-
1. Re: Arquillian test for remote EJB on JBoss 7.1.1 looses caller principal
aslak Aug 14, 2012 6:00 AM (in response to dweil)Could you try using @Deployment @OverProtocol("Servlet 3.0") on your deployment method?
The default Protocol in AS7 is a JMX based on that calls into a Service deployed in AS7, it might be this behaves a bit differently then trough a normal Servlet.
-
2. Re: Arquillian test for remote EJB on JBoss 7.1.1 looses caller principal
dweil Aug 15, 2012 6:41 AM (in response to aslak)Using @OverProtocol("Servlet 3.0") didn't change the user reported by the test - it is still anonymous instead of the correct user.
I investigated a little further by logging org.jboss.sasl on TRACE level: The negotiation of realm and user is exacly the same when calling the test directly or via Arquillian. In both cases the correct user "baselibsTestuser1" seems to be negotiated:
12:21:04,902 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred qop property: null
12:21:04,903 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred qop mask: 1
12:21:04,903 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred QOPs : 1
12:21:04,904 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred strength: null
12:21:04,904 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Cipher strengths: 4 2 1
12:21:04,904 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" read-1) Server supports realm ApplicationRealm
12:21:04,904 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" read-1) Server using pre-digested hashes (TRUE)
12:21:04,910 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive charset = utf-8
12:21:04,911 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive username = baselibsTestuser1
12:21:04,911 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive realm = ApplicationRealm
12:21:04,912 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive nonce = 9011OflhtUnTDX8+PICUVa5EzqQK1+8wE+lgpdfi
12:21:04,912 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive cnonce = 0jroICIiGQtgvbnETpOXDTeAsVURd7qj09QjMAd+
12:21:04,913 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive digest-uri = remote/127.0.0.1
12:21:04,913 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive maxbuf = 65536
12:21:04,914 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive response = 5b821ea1fd6c7dd7524c6c683ea32c13
12:21:04,914 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive qop = auth
12:21:04,914 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) Username: baselibsTestuser1
12:21:04,915 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) Client negotiated realm: ApplicationRealm
12:21:04,915 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) Client negotiated qop: auth
12:21:04,916 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) DIGEST87:digest URI: remote/127.0.0.1
But the principal object returned by ejbContext.getCallerPrincipal() is of different type: When calling the test directly, this method returns an object of type org.jboss.remoting3.security.UserPrincipal, whereas a SimplePrincipal object is returned, when running the test by Arquillian. It seems as if the security principal constructed by the remoting connector is not propagated to the application, when using Arquillian.
But now I have no clue where to dig in deeper ...
Dirk
-
3. Re: Arquillian test for remote EJB on JBoss 7.1.1 looses caller principal
alrubinger Aug 15, 2012 7:01 AM (in response to dweil)Security Context association is per-Thread. I'm guessing that somewhere in the chain, your client call is getting put into a new Thread; recommend configuring Logging to output the Thread name and see what pops up.
S,
ALR
-
4. Re: Arquillian test for remote EJB on JBoss 7.1.1 looses caller principal
alrubinger Aug 15, 2012 7:03 AM (in response to alrubinger)...unless that "Remoting dw-pc task N" stuff is the name of the Threads in play. If so, you can see there are different ones used. When "caling the test directly", what does this output look like?
