1 2 3 Previous Next 37 Replies Latest reply on Jan 20, 2014 7:59 AM by shivjan0610

remote ejb client username is encrypted at the server(JBOSS7.1 Final)

ganeshment Feb 17, 2012 5:42 PM

we are using remote EJB JNDI based units tests to test the code and we are evaluating JBOSS7.1 CR1. With JBOSS7.1 CR1, username sent from the remote ejb client is encrypted at the server, database query using the encrypted username is returning no passwords and login is failing. We are stuck with this problem to continue evaluation of JBOSS7.1 CR1 release. Can you please suggest how to fix this issue.

I have referred the following links to get the relevant information but unsuccessful

https://issues.jboss.org/browse/AS7-2942

https://issues.jboss.org/browse/AS7-2999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

https://issues.jboss.org/browse/AS7-3002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Server Exception :

18:54:39,652 ERROR [org.jboss.remoting.remote] (Remoting "machine1" read-1) JBREM000200: Remote connection failed: java.io.IOException: An existing connection was forcibly closed by the remote host
18:57:45,423 DEBUG [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@10d0fc9
18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) Begin isValid, principal:a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) defaultLogin, principal=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (pool-9-thread-2) Begin getAppConfigurationEntry(iS3Login), size=4
18:57:45,423 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (pool-9-thread-2) End getAppConfigurationEntry(iS3Login), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: sufficient
Options:
name=hashAlgorithm, value=SHA-256
name=principalsQuery, value=select password from sessionuser where name=?
name=hashEncoding, value=base64
name=dsJndiName, value=java:/jdbc/exampleds
name=rolesQuery, value=select role, 'Roles' from sessionrole where name=?
[1]
LoginModule Class: org.jboss.security.auth.spi.LdapLoginModule
ControlFlag: LoginModuleControlFlag: sufficient
Options:
name=java.naming.provider.url, value=ldap://ldap.xxx.xxx.com:123/
name=principalDNSuffix, value=,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com
name=principalDNPrefix, value=CN=

18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) initialize
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Security domain: iS3Login
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Password hashing activated: algorithm = SHA-256, encoding = base64, charset = {default}, callback = null, storeCallback = null
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) DatabaseServerLoginModule, dsJndiName=java:/jdbc/exampleds

18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) principalsQuery=select password from sessionuser where name=?
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) rolesQuery=select role, 'Roles' from sessionrole where name=?
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) suspendResume=true
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) login
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) suspendAnyTransaction
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Excuting query: select password from sessionuser where name=?, with username: a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Query returned no matches from db
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) resumeAnyTransaction
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) initialize
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Security domain: iS3Login
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) login
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Logging into LDAP server, env={java.naming.provider.url=ldap://ldap.xxx.xxx.com:123/, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, jboss.security.security_domain=iS3Login, principalDNPrefix=CN=, principalDNSuffix=,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com, java.naming.security.authentication=simple, java.naming.security.principal=CN=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com, java.naming.security.credentials=***}
18:57:45,423 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Bad password for username=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) abort
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) abort
18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) Login failure: javax.security.auth.login.FailedLoginException: PB00019: Processing Failed:No matching username found in Principals
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:186) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:248) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source) [:1.6.0_29]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_29]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_29]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [:1.6.0_29]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_29]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_29]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_29]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_29]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:402) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.proceedWithJaasLogin(JaasSecurityManagerBase.java:341) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:329) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:207) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:267) [jboss-as-security-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:234) [jboss-as-security-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:283) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:61) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:191) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_29]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_29]
at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_29]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_29]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)

18:57:45,439 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) End isValid, false
18:57:45,439 ERROR [org.jboss.ejb3.invocation] (pool-9-thread-2) JBAS014134: EJB Invocation failed on component SessionBean for method public abstract java.security.Principal demo.SessionBeanInterface.getPrincipal(): javax.ejb.EJBAccessException: Invalid User
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54)
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45)
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:283)
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:61)
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:191)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_29]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_29]
at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_29]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_29]
at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.0.0.GA.jar:2.0.0.GA]

1. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

ganeshment Feb 17, 2012 6:50 PM (in response to ganeshment)

With JBOSS7.1 Final version also Iam getting encrypted username at the server and database login is failing.

standalone.xml file contents :

<security-realm name="ApplicationRealm">
                <authentication>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>

<subsystem xmlns="urn:jboss:domain:remoting:1.1">
            <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm">
                <sasl>
                    <policy>
                        <no-anonymous value="true"/>
                        <no-plain-text value="false"/>
                        <pass-credentials value="true"/>
                    </policy>
                </sasl>
            </connector>
        </subsystem>

<security-domain name="MYLogin" cache-type="default">
                    <authentication>
                        <login-module code="Remoting" flag="optional">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="sufficient">
                            <module-option name="dsJndiName" value="java:/jdbc/example"/>
                            <module-option name="principalsQuery" value="select password from sessionuser where name=?"/>
                            <module-option name="rolesQuery" value="select role, 'Roles' from sessionrole where name=?"/>
                            <module-option name="hashAlgorithm" value="SHA-256"/>
                            <module-option name="hashEncoding" value="base64"/>
                        </login-module>
                    </authentication>
                </security-domain>
...

