-
1. Re: Remoting issue with JAAS Realm JBoss EAP 6.2.0
wdfink Feb 2, 2014 6:11 AM (in response to antlia)could you show the complete client side properties and how ypu lookup the ejb?
-
2. Re: Re: Remoting issue with JAAS Realm JBoss EAP 6.2.0
antlia Feb 27, 2014 9:56 AM (in response to wdfink)Here is the code I'm using for testing the remote calls to my Ejb
public static void main(String[] args) { try { Properties jndiProps = new Properties(); jndiProps.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"); jndiProps.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory"); jndiProps.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", true); jndiProps.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", false); jndiProps.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS","JBOSS-LOCAL-USER"); jndiProps.put(Context.PROVIDER_URL,"remote://192.168.2.153:4447"); // username jndiProps.put(Context.SECURITY_PRINCIPAL, "user"); // password jndiProps.put(Context.SECURITY_CREDENTIALS, "password"); // This is an important property to set if you want to do EJB invocations via the remote-naming project jndiProps.put("jboss.naming.client.ejb.context", false); // create a context passing these properties Context ctx = new InitialContext(jndiProps); DynamicFormRemote dyn = (DynamicFormRemote)ctx.lookup( "java:global/Reapp-0.1-dev/ReAppEjb/DynamicFormRemote!it.antlia.reapp.session.DynamicFormRemote"); dyn.findAllOrderedByName(); } catch(Exception ne) { ne.printStackTrace(); } }
Thanks,
Antlia
Edit: I've tried to bind the jaas security-realm for logging into JBoss management console, and it's working, so I'm supposing that the security domain configuration is fine, the problem is tied to the remoting subsystem...any suggest?
-
3. Re: Remoting issue with JAAS Realm JBoss EAP 6.2.0
javdev Mar 6, 2014 8:52 AM (in response to antlia)short-term solution: copy your custom login module to [jboss_6_2_0_EAP\modules\system\layers\base\org\jboss\as\remoting\main\] and modify module.xml appropriately + remove module declaration [org.example] in your security domain [other] in standalone.xml
-
4. Re: Remoting issue with JAAS Realm JBoss EAP 6.2.0
antlia Apr 2, 2014 2:00 PM (in response to javdev)Hi javdev,
unfortunately I cannot follow your suggestion, because I'm using this login module for the whole application (even the web part). All my ejb's are pointing to "other" domain and so I cannot remove this module from the security tag, for remoting calls...it's very strange that JBoss doesn't allow the remoting authentication using a security realm based on JAAS...
-
5. Re: Remoting issue with JAAS Realm JBoss EAP 6.2.0
javdev Apr 3, 2014 12:36 AM (in response to antlia)Hi Antlia,
it seems, that your login-module in class [org.example.MyClass] is located in a new jboss module [org.example]. And that's not working. We had to copy the jar with our custom login module to [jboss_6_2_0_EAP\modules\system\layers\base\org\jboss\as\remoting\main].
If you copy your jar to module [org.jboss.as.remoting], you have to remove the attribute [module=org.example]. That's all.
-
6. Re: Re: Remoting issue with JAAS Realm JBoss EAP 6.2.0
antlia Apr 3, 2014 4:32 AM (in response to javdev)Hi javdev,
I tried to follow your suggestions, but maybe I'm missing something, because I can't get it to work.
I've followed this step:
- Moved my custom module (jar) to org/jboss/as/remoting/main
- Changed module.xml of remoting, adding the new resource (my custom login module) and its dependencies
- Removed module attribute from the <login-module definition>, which now looks like this:
<login-module code="org.example.MyClass" flag="required">
- Added the new security realm, with authentication jaas
- Associated the remoting subsystem with the new security realm, as described in my first post.
But I'm still getting the same error... can you tell me what is wrong with these step, please?
Thanks in advance,
Antlia
-
7. Re: Re: Remoting issue with JAAS Realm JBoss EAP 6.2.0
javdev Apr 3, 2014 7:38 AM (in response to antlia)Hm, i think you should enable logging for categories [org.jboss.security] and [org.jboss.as.remoting] in standalone.xml:
<periodic-rotating-file-handler name="FILE4REMOTINGANDSECURITY">
<formatter>
<pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] [%C] (%t) %s%E%n"/>
</formatter>
<file relative-to="jboss.server.log.dir" path="remoting_and_security.log"/>
<suffix value=".yyyy-MM-dd"/>
<append value="true"/>
</periodic-rotating-file-handler>
<logger category="org.jboss.as.remoting">
<level name="TRACE"/>
<handlers><handler name="FILE4REMOTINGANDSECURITY"/></handlers>
</logger>
<logger category="org.jboss.security">
<level name="TRACE"/>
<handlers><handler name="FILE4REMOTINGANDSECURITY"/></handlers>
</logger>
Maybe your login module is called but access is denied.
You should also have a look at properties [default-security-domain value] and [default-missing-method-permissions-deny-access value] in standalone.xml:
<subsystem xmlns="urn:jboss:domain:ejb3:1.4">
........
<default-security-domain value="other"/>
<default-missing-method-permissions-deny-access value="true"/>
</subsystem>
The value of the property [default-security-domain] should be ok (in your case).
The value of the property [default-missing-method-permissions-deny-access] should be [false] but is by default [true].
-
8. Re: Remoting issue with JAAS Realm JBoss EAP 6.2.0
antlia May 21, 2015 12:15 PM (in response to antlia)Finally I solved it...all the booleans passed in Properties object must be passed as String, not boolean, for example
jndiProps.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");