-
5. Re: Arquillian test for remote EJB on JBoss 7.1.1 looses caller principal
dweil Aug 15, 2012 5:02 PM (in response to alrubinger)Yes, the "Remoting dw-pc task N" stuff is the thread name. So there are different threads in play. But these are exactly the same if running the test with or without Arquillian:
Server side log of test run of de.gedoplan.beantrial.jboss7remoteejb.DirectUserInfoTest (the "direct" one without Arquillian):
12:24:12,235 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred qop property: null
12:24:12,236 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred qop mask: 1
12:24:12,236 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred QOPs : 1
12:24:12,237 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred strength: null
12:24:12,237 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Cipher strengths: 4 2 1
12:24:12,237 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" read-1) Server supports realm ApplicationRealm
12:24:12,238 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" read-1) Server using pre-digested hashes (TRUE)
12:24:12,244 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive charset = utf-8
12:24:12,245 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive username = baselibsTestuser1
12:24:12,245 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive realm = ApplicationRealm
12:24:12,245 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive nonce = YqzHEzbTxMepzvATCzJHf+kfofFw3nxTy3JQXvsl
12:24:12,246 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive cnonce = jHZQmkCGKwEWirionCKBHoSyRQR2J3dLvc4AG43D
12:24:12,246 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive digest-uri = remote/127.0.0.1
12:24:12,247 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive maxbuf = 65536
12:24:12,247 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive response = d4c07c16a40ecea430c311483ddfda4a
12:24:12,247 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive qop = auth
12:24:12,248 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) Username: baselibsTestuser1
12:24:12,248 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) Client negotiated realm: ApplicationRealm
12:24:12,248 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) Client negotiated qop: auth
12:24:12,249 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) DIGEST87:digest URI: remote/127.0.0.1
12:24:12,249 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) A2: AUTHENTICATE:remote/127.0.0.1
12:24:12,249 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) HEX(H(A2)): e2afbfb33926596cc3370aa828da3131
12:24:12,250 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) H(ˆ#Ä I ÷ÃFè äj/) = 8823c4204914f7c346e808fe00e46a2f
12:24:12,250 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) H(A1): e14f7cb9e2b7bf518e95797e0d737af4
12:24:12,250 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) KD: e14f7cb9e2b7bf518e95797e0d737af4:YqzHEzbTxMepzvATCzJHf+kfofFw3nxTy3JQXvsl:00000001:jHZQmkCGKwEWirionCKBHoSyRQR2J3dLvc4AG43D:auth:e2afbfb33926596cc3370aa828da3131
12:24:12,251 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) response-value: d4c07c16a40ecea430c311483ddfda4a
12:24:12,252 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) A2: :remote/127.0.0.1
12:24:12,252 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) HEX(H(A2)): a675d66c8bbe05dc878b9853b46e63ef
12:24:12,252 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) H(ˆ#Ä I ÷ÃFèäj/) = 8823c4204914f7c346e808fe00e46a2f
12:24:12,253 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) H(A1): e14f7cb9e2b7bf518e95797e0d737af4
12:24:12,253 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) KD: e14f7cb9e2b7bf518e95797e0d737af4:YqzHEzbTxMepzvATCzJHf+kfofFw3nxTy3JQXvsl:00000001:jHZQmkCGKwEWirionCKBHoSyRQR2J3dLvc4AG43D:auth:a675d66c8bbe05dc878b9853b46e63ef
12:24:12,253 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) response-value: 1452c65d92dabb2c77adad0793c76d1d
12:24:12,677 DEBUG [de.gedoplan.beantrial.jboss7remoteejb.UserInfoBean] (EJB default - 9) getUserId()
12:24:12,677 DEBUG [de.gedoplan.beantrial.jboss7remoteejb.UserInfoBean] (EJB default - 9) callerPrincipal: org.jboss.remoting3.security.UserPrincipal@895b9a55
Server side log of test run of de.gedoplan.beantrial.jboss7remoteejb.DirectArquillianUserInfoTest (the one with Arquillian):
12:21:04,902 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred qop property: null
12:21:04,903 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred qop mask: 1
12:21:04,903 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred QOPs : 1
12:21:04,904 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Preferred strength: null
12:21:04,904 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" read-1) Cipher strengths: 4 2 1
12:21:04,904 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" read-1) Server supports realm ApplicationRealm
12:21:04,904 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" read-1) Server using pre-digested hashes (TRUE)
12:21:04,910 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive charset = utf-8
12:21:04,911 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive username = baselibsTestuser1
12:21:04,911 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive realm = ApplicationRealm
12:21:04,912 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive nonce = 9011OflhtUnTDX8+PICUVa5EzqQK1+8wE+lgpdfi