EJB is using Security Domain annotation
@SecurityDomain
(value = "MYLogin")

Can you please suggest how to configure standalone.xml for remote ejb authentication to work properly using database login module.
Actions
2. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

dlofthouse Feb 20, 2012 7:06 AM (in response to ganeshment)
Don't worry about the SASL options, they are selected automatically based on the capabilities of the authentication mechanism you choose.

What you will need to do is reference the JAAS domain from the realm, an example of this is here: -

<security-realm name="ManagementRealm"> <authentication> <jaas name="darrans-domain" /> </authentication> </security-realm>
Actions
3. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

apparaonali Feb 21, 2012 9:49 AM (in response to dlofthouse)

I am also facing the user name encrypted issue.
I tried with the above suggestion, still it failed to login due to encrypted vaule of Principal/user.
I enabled trace and verified the Principal/user value it is always encrypted value and different for run to run.

I added below lines as per your suggestion:
================================
<security-realm name="ManagementRealm">
<authentication>
<jaas name="AppuLogin" />
</authentication>
</security-realm>

I also added below lines as remote socket binding referring to "ApplicationRealm <subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/> </subsystem>"

security-realm name="ApplicationRealm">
                <authentication>
                    <jaas name="iS3Login"/>
                </authentication>
            </security-realm>

Here is server side trace, I underlined the principal value:

8:35:26,010 DEBUG [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@cfed14
08:35:26,010 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) Begin isValid, principal:f048cdad-baf6-4aef-8591-186a7414350f
08:35:26,010 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) defaultLogin, principal=f048cdad-baf6-4aef-8591-186a7414350f
08:35:26,010 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (EJB default - 1) Begin getAppConfigurationEntry(AppuLogin), size=3
08:35:26,026 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (EJB default - 1) End getAppConfigurationEntry(AppuLogin), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: sufficient
Options:
name=hashAlgorithm, value=SHA-256
name=principalsQuery, value=select password from sessionuser where name=?
name=hashEncoding, value=base64
name=dsJndiName, value=java:/jdbc/AppuDS
name=rolesQuery, value=select role, 'Roles' from sessionrole where name=?
08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) initialize
08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Security domain: AppuLogin
08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Password hashing activated: algorithm = SHA-256, encoding = base64, charset = {default}, callback = null, storeCallback = null
08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) DatabaseServerLoginModule, dsJndiName=java:/jdbc/AppuDS
08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) principalsQuery=select password from sessionuser where name=?
08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) rolesQuery=select role, 'Roles' from sessionrole where name=?
08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) suspendResume=true
08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) login
08:35:26,041 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) suspendAnyTransaction
08:35:26,041 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Excuting query: select password from sessionuser where name=?, with username: f048cdad-baf6-4aef-8591-186a7414350f
08:35:26,072 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Query returned no matches from db
08:35:26,072 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) resumeAnyTransaction
08:35:26,072 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) abort
08:35:26,072 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) Login failure: javax.security.auth.login.FailedLoginException: PB00019: Processing Failed:No matching username found in Principals
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:186) [picketbox-4.0.6.final.jar:4.0.6.final]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:248) [picketbox-4.0.6.final.jar:4.0.6.final]
Actions
4. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

dlofthouse Feb 21, 2012 9:57 AM (in response to apparaonali)

The username and password are not encrypted, they are random values as the values from the client connection are not arriving at the server.

What call are you making to the server at the time this is logged?
Actions
5. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

dlofthouse Feb 21, 2012 10:27 AM (in response to dlofthouse)

Also where is your client located? Looking at your log I think the local authentication mechanism could be getting selected which would explain why there is no username or password propagated to the login module.
Actions
6. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

apparaonali Feb 21, 2012 11:51 AM (in response to dlofthouse)

Thanks for your quick reply.

When my test sesion bean trying to get the principal from the EJBContext, it is throwing the above error. Please find the detais of my test below.

