-
1. Re: Remote EJB authentication via SecurityClient.setSimple
jw Jan 31, 2012 5:12 AM (in response to e.nikolaev)Same problem here. Using JAAS on remote client.
Remote Client Code:
{code}
loginContext = new LoginContext("client-login", new UsernamePasswordHandler(username, password.getBytes()));
loginContext.login();
service = ... // get the remote service
service.doSomething();
{code}
Remote Client auth.conf:
{code}
client-login {
org.jboss.security.ClientLoginModule required;
}
{code}
jboss-app.xml in ear:
{code}
<jboss-app>
<security-domain>my-security-domain</security-domain>
</jboss-app>
{code}
AS7 standalone configuration file:
{code}
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="my-security-domain" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="...."/>
<module-option name="principalsQuery" value="...."/>
<module-option name="rolesQuery" value="...."/>
<module-option name="hashAlgorithm" value="SHA"/>
<module-option name="hashEncoding" value="BASE64"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
{code}
Exception in the server log
{code}
....throws javax.ejb.EJBAccessException: javax.ejb.EJBAccessException: Invalid User
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54) [jboss-as-ejb
3-7.1.0.CR1b.jar:7.1.0.CR1b]
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb
3-7.1.0.CR1b.jar:7.1.0.CR1b]
at java.security.AccessController.doPrivileged(Native Method) [:1.7.0_02]
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [
jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja
r:1.1.1.Final]
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.0.CR1b.jar:7.1.0.CR1b]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja
r:1.1.1.Final]
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.CR1b.
jar:7.1.0.CR1b]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja
r:1.1.1.Final]
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57) [jb
oss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja
r:1.1.1.Final]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1
.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.CR1b.jar:7.1.0.CR1
b]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMess
ageHandler.java:283) [jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessag
eHandler.java:61) [jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHand
ler.java:191) [jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.7.0_02]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.7.0_02]
at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.7.0_02]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.7.0_02]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.7.0_02]
at java.lang.Thread.run(Thread.java:722) [:1.7.0_02]
at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.0.0.GA.jar:2.0.0.GA]
{code}
Any ideas?
-
2. Re: Remote EJB authentication via SecurityClient.setSimple
dlofthouse Jan 31, 2012 8:46 AM (in response to jw)This is not currently possible, the ClientLoginModule is not compatible with the SASL mechanism used to negotiate the connection in AS7 - theoretically it could be made compatible so feel free to raise a feature request in Jira.
-
3. Re: Remote EJB authentication via SecurityClient.setSimple
jw Feb 2, 2012 2:32 AM (in response to dlofthouse)So what's the recommended way to do remote client SASL login? Tried class org.jboss.security.client.JBossSecurityClient, but get this error on 7.1.0.CR1b:
{code}
java.lang.RuntimeException: PB00002: Not Yet Implemented:Not Implemented
at org.jboss.security.client.JBossSecurityClient.peformSASLLogin(JBossSecurityClient.java:59)
at org.jboss.security.client.SecurityClient.login(SecurityClient.java:72)
{code}