12:21:04,912 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive cnonce = 0jroICIiGQtgvbnETpOXDTeAsVURd7qj09QjMAd+
12:21:04,913 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive digest-uri = remote/127.0.0.1
12:21:04,913 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive maxbuf = 65536
12:21:04,914 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive response = 5b821ea1fd6c7dd7524c6c683ea32c13
12:21:04,914 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) DIGEST11:Directive qop = auth
12:21:04,914 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) Username: baselibsTestuser1
12:21:04,915 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) Client negotiated realm: ApplicationRealm
12:21:04,915 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) Client negotiated qop: auth
12:21:04,916 TRACE [org.jboss.sasl.digest.server] (Remoting "dw-pc" task-4) DIGEST87:digest URI: remote/127.0.0.1
12:21:04,916 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) A2: AUTHENTICATE:remote/127.0.0.1
12:21:04,917 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) HEX(H(A2)): e2afbfb33926596cc3370aa828da3131
12:21:04,917 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) H(ˆ#Ä I ÷ÃFèäj/) = 8823c4204914f7c346e808fe00e46a2f
12:21:04,917 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) H(A1): d1669ca8a896c40376652ac12a16bef0
12:21:04,918 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) KD: d1669ca8a896c40376652ac12a16bef0:9011OflhtUnTDX8+PICUVa5EzqQK1+8wE+lgpdfi:00000001:0jroICIiGQtgvbnETpOXDTeAsVURd7qj09QjMAd+:auth:e2afbfb33926596cc3370aa828da3131
12:21:04,918 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) response-value: 5b821ea1fd6c7dd7524c6c683ea32c13
12:21:04,919 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) A2: :remote/127.0.0.1
12:21:04,919 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) HEX(H(A2)): a675d66c8bbe05dc878b9853b46e63ef
12:21:04,920 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) H(ˆ#Ä I ÷ÃFèäj/) = 8823c4204914f7c346e808fe00e46a2f
12:21:04,920 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) H(A1): d1669ca8a896c40376652ac12a16bef0
12:21:04,920 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) KD: d1669ca8a896c40376652ac12a16bef0:9011OflhtUnTDX8+PICUVa5EzqQK1+8wE+lgpdfi:00000001:0jroICIiGQtgvbnETpOXDTeAsVURd7qj09QjMAd+:auth:a675d66c8bbe05dc878b9853b46e63ef
12:21:04,921 TRACE [org.jboss.sasl.digest] (Remoting "dw-pc" task-4) response-value: caa77f28b510bad3e59cd6de8eb88dab
12:21:05,238 DEBUG [de.gedoplan.beantrial.jboss7remoteejb.UserInfoBean] (EJB default - 8) getUserId()
12:21:05,239 DEBUG [de.gedoplan.beantrial.jboss7remoteejb.UserInfoBean] (EJB default - 8) callerPrincipal: anonymous
If I deploy the EJB manually and have that called by the Arquillian test run, it works as expected. So the cause must be somewhere in the deployment of the EJB. But again: The deployed archive is identical ...
-
6. Re: Arquillian test for remote EJB on JBoss 7.1.1 looses caller principal
alrubinger Aug 16, 2012 12:56 AM (in response to dweil)Sorry, should have specified: client-side logs would be the place I'd look for Security Context (ie. Thread) information.
S,ALR
-
7. Re: Arquillian test for remote EJB on JBoss 7.1.1 looses caller principal
dweil Aug 16, 2012 5:08 PM (in response to alrubinger)Andrew,
I've run both test with client side log level TRACE - see attached files. At first glance I don't see a significant difference.
The thing to keep in mind is, that the following scenario produces a correct server side user:
- Deploy the EJB manually as "jboss7remoteEjb.jar"
- Use "jboss7remoteEjb/UserInfoBean!de.gedoplan.beantrial.jboss7remoteejb.UserInfo" as lookup name for the EJB, i. e. use the manually deployed EJB
- Run the test DirectArquillianUserInfoTest; this will ...
- ... deploy the EJB again, but with a different deployment unit name "arqJBoss7remoteEjb"
- ... call the manually deployed EJB as explained before
If the lookup name is changed to "arqJBoss7remoteEjb/UserInfoBean!de.gedoplan.beantrial.jboss7remoteejb.UserInfo", the same test failes. The two deployment JARs are identical. So calling the EJB from the manually deployed JAR produces correct results, running the same test, but calling the Arquillian deployed EJB returns the wrong user. That seems very weird ...
Regards
Dirk
-
DirectUserInfoTest.log.zip 6.6 KB
-
8. Re: Arquillian test for remote EJB on JBoss 7.1.1 looses caller principal
dweil Nov 15, 2012 5:20 AM (in response to dweil)I found the reason - it is horrible and simple at the same time: I used an archive name without extension for packing the deployment with ShrinkWrap. JBoss 7.1.1 deployes this without any complains, but does not process additional descriptors like jboss-ejb3.xml. So it is essential to use correct deployment unit names including an extension like .jar, .war etc.:
@RunWith(Arquillian.class)
public class DirectArquillianUserInfoTest extends DirectUserInfoTest
{
protected static final String ARCHIVE_NAME = "arqJBoss7remoteEjb";
@Deployment(testable = false)
@OverProtocol("Servlet 3.0")
public static JavaArchive createDeployment()
{
JavaArchive archive = ShrinkWrap.create(JavaArchive.class, ARCHIVE_NAME + ".jar");
archive.addClasses(UserInfo.class, UserInfoBean.class);
archive.addAsResource("META-INF/ejb-jar.xml");
archive.addAsResource("META-INF/jboss-ejb3.xml");
return archive;
}
It would be nice, if Arquillian issued a warning at least - would have saved me some days and frustration!
CU, Dirk