TestBean:
=======

@Stateless
@SecurityDomain(value = "AppuLogin")

public class SessionBean implements
SessionBeanInterface {
     @Resource private EJBContext context;
          Principal pp = context.getCallerPrincipal();

     @Override
     public String getPrincipal() {

          System.out.println(pp.toString());

          return (String) (context.getCallerPrincipal().getName());
     }

}

Standalone Remote Client code:
=========================
public class RemoteEJBClient {

    private static final String USER_LOGIN_NAME = "admin";
    private static final String USER_PASSWORD = "admin";

    static {
        Security.addProvider(new JBossSaslProvider());
    }

    public static final String AUTH_LOGIN_CONFIG = "java.security.auth.login.config";

    public static final String AUTH_CONF = "/auth.conf";
    public static void main(String[] args) throws Exception {

        if (System.getProperties().getProperty(RemoteEJBClient.AUTH_LOGIN_CONFIG) == null) {
            URL url = RemoteEJBClient.class.getClass().getResource(RemoteEJBClient.AUTH_CONF);
            if (url != null) {
                System.getProperties().setProperty(RemoteEJBClient.AUTH_LOGIN_CONFIG, url.toString());
            }
        }

        AppCallbackHandler callbackHandler = new AppCallbackHandler(USER_LOGIN_NAME, USER_PASSWORD.toCharArray());
        LoginContext loginContext = new LoginContext("logincontextname", callbackHandler);
        loginContext.login();

        final Hashtable jndiProperties = new Hashtable();
        jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
        final Context context = new InitialContext(jndiProperties);

        invokeStatelessBean(context);
    }
    private static void invokeStatelessBean(Context context) throws NamingException, LoginException {
        final SessionBeanInterface statelessSessionBeanInterface = lookupRemoteStatelessCalculator(context);
        System.out.println("Obtained a remote stateless SessionBeanInterface for invocation");
        try {
            final String principal = statelessSessionBeanInterface.getPrincipal();
            System.out.println("EJB principal " + statelessSessionBeanInterface.getPrincipal());
        } catch (RuntimeException e) {
            e.printStackTrace();
        }
    }

    private static SessionBeanInterface lookupRemoteStatelessCalculator(Context context) throws NamingException, LoginException {

        final String appName = "TestEAR";
        final String moduleName = "TestEJB";
        final String distinctName = "";
        final String beanName = "SessionBean";
        final String viewClassName = SessionBeanInterface.class.getName();
        System.out.println("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);
        return (SessionBeanInterface) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName
                + "!" + viewClassName);
    }
}

Client ejb properties:
===============

remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

remote.connections=default

remote.connection.default.host=
localhost

remote.connection.default.port = 4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

remote.connection.two.host=
localhost

remote.connection.two.port = 4447
remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

aut.conf:
======
logincontextname
{
org.jboss.security.ClientLoginModule required
;
};
Actions
7. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

dlofthouse Feb 21, 2012 12:27 PM (in response to apparaonali)

Can you try the following client properties: -

remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

I believe from the message you show that the client and server are running local to each other so the authentication is ocurring silently and locally, these properties first allow for the username and password to be sent to the server and secondly will allow the password to be passed plain text to the server which is required to pass it to JAAS.
Actions
8. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

apparaonali Feb 21, 2012 2:19 PM (in response to dlofthouse)

I added these properties, still I am geting these exceptions.

Client side I obsrsed the below warning related to new property

WARN: Invalid option 'org.xnio.Options..SASL_DISALLOWED_MECHANISMS' in property 'remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS':
java.lang.IllegalArgumentException : Class 'org.xnio.Options.' not found

Thanks for your quck replies.

Here is file ejb client properties I used to run the test:
=======================================
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=localhost
remote.connection.default.port = 4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
remote.connection.two.host=localhost
remote.connection.two.port = 4447
remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
Actions
9. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

jw Feb 22, 2012 3:41 AM (in response to apparaonali)

Remove the .. in the property:

remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS

should be

remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS

But I still have the same problem you have
Actions
10. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

jaikiran Feb 22, 2012 3:58 AM (in response to dlofthouse)

Darran Lofthouse wrote:

Can you try the following client properties: -

remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

There are a couple of typos in there. What Darran meant was:

remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

(Notice the connection name is "default" and not "two").
Actions
11. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

jw Feb 22, 2012 5:01 AM (in response to apparaonali)

auth.conf:

logincontextname
{

org.jboss.security.ClientLoginModule required
;
};

Is this supported again? I thought this JAAS module is not compatible anymore (as of 7.1.0.Cr1)
Actions
12. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

dlofthouse Feb 22, 2012 6:34 AM (in response to jw)

jw - that is a new question so I would suggest starting a new thread - but no that module is not currently supported.
Actions
13. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

dlofthouse Feb 22, 2012 6:36 AM (in response to dlofthouse)

jw - can you also please describe your environment?
Actions
14. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)

jw Feb 22, 2012 6:59 AM (in response to dlofthouse)

Darran Lofthouse schrieb:

jw - that is a new question so I would suggest starting a new thread - but no that module is not currently supported.
your're right. Just saw this in apparaonali's example. Thouht it could be a hint.
Actions

1 2 3 Previous Next

Go to original post