1 2 Previous Next 26 Replies Latest reply: Apr 17, 2013 9:56 AM by Cristian Duicu Branched to a new discussion. RSS

Custom Login Module with remote EJB

Francois Swiegers Newbie

Hi there,

 

I am in the process of migrating a JBoss 4 application to JBoss 7, and am having difficulty with security over remote RMI EJB's. Specifically, I'm trying to add a custom login module to Jaikiran's post on EJB remoting (https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI).

 

After adding the custom security module (described in more detail later in this post), I get the following exception on my client:

 

Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

 

Upon debugging org.jboss.remoting3.remote.ClientConnectionOpenListener, it seems that the problem is that the only mechanism passed to the connection is PLAIN, but the connection listener only has client factories for the following mechanisms registered:

 

DIGEST-MD5=[org.jboss.sasl.digest.DigestMD5ClientFactory@1f4bcf7, com.sun.security.sasl.digest.FactoryImpl@8997d1],

ANONYMOUS=[org.jboss.sasl.anonymous.AnonymousClientFactory@a4488],

EXTERNAL=[com.sun.security.sasl.ClientFactoryImpl@18a6e6e], CRAM-MD5=[com.sun.security.sasl.ClientFactoryImpl@18a6e6e],

GSSAPI=[com.sun.security.sasl.gsskerb.FactoryImpl@e99ce5]}

 

Because it can't find a factory for the PLAIN mechanism, no SASL client is loaded, and the exception is thrown.

 

This seems to happen entirely on the client, even before the authentication is attempted on the server. Is there a way that I can add a factory for the PLAIN mechanism in my client connection? I recall that the PLAIN mechanism is required for JBOSS to pass the authentication on to the Jaas service - or is there a better way to do remote authentication?

 

Many thanks in advance for any help in this regard.

 

(From here I am just describing the process by which I added the custom security module, in case it could be the source of the problem)

standalone.xml

 

First thing I did was to change the application realm to use my Jaas authenticator:

 

<security-realm name="ApplicationRealm">

     <authentication>

          <jaas name="alchemy"/>

      </authentication>

</security-realm>

...

<security-domains>

     <security-domain name="alchemy" cache-type="default">

          <authentication>

               <login-module code="org.zboss.login.module.TestLoginModule" flag="required"/>

          </authentication>

     </security-domain>

</security-domains>

...

<subsystem xmlns="urn:jboss:domain:remoting:1.1">

     <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>

</subsystem>

 

Custom Login Module

 

Then I added my custom login module as a module to JBoss by putting it in

 

jboss\modules\org\zboss\login\module\main

     -> zboss-login-module.jar

     -> module.xml

 

<?xml version="1.0" encoding="UTF-8"?>

 

module.xml contains:

 

<module xmlns="urn:jboss:module:1.0" name="org.zboss.login.module">

  <resources>

    <resource-root path="zboss-login-module.jar"/>

        <!-- Insert resources here -->

  </resources>

  <dependencies>

     <module name="javax.api"/>

     <module name="org.picketbox"/>

  </dependencies>

</module>

 

jboss-ejb-client.properties

 

endpoint.name=client-endpoint

remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

remote.connections=default

remote.connection.default.host=localhost

remote.connection.default.port=6447

remote.connection.default.username=swiegersf

remote.connection.default.password=abc

remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

 

Client code

 

final Hashtable<String, Object> jndiProperties = new Hashtable<String, Object>();

jndiProperties.put(Context.URL_PKG_PREFIXES,                                                  "org.jboss.ejb.client.naming");

jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY,                                                  InitialContextFactory.class.getName());

jndiProperties.put(Context.PROVIDER_URL, "remote://localhost:6447/");

jndiProperties.put(InitialContext.SECURITY_PRINCIPAL, "swiegersf");

jndiProperties.put(InitialContext.SECURITY_CREDENTIALS, "abc");

jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS",                                                                      false);

jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",                                                                      false);

jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS",                                                                      "JBOSS-LOCAL-USER");

 

Context context = new InitialContext(jndiProperties);

Calculator calculator = (Calculator) context.lookup(name);

 

int result = calculator.add(3, 8); // error!

