2 Replies Latest reply on Jan 17, 2017 7:51 AM by alperse

    JMS destination remote lookup failure on WFLY8 when using <jaas/> instead of <properties/> authentification within applicationRealm and client and server running on different computers

    sheckler

      The Remote JMS (destination, connection factory) lookup against Wildfly concerning security does only work with SecurityRealm using properties mechanism.

      The Remote EJB Client Lookup also works with SecurityRealm using jaas mechanism, which allows delegating authentification and authorisation of remote ejb calls to custom logon modules like Ldap, database etc. (this is essential for our application). But the jaas method does not work for the JMS lookup (an Sasl authetication error occures during lookup of destination or connectionFfactory) - but the error only occurs, when the server and client run on different computers.

       

      Both cannot be used together!

       

      I found no way to configure different mechanisms for both kinds of remote lookup, which would workaround the Problem.

      The SecurityRealm is fixed with the remoting configuration for both:

       

              <subsystem xmlns="urn:jboss:domain:remoting:2.0">
                  <endpoint worker="default"/>
                  <http-connector name="http-remoting-connector" connector-ref="default" security-realm="
      ApplicationRealm"/>
              </subsystem>

       

                  <security-realm name="ApplicationRealm">
                      <authentication>
                          <local default-user="someUser" allowed-users="*" skip-group-loading="true"/>

                          either of

                              <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>

                         or

                              <jaas name="SomeDomain"/>
                      </authentication>
                      <authorization map-groups-to-roles="false">
                          <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                      </authorization>
         

      Is this is a Wildfly shortcomming or configuration error? Any help is very welcome. See also following post, which describes a identical configuration http://stackoverflow.com/questions/28849596/wildfly-jms-configuration-failure


      Thank you in advance


      Stefan Heckler, PSI AG Aschaffenburg