security.sasl.SaslException: Callback handler invoc

    ation failed [Caused by javax.security.auth.callback.UnsupportedCallbackException])

     

    This message looks like a candidate for the problem, just investigating now.

  • 7. Re: JBoss 7.2.0 nightly build custom login module
    Darran Lofthouse Master

    Daniel, one quick question while I am investigating - when you implement your login module are you able to access the users plain text password from wherever it is stored?  If so a realm plug-in may be better so you can leave the Remoting authentication to be Digest based without the need to force it down to Plain as is required to integrate with JAAS.

  • 8. Re: JBoss 7.2.0 nightly build custom login module
    Daniel Jipa Newbie

    The authentications reads from different sources for users passwords, some are them are stored in AD, others in non-reversible encoding in DB so I will need to send them in plain.

     

    Daniel

  • 9. Re: JBoss 7.2.0 nightly build custom login module
    Darran Lofthouse Master

    Ok so moving from the Realm to JAAS integration would probably not bring you a benefit.

     

    As you are running a self built AS can you try cherry picking the following commit into your branch and repeating your test https://github.com/darranl/jboss-as/commit/7671e50b652c1d521c9746ee639d17a666e5f004

  • 10. Re: JBoss 7.2.0 nightly build custom login module
    Daniel Jipa Newbie

    I am not working on a self-build AS. I've downloaded the application server from Jenkins's latest stable build:

     

    https://ci.jboss.org/jenkins/job/JBoss-AS-7.x-latest/ (May 14 version)

  • 11. Re: JBoss 7.2.0 nightly build custom login module
    Darran Lofthouse Master

    Ok in that case keep an eye on these pull requests: -

     

    https://github.com/jbossas/jboss-as/pull/2320

    https://github.com/jbossas/jboss-as/pull/2321

     

    Once these are merged the next stable build after will contain the fix.

  • 12. Re: JBoss 7.2.0 nightly build custom login module
    Daniel Jipa Newbie

    Ok, thanks a lot

  • 13. Re: JBoss 7.2.0 nightly build custom login module
    Anssi Hagman Newbie

    Daniel, did this solve you're problem? I have a same kind of problems with authentication even with latest 7.2.0 version.