 


 

 

 


  • 1. Re: Custom Login Module with remote EJB
    Darran Lofthouse Master

    What is the exact AS version you are using?  Also how are you specifying the client class path?

     

    For the JNDI properties can you try passing the false values as Strings?  We did used to have a problem in that area so it may have remained.

  • 2. Re: Custom Login Module with remote EJB
    Francois Swiegers Newbie

    Thanks for the quick response, Darran.

     

    I am using 7.1.1-Final.

    I am specifying the client classpath using the following maven configuration:

     

    <dependencies>

                        <dependency>

                                  <groupId>org.jboss.as</groupId>

                                  <artifactId>jboss-as-ejb-client-bom</artifactId>

                                  <version>7.1.1.Final</version>

                                  <type>pom</type>

                        </dependency>

                        <dependency>

                                  <groupId>org.jboss.as</groupId>

                                  <artifactId>jboss-as-jms-client-bom</artifactId>

                                  <version>7.1.1.Final</version>

                                  <type>pom</type>

                        </dependency>

    </dependencies>

     

    I have also tried using the jboss-client.jar from the AS, with no success. Also, using an older version (7.1.0.Final) had the exact same problem.

     

    Changing the values in the jndi map to be string values also does not seem to make any difference.

  • 3. Re: Custom Login Module with remote EJB
    Francois Swiegers Newbie

    OK, FWIW, I do manage to get the remote invocation to work if I use the built in RealmUsersRoles login module:

     

    <security-domain name="alchemy" cache-type="default">

         <authentication>

              <login-module code="Remoting" flag="optional">

                   <module-option name="password-stacking" value="useFirstPass"/>

              </login-module>

              <login-module code="RealmUsersRoles" flag="required">

                   <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                   <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                   <module-option name="realm" value="ApplicationRealm"/>

                   <module-option name="password-stacking" value="useFirstPass"/>

              </login-module>

         </authentication>

    </security-domain>

     

    BUT, once I change the security domain back to my custom login module

     

    <security-domain name="alchemy" cache-type="default">

         <authentication>

              <login-module code="org.zboss.login.module.TestLoginModule" flag="required" module="org.zboss.login.module"/>

         </authentication>

    </security-domain>


     

    the problem reappears.

     

    So it must have something to do with the fact that I'm using a custom login module.

     

    I have tried both approaches for implementing a custom login module described in:

     

    https://community.jboss.org/wiki/JBossAS7SecurityDomainModel

    https://community.jboss.org/wiki/JBossAS7SecurityCustomLoginModules

     

    neither of which proved to be successful.

     

    I have my JBOSS server logging level set to TRACE, but the invocation from the remote client does not cause any activity on the server side, so if there is an error happening at the time of the authentication, then it does not seem to be logged in any way.

     

    The code for my custom login module is as follows (it will allow any username/password to succeed):

     

    /*

    * $Header$

    */

    package org.zboss.login.module;

     

     

    import java.security.acl.Group;

    import java.util.Map;

     

     

    import javax.security.auth.Subject;

    import javax.security.auth.callback.CallbackHandler;

    import javax.security.auth.login.LoginException;

     

     

    import org.jboss.security.SimpleGroup;

    import org.jboss.security.auth.spi.UsernamePasswordLoginModule;

    import org.slf4j.Logger;

    import org.slf4j.LoggerFactory;

     

     

    /**

    * A Jboss login module that does not actually authenticate. Useful for

    * integration testing. Just don't configure JBOSS to use this one in production

    * by accident.

    */

    public class TestLoginModule extends UsernamePasswordLoginModule {

     

     

              public TestLoginModule() {

                        super();

                        System.out.println("Created test login module");

              }

     

     

              /**

               * Initialize this LoginModule.

               */

              @Override

              public void initialize(Subject subject, CallbackHandler callbackHandler,

                                  Map sharedState, Map options) {

                        super.initialize(subject, callbackHandler, sharedState, options);

     

                        System.out.println("Initialized " + subject);

     

              }

     

     

              /**

               * Get the expected password for the current username available via the

               * getUsername() method. This is called from within the login() method after

               * the CallbackHandler has returned the username and candidate password.

