-
1. Re: JBoss 7.2.0 nightly build custom login module
ctomc May 15, 2012 4:32 PM (in response to danjee)noting...
current 7.2.0.alpha1 nightly builds don't have any changes over 7.1.2 in codebase yet, it is essentially the same as 7.1.2 tag with renamed version...
i would look for problem somewhere else.
--
tomaz
-
2. Re: JBoss 7.2.0 nightly build custom login module
danjee May 16, 2012 2:10 AM (in response to ctomc)Maybe something did change between 7.1.2 builds because I have a working version of 7.1.2 snapshot, but for the 7.2.0 version I get this exception
18:08:10,657 TRACE [org.jboss.remoting.remote.server] (Remoting "vs420" read-1) Server received authentication request
18:08:10,657 TRACE [org.xnio.nio.selector] (Remoting "vs420" read-1) Beginning select on sun.nio.ch.EPollSelectorImpl@530ce397
18:08:10,657 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) Begin isValid, principal:SUPPORT, cache entry: org.jboss.securi
ty.authentication.JBossCachedAuthenticationManager$DomainInfo@5b7e62ad
18:08:10,658 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) Begin validateCache, info=org.jboss.security.authentication.JBo
ssCachedAuthenticationManager$DomainInfo@5b7e62ad;credential.class=java.lang.String@686231088
18:08:10,658 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) End validateCache, isValid=true
18:08:10,658 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) End isValid, true
18:08:10,658 TRACE [org.jboss.remoting.remote.server] (Remoting "vs420" task-3) Server sending authentication rejected (javax.security.sasl.SaslException: Callback handler invoc
ation failed [Caused by javax.security.auth.callback.UnsupportedCallbackException])
-
3. Re: JBoss 7.2.0 nightly build custom login module
jaikiran May 16, 2012 2:25 AM (in response to danjee)What kind of authentication is going on here? I mean what is the usecase where this is failing?
-
4. Re: JBoss 7.2.0 nightly build custom login module
jaikiran May 16, 2012 2:26 AM (in response to jaikiran)Looking at the commits here https://github.com/jbossas/jboss-as/commits/master I don't see anything related to security that's changed after May 9 (the day 7.1.2 tag was created).
-
5. Re: JBoss 7.2.0 nightly build custom login module
danjee May 16, 2012 4:59 AM (in response to jaikiran)Here is a simple example of an app that worked on a 7.1.2 ( I think from April) and on 7.2.0 it gives me the
ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed Exception in thread "main" javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
The login module looks like this:
package com.asf.jboss7.security; import java.security.acl.Group; import javax.security.auth.login.LoginException; import org.jboss.security.SimpleGroup; import org.jboss.security.SimplePrincipal; import org.jboss.security.auth.spi.UsernamePasswordLoginModule; public class TestLoginModule extends UsernamePasswordLoginModule { // initial state @Override protected String getUsersPassword() throws LoginException { return "1"; } /* * (non-Javadoc) * * @see * org.jboss.security.auth.spi.UsernamePasswordLoginModule#validatePassword * (java.lang.String, java.lang.String) */ @Override protected boolean validatePassword(String inputPassword, String expectedPassword) { System.out.println("--> username: " + super.getUsername()); new Throwable("trace login module calls").printStackTrace(); return super.validatePassword(inputPassword, expectedPassword); } @Override protected Group[] getRoleSets() { Group[] groups = { new SimpleGroup("Roles"), new SimpleGroup("*") }; SimplePrincipal role = new SimplePrincipal("ASF_Users"); groups[0].addMember(role); return groups; } }
The client is this:
package com.asf.jndi.jboss7; import java.rmi.RemoteException; import java.util.Hashtable; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; import com.asf.jboss7.RemoteCalculator; import com.asf.kollecto.common.exception.AppException; public class JndiTest { public static void main(String[] args) throws NamingException, AppException, RemoteException { final Hashtable<String, Object> jndiProperties = new Hashtable<String, Object>(); jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"); jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory"); jndiProperties.put(Context.PROVIDER_URL, "remote://vs420.intranet.asf.ro:4447"); jndiProperties.put(Context.SECURITY_PRINCIPAL, "support"); jndiProperties.put(Context.SECURITY_CREDENTIALS, "1"); jndiProperties.put("jboss.naming.client.ejb.context", true); jndiProperties .put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); final Context context = new InitialContext(jndiProperties); final String appName = "myear"; final String moduleName = "myejb3"; final String distinctName = ""; final String beanName = "CalculatorBean"; final String viewClassName = RemoteCalculator.class.getName(); String lookup = "ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName; System.out.println("lookup name: " + lookup); RemoteCalculator facade = (RemoteCalculator) context.lookup(lookup); System.out.println(facade); for (int i = 0; i < 3; i++) { System.out.println("test: " + facade.add(i, 8)); } } }
-
myear.ear 4.9 KB
-
standalone.xml 13.6 KB
-
-
6. Re: JBoss 7.2.0 nightly build custom login module
dlofthouse May 16, 2012 5:04 AM (in response to danjee)18:08:10,658 TRACE [org.jboss.remoting.remote.server] (Remoting "vs420" task-3) Server sending authentication rejected (javax.security.sasl.SaslException: Callback handler invoc
ation failed [Caused by javax.security.auth.callback.UnsupportedCallbackException])
This message looks like a candidate for the problem, just investigating now.
-
7. Re: JBoss 7.2.0 nightly build custom login module
dlofthouse May 16, 2012 5:07 AM (in response to dlofthouse)Daniel, one quick question while I am investigating - when you implement your login module are you able to access the users plain text password from wherever it is stored? If so a realm plug-in may be better so you can leave the Remoting authentication to be Digest based without the need to force it down to Plain as is required to integrate with JAAS.
-
8. Re: JBoss 7.2.0 nightly build custom login module
danjee May 16, 2012 5:52 AM (in response to dlofthouse)The authentications reads from different sources for users passwords, some are them are stored in AD, others in non-reversible encoding in DB so I will need to send them in plain.
Daniel
-
9. Re: JBoss 7.2.0 nightly build custom login module
dlofthouse May 16, 2012 6:23 AM (in response to danjee)Ok so moving from the Realm to JAAS integration would probably not bring you a benefit.
As you are running a self built AS can you try cherry picking the following commit into your branch and repeating your test https://github.com/darranl/jboss-as/commit/7671e50b652c1d521c9746ee639d17a666e5f004
-
10. Re: JBoss 7.2.0 nightly build custom login module
danjee May 16, 2012 6:33 AM (in response to dlofthouse)I am not working on a self-build AS. I've downloaded the application server from Jenkins's latest stable build:
https://ci.jboss.org/jenkins/job/JBoss-AS-7.x-latest/ (May 14 version)
-
11. Re: JBoss 7.2.0 nightly build custom login module
dlofthouse May 16, 2012 6:38 AM (in response to danjee)Ok in that case keep an eye on these pull requests: -
https://github.com/jbossas/jboss-as/pull/2320
https://github.com/jbossas/jboss-as/pull/2321
Once these are merged the next stable build after will contain the fix.
-
12. Re: JBoss 7.2.0 nightly build custom login module
danjee May 16, 2012 7:27 AM (in response to dlofthouse)Ok, thanks a lot
-
13. Re: JBoss 7.2.0 nightly build custom login module
anssih Jun 7, 2012 1:47 AM (in response to danjee)Daniel, did this solve you're problem? I have a same kind of problems with authentication even with latest 7.2.0 version.