Remote EJB Client with SASL and Kerberos Authentication fails on jboss-as-7.1.0.Final-SNAPSHOT ( 02.02.2012)
rodakr Jan 3, 2012 8:25 AMHi
I tried to use SASL and GSSAPI for Authentication on jboss-as-7.1.0.Final-SNAPSHOT but it fails...
I did what is wroten here: http://community.jboss.org/wiki/SASLAndKerberos
Client Code is able to execute createSaslClient in Privileged Action after successfull KRB5 Jaas Login:
Sasl.createSaslClient(new String[]{"GSSAPI"}, null, "remoting", "test2", Collections.EMPTY_MAP, new NamePasswordCallbackHandler2("someuser","somepass" ) );
, but it fails with this Exception... :
[java] Client Addresses Null
[java] Initial Context created
[java] lookupejb:/sl-securityTestEjb3//TestServiceSLEJB3Bean!ch.swisslife.test.ejb3.TestServiceItf @RolesAllowed({"BackofficeRole"})
[java] 03.01.2012 13:54:35 org.jboss.ejb.client.EJBClient <clinit>
[java] INFO: JBoss EJB Client version 1.0.0.Beta11
[java] lookup testEjbJndi successful
[java] call unsecured Method permittAllMethod()
[java] 03.01.2012 13:54:36 org.xnio.Xnio <clinit>
[java] INFO: XNIO Version 3.0.0.GA
[java] 03.01.2012 13:54:36 org.xnio.nio.NioXnio <clinit>
[java] INFO: XNIO NIO Implementation Version 3.0.0.GA
[java] 03.01.2012 13:54:36 org.jboss.remoting3.EndpointImpl <clinit>
[java] INFO: JBoss Remoting version 3.2.0.CR8
[java] 03.01.2012 13:54:36 org.jboss.remoting3.remote.RemoteConnection handleException
[java] ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
[java] 03.01.2012 13:54:36 org.jboss.ejb.client.ConfigBasedEJBClientContextSelector createConnections
[java] ERROR: Could not create connection for connection named default
[java] java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
[java] at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)
[java] at org.jboss.ejb.client.ConfigBasedEJBClientContextSelector.createConnection(ConfigBasedEJBClientContextSelector.java:292)
[java] at org.jboss.ejb.client.ConfigBasedEJBClientContextSelector.createConnections(ConfigBasedEJBClientContextSelector.java:209)
[java] at org.jboss.ejb.client.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:138)
[java] at org.jboss.ejb.client.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:120)
[java] at org.jboss.ejb.client.ConfigBasedEJBClientContextSelector.<clinit>(ConfigBasedEJBClientContextSelector.java:110)
[java] at org.jboss.ejb.client.EJBClientContext.<clinit>(EJBClientContext.java:57)
[java] at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:91)
[java] at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:83)
[java] at $Proxy0.permittAllMethod(Unknown Source)
[java] at ch.swisslife.client.krb5.GetAction.run(TestServiceClient.java:154)
[java] at ch.swisslife.client.krb5.GetAction.run(TestServiceClient.java:114)
[java] at java.security.AccessController.doPrivileged(Native Method)
[java] at javax.security.auth.Subject.doAs(Subject.java:396)
[java] at TestServiceClient.main(TestServiceClient.java:76)
[java] Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
[java] at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:358)
[java] at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:207)
[java] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
[java] at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
[java] at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
[java] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
[java] at org.xnio.nio.NioHandle.run(NioHandle.java:90)
[java] at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
[java] at ...asynchronous invocation...(Unknown Source)
[java] at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:268)
[java] at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:250)
[java] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:359)
[java] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:343)
[java] at org.jboss.ejb.client.ConfigBasedEJBClientContextSelector.createConnection(ConfigBasedEJBClientContextSelector.java:290)
[java] ... 13 more
[java] 03.01.2012 13:54:36 org.jboss.ejb.client.ConfigBasedEJBClientContextSelector createConnections
[java] INFO: Connection default will not be available in EJB client context org.jboss.ejb.client.EJBClientContext@e2dae9
[java] java.lang.IllegalStateException: No EJB receiver available for handling [appName:,modulename:sl-securityTestEjb3,distinctname:] combination
[java] at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:344)
[java] at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:92)
[java] at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:83)
[java] at $Proxy0.permittAllMethod(Unknown Source)
[java] at GetAction.run(TestServiceClient.java:154)
[java] at GetAction.run(TestServiceClient.java:114)
[java] at java.security.AccessController.doPrivileged(Native Method)
[java] at javax.security.auth.Subject.doAs(Subject.java:396)
[java] at TestServiceClient.main(TestServiceClient.java:76)
I tried using those client jars:
jboss-ejb-api_3.1_spec-1.0.1.Final.jar
jboss-ejb-client-1.0.0.Beta11.jar
jboss-jacc-api_1.4_spec-1.0.1.Final.jar
jboss-logging-3.1.0.CR2.jar
jboss-marshalling-1.3.4.GA.jar
jboss-marshalling-river-1.3.4.GA.jar
jboss-remoting-3.2.0.CR8.jar
jboss-sasl-1.0.0.Beta9.jar
jboss-transaction-api_1.1_spec-1.0.0.Final.jar
xnio-api-3.0.0.GA.jar
xnio-nio-3.0.0.GA.jar
Some hints what's wrong... or is this not yet supported?