               *

               * @return the valid password String

               */

              @Override

              protected String getUsersPassword() throws LoginException {

                        return "";

              }

     

     

              /**

               * Execute the rolesQuery against the dsJndiName to obtain the roles for the

               * authenticated user.

               *

               * @return Group[] containing the sets of roles

               */

              @Override

              protected Group[] getRoleSets() throws LoginException {

     

                        System.out.println("Get rolesets for " + super.getUsername());

     

                        Group secureUser = new SimpleGroup("Roles");

                        try {

                                  secureUser.addMember(this.createIdentity("SecureUser"));

                        } catch (Exception e) {

                                  log.error("Failed to create principal: SecureUser", e);

                        }

                        Group[] roleSets = new Group[] { secureUser };

     

                        AlchemyLoginModule m = this;

     

                        return roleSets;

              }

     

     

              /*

               * (non-Javadoc)

               * @see

               * org.jboss.security.auth.spi.UsernamePasswordLoginModule#validatePassword

               * (java.lang.String, java.lang.String)

               */

              @Override

              protected boolean validatePassword(String inputPassword,

                                  String expectedPassword) {

                        System.out.println("input pwd: " + inputPassword);

                        System.out.println("expected pwd: " + expectedPassword);

                        return true;

              }

    }

  • 4. Re: Custom Login Module with remote EJB
    john_k Newbie

    hi francois, i think i discovered the same problem... (my post: https://community.jboss.org/thread/200013)

    if i use the custom login module it dosent work if i use the RealmUserRoles it gets at least invocated...

    could be maybe related to this but iam not entirely sure!

    Possible classloading problem: can be solved if custom login module inside a jar is added to modules\org\jboss\as\remoting\main

    https://community.jboss.org/thread/195501?start=15&tstart=0

     

    maybe you have to add to your module   <login-module code="org.zboss.login.module.TestLoginModule" flag="required" module="org.zboss.login.module"/>

  • 5. Re: Custom Login Module with remote EJB
    Francois Swiegers Newbie

    Hi john_k,

     

    Thanks for the interest. I have tried adding the module atttribute to my custom <login-module..> tag, but no luck.

     

    I also tried the approach described by Jason Greene in https://community.jboss.org/message/723077?tstart=0, which is to make the login module a separately deployable jar, but I still get the exact same problem.

     

    Obviously it is important for a security module to "not give the game away", so I can understand the lack of good error messages on the client side. What is a bit baffling is the lack of good server-side logs - even with my JBOSS logging on TRACE, there is simply no logs being generated when the client calls the server.

  • 6. Re: Custom Login Module with remote EJB
    john_k Newbie

    hi francois, indeed the logs are somehow problematic :/

  • 7. Re: Custom Login Module with remote EJB
    npabst Newbie

    Hi Francois,

    Did you add this in your logging section ?

     

    - <logger category="org.jboss.remoting">
    <level name="TRACE" />

    </logger>

     

    - <logger category="org.jboss.security">
    <level name="TRACE" />

    </logger>

     

    If not can you add it and show what logs you get ?

     

  • 8. Re: Custom Login Module with remote EJB
    john_k Newbie

    hi npabst, thanks (even though your message wasnt for me) for your reply i didnt add the org.jboss.remoting so far

    it gives me at least some more info.

    ill post it anyway

     

    Begin getAppConfigurationEntry(myAppJaas), size=1

    End getAppConfigurationEntry(myAppJaas), authInfo=AppConfigurationEntry[]:

    [0]

    LoginModule Class: my.CustomModule

    ControlFlag: Anmeldemodul-Steuerflag: required

    Options:

    name=debug, value=true

     

    Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

    Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)

    Flushed channel (direct)

    Server received capabilities request

    Server received capability: version 1

    Server received capability: remote endpoint name "config-based-naming-client-endpoint"

    Sent message java.nio.HeapByteBuffer[pos=46 lim=46 cap=8192] (direct)

    Flushed channel (direct)

    Received connection end-of-stream

  • 9. Re: Custom Login Module with remote EJB
    Francois Swiegers Newbie

    Hi npabst

     

    Thanks for helping out.

