0 Replies Latest reply on Jan 9, 2013 8:12 AM by sdwallace

    Remote context / security

    sdwallace

      Hello.

       

      I would like to understand if it is possible to have a web tier be the remote EJB client and not have credentials in jboss-ejb-client.properites that expose security.  We are prototyping in AS 7.1.1.  I have this code:

       

          private static Calculator lookupRemoteEJB() throws NamingException {

                    Properties jndiProps = new Properties();

                    jndiProps.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

                    jndiProps.put(Context.PROVIDER_URL,"remote://localhost:4447");

                    jndiProps.put(Context.SECURITY_PRINCIPAL, "webTier");

                    jndiProps.put(Context.SECURITY_CREDENTIALS, "secretpassword");

                    //create a context passing these properties

                    Context context = new InitialContext(jndiProps);

       

              final String appName = "";

              final String moduleName = "EJBSandbox";

              final String distinctName = "";

              final String beanName = CalculatorBean.class.getSimpleName();

       

              final String viewClassName = Calculator.class.getName();

              System.out.println("Looking EJB via JNDI ");

              System.out.println(moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);

       

              return (Calculator) context.lookup(moduleName  + "/" + beanName + "!" + viewClassName);

        }

       

      It works provided I have this jboss-ejb-client.properties in my classpath:

       

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

      remote.connections=default

      remote.connection.default.host=127.0.0.1

      remote.connection.default.port = 4447

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

      remote.connection.default.username=webTier

      remote.connection.default.password=secretpassword

       

       

      remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

       

      However, if I remove the user name and password from the properties file, I get this exception:

       

      ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

      No EJB receiver available for handling [appName:,modulename:EJBSandbox,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@1a3a9bba

      java.lang.IllegalStateException: No EJB receiver available for handling [appName:,modulename:EJBSandbox,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@1a3a9bba

       

      Is there a way to remove security information from the property file (or encrypt it minimally) so that this is not in clear text on a web server in the DMZ?  Any concrete examples?