custom login module; remote ejb; problem: Authentication failed: all available authentication mechanisms failed
john_k May 23, 2012 9:00 AMHi,
i have some problems to set up a custom serverloginmodule for jboss as7 (tried with 7.1.0 and 7.1.1) any help would be appriciated.
I am still new to jboss and jboss as7 so maybe i try to tackle my problem with the wrong tools or i miss just some things i need to know to do it properly.
So maybe someone could point me to the correct direction
What i want to achieve:
- i want to access a secured remote ejb via a "normal" java client
- before i access the bean i want to be authenticated via jaas via the jboss with a custom ServerLoginModule
- call org.jboss.security.ClientLoginModule via LoginContext
jboss{ org.jboss.security.ClientLoginModule required ; };
String contextName = "jboss" Subject subject = new Subject(false, new HashSet<Principal>(), new HashSet<String>(), new HashSet<String>()); LoginContext loginContext = new LoginContext(contextName, subject); loginContext.login();
- if the login succeeds i want to create the initial context and access the bean
code
Properties jndiProperties = new Properties(); jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"); jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, org.jboss.naming.remote.client.InitialContextFactory.class .getName()); jndiProperties.put(Context.PROVIDER_URL, "remote://localhost:4447"); jndiProperties.put("jboss.naming.client.ejb.context", true); jndiProperties .put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); jndiProperties.put(Context.SECURITY_PRINCIPAL, "user"); jndiProperties.put(Context.SECURITY_CREDENTIALS, "pass");// pass"); Context context =context = new InitialContext(jndiProperties);
jboss-ejb-client.properties
endpoint.name=client-endpoint remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false remote.connections=default remote.connection.default.host=localhost remote.connection.default.port = 4447 remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
- on the server side a implementation of AbstractServerLoginModule should be called
- i putted my implementation in a jar and tried to add it to a jboss module.
- i tried two ways
- 1) put it in a independent module
- 2) put it in the org\jboss\as\remoting\main module [after reading this (I added it on the jboss_install_dir/modules/org/jboss/as/remoting/main and modified the module.xml https://community.jboss.org/thread/195501?start=15&tstart=0)
- both with the same result
- my server config looks like this:
<security-realm name="ApplicationRealm"> <authentication> <properties relative-to="jboss.server.config.dir" path="${jboss.server.config.dir}/application-users.properties"/> </authentication> </security-realm> <security-realm name="MyAppRealm"> <authentication> <jaas name="myAppJaas"/> </authentication> </security-realm> <security-domains> <security-domain name="myAppJaas" cache-type="default"> <authentication> <login-module code="sampleApp.jboss.login.AuthLoginModule" flag="required"> <module-option name="debug" value="true" /> </login-module> </authentication> </security-domain> </security-domains> <subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="MyAppRealm"/> </subsystem>
What i get at the moment:
- i removed the part where i try to login via jaas upfront figured out that it does not make any diffrence in my sample
- it seems that my loginmodule(server) doesent get called (sampleApp.jboss.login.AuthLoginModule)
the only output i get on server side:
14:04:07,946 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "client" task-3) Begin getAppConfigurationEntry(myAppJaas), size=1 14:04:07,952 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "client" task-3) End getAppConfigurationEntry(myAppJaas), authInfo=AppConfigurationEntry[]: [0] LoginModule Class: sampleApp.jboss.login.AuthLoginModule ControlFlag: Anmeldemodul-Steuerflag: required Options: name=debug, value=true
client output:
Mai 22, 2012 2:04:07 PM org.xnio.Xnio <clinit> INFO: XNIO Version 3.0.3.GA Mai 22, 2012 2:04:07 PM org.xnio.nio.NioXnio <clinit> INFO: XNIO NIO Implementation Version 3.0.3.GA Mai 22, 2012 2:04:07 PM org.jboss.remoting3.EndpointImpl <clinit> INFO: JBoss Remoting version 3.2.2.GA Mai 22, 2012 2:04:07 PM org.jboss.remoting3.remote.RemoteConnection handleException ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed] at org.jboss.naming.remote.client.ClientUtil.namingException(ClientUtil.java:36) at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:117) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) at javax.naming.InitialContext.init(InitialContext.java:242) at javax.naming.InitialContext.<init>(InitialContext.java:216) at Main.main(Main.java:37) Caused by: java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87) at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:42) at org.jboss.naming.remote.client.InitialContextFactory.createConnection(InitialContextFactory.java:153) at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateConnection(InitialContextFactory.java:126) at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:106) ... 5 more Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189) at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at org.xnio.nio.NioHandle.run(NioHandle.java:90) at org.xnio.nio.WorkerThread.run(WorkerThread.java:184) at ...asynchronous invocation...(Unknown Source) at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270) at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333) at org.jboss.naming.remote.client.cache.EndpointCache$EndpointWrapper.connect(EndpointCache.java:110) at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:41) ... 8 more
Problems:
- the login module doesent get called --> leads to the sasl exception i assume.. (javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed)
- how to get more useful debug/trace output from the security module
Thank you for your time ... any help would be appreciated.. and sorry for my bad english i hope you could get my point anyways