     

    On the client side, I use the following log4j configuration:

     

    log4j.rootLogger=TRACE, Console

    log4j.appender.Console=org.apache.log4j.ConsoleAppender

    log4j.appender.Console.layout=org.apache.log4j.PatternLayout

    log4j.appender.Console.layout.ConversionPattern=%d %-5p [%t] %-17c{2} (%13F:%L) %3x - %m%n

     

     

    I attach the full log. The part around the error is:

     

     

    2012-05-23 15:17:49,675 ERROR [Remoting "client-endpoint" read-1] remote.connection (RemoteConnection.java:99)     - JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.safe-close   ( IoUtils.java:136)     - Closing resource org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <3afb99>

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] channels.framed   (FramedMessageChannel.java:303)     - Fully flushed org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <3afb99>

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] tcp.channel       (NioTcpChannel.java:141)     - Closing TCP socket channel (NIO) <3afb99>

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" write-1] nio.selector      (WorkerThread.java:163)     - Selected on sun.nio.ch.WindowsSelectorImpl@1568fb5

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" write-1] nio.selector      (WorkerThread.java:156)     - Beginning select on sun.nio.ch.WindowsSelectorImpl@1568fb5 (with timeout)

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.nio          (            ?:?)     - Cancelling key sun.nio.ch.SelectionKeyImpl@190ef12 of java.nio.channels.SocketChannel[closed] (same thread)

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.nio          (            ?:?)     - Cancelling key sun.nio.ch.SelectionKeyImpl@1c286e2 of java.nio.channels.SocketChannel[closed] (other thread)

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" write-1] nio.selector      (WorkerThread.java:163)     - Selected on sun.nio.ch.WindowsSelectorImpl@1568fb5

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.listener     (ChannelListeners.java:71)     - Invoking listener Close listener for org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <3afb99> on channel TCP socket channel (NIO) <3afb99>

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" write-1] nio.selector      (WorkerThread.java:156)     - Beginning select on sun.nio.ch.WindowsSelectorImpl@1568fb5 (with timeout)

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.safe-close   ( IoUtils.java:136)     - Closing resource org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <3afb99>

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] xnio.safe-close   ( IoUtils.java:136)     - Closing resource TCP socket channel (NIO) <3afb99>

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] remoting.endpoint (IoFuture.java:219)     - Registered exception result

    javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

              at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315)

              at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

              at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

              at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

              at org.xnio.nio.NioHandle.run(NioHandle.java:90)

              at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] remoting.endpoint (EndpointImpl.java:281)     - Resource closed count 00000001 of endpoint "client-endpoint" <18e261d> (closed a failed connection (2))

    2012-05-23 15:17:49,675 TRACE [Remoting "client-endpoint" read-1] nio.selector      (WorkerThread.java:152)     - Beginning select on sun.nio.ch.WindowsSelectorImpl@1c7980c

    2012-05-23 15:17:49,675 WARN  [main] remoting.ConfigBasedEJBClientContextSelector (ConfigBasedEJBClientContextSelector.java:133)     - Could not register a EJB receiver for connection to remote://localhost:6447

    java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

              at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

              at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:121)

              at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:78)

              at org.jboss.ejb.client.EJBClientContext.<clinit>(EJBClientContext.java:77)

              at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:120)

              at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104)

              at $Proxy0.add(Unknown Source)

              at org.zboss.client.CalculatorClient.main(CalculatorClient.java:84)

    Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

              at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315)

              at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

              at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

              at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

              at org.xnio.nio.NioHandle.run(NioHandle.java:90)

              at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)

              at ...asynchronous invocation...(Unknown Source)

              at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

              at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)

              at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)

              at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)

              at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)

              ... 6 more


     


     

    another interesting part in the log is (I highlight in bold the interesting part):

     

    sun.nio.ch.WindowsSelectorImpl@1c7980c

    2012-05-23 15:17:49,797 TRACE [Remoting "client-endpoint" read-1] nio.selector      (WorkerThread.java:179)     - Selected key sun.nio.ch.SelectionKeyImpl@bdc9b3 for java.nio.channels.SocketChannel[connected local=/127.0.0.1:1697 remote=localhost/127.0.0.1:6447]

    2012-05-23 15:17:49,797 TRACE [Remoting "client-endpoint" read-1] xnio.listener     (ChannelListeners.java:71)     - Invoking listener Read listener for org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <1e91a4d> on channel TCP socket channel (NIO) <1e91a4d>

    2012-05-23 15:17:49,797 TRACE [Remoting "client-endpoint" read-1] xnio.listener     (ChannelListeners.java:71)     - Invoking listener org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@cc7439 on channel org.xnio.channels.FramedMessageChannel around TCP socket channel (NIO) <1e91a4d>

    2012-05-23 15:17:49,797 TRACE [Remoting "client-endpoint" read-1] channels.framed   (FramedMessageChannel.java:118)     - Copying message from java.nio.HeapByteBuffer[pos=4 lim=5 cap=8196] into java.nio.HeapByteBuffer[pos=0 lim=8192 cap=8192]

    2012-05-23 15:17:50,303 DEBUG [Remoting "client-endpoint" read-1] remote.client     (ClientConnectionOpenListener.java:644)     - Client received authentication rejected for mechanism PLAIN

    2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] remote.client     (ClientConnectionOpenListener.java:105)     - Client sending capabilities request

    2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] remoting.remote   (ClientConnectionOpenListener.java:118)     - Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@5e8d7d

    2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] xnio.listener     (RemoteConnection.java:78)     - Setting channel listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@5e8d7d

    2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] channels.framed   (FramedMessageChannel.java:230)     - Accepting java.nio.HeapByteBuffer[pos=0 lim=21 cap=8192] into java.nio.HeapByteBuffer[pos=0 lim=8196 cap=8196]

    2012-05-23 15:17:50,303 TRACE [Remoting "client-endpoint" read-1] channels.framed   (FramedMessageChannel.java:237)     - Accepted a message into java.nio.HeapByteBuffer[pos=25 lim=8196 cap=8196]


  • 10. Re: Custom Login Module with remote EJB
    npabst Newbie

    John_k

     

    Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

     

    I have the same Exception.

    I don't know why the password is not verified.

     

     

     

    Francois,

    just to be sure, my previous message was for the server logs in standalone.xml.

  • 11. Re: Custom Login Module with remote EJB
    john_k Newbie

    hi npabst,

    i have no clue either

    thanks for your time

  • 12. Re: Custom Login Module with remote EJB
    Francois Swiegers Newbie

    Ah, of course. On the server, I get:

     

    15:56:00,348 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Excluding mechanism GSSAPI because it is not in the allowed list

    15:56:00,348 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" read-1) Sent message java.nio.HeapByteBuffer[pos=20 lim=20 cap=8192] (direct)

    15:56:00,348 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" read-1) Flushed channel (direct)

    15:56:00,348 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Server received authentication request

    15:56:00,348 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "sbl9805" task-2) Begin getAppConfigurationEntry(alchemy), size=2

    15:56:00,348 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "sbl9805" task-2) End getAppConfigurationEntry(alchemy), authInfo=AppConfigurationEntry[]:

    [0]

    LoginModule Class: org.zboss.login.module.AlchemyLoginModule

    ControlFlag: LoginModuleControlFlag: required

    Options:

    name=password-stacking, value=useFirstPass

     

     

    15:56:00,441 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" task-2) Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

    15:56:00,441 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" task-2) Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)

    15:56:00,441 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" task-2) Flushed channel (direct)

    15:56:00,441 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Server received capabilities request

    15:56:00,441 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Server received capability: version 1

    15:56:00,441 TRACE [org.jboss.remoting.remote.server] (Remoting "sbl9805" read-1) Server received capability: remote endpoint name "client-endpoint"

    15:56:00,441 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" read-1) Sent message java.nio.HeapByteBuffer[pos=20 lim=20 cap=8192] (direct)

    15:56:00,441 TRACE [org.jboss.remoting.remote.connection] (Remoting "sbl9805" read-1) Flushed channel (direct)

    15:56:00,457 TRACE [org.jboss.remoting.remote] (Remoting "sbl9805" read-1) Received connection end-of-stream

  • 13. Re: Custom Login Module with remote EJB
    john_k Newbie

    hi,

    at least we all getting the same error

  • 14. Re: Custom Login Module with remote EJB
    Francois Swiegers Newbie

    Yes, how bizarre

1 2 Previous Next