13 Replies Latest reply: Apr 10, 2012 11:26 AM by rathm1 Branched to a new discussion. RSS

    Remote EJB Client Security (Jboss7.1)

    rathm1 Newbie

      Hello there,

       

      I am having an issue that when I specify a username/password programatically using the InitialContext the authentication is not working but when I hardcode the username/password into the jboss-ejb-client.properties the authentication is successful.

      I am using a custom security domain connecting to an ldap but that seems to be configured correctly since I can successfully authenticate to it with having the username/password in jboss-ejb-client.properties.

       

      The working configuration is:

      jboss-ejb-client.properties

       

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

      remote.connections=default

      remote.connection.default.host=localhost

      remote.connection.default.port=4447

      remote.connection.default.username=myUsername

      remote.connection.default.password=myPassword

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

      remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

       

      local.jboss.jndi.properties

       

      java.naming.factory.url.pkgs=org.jboss.ejb.client.naming

       

      Client Application Code:

       

      jndiProperties.put("jboss.naming.client.ejb.context", true);    

      jndiProperties.put(Context.SECURITY_PRINCIPAL, username);

      jndiProperties.put(Context.SECURITY_CREDENTIALS, password);

      jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", false);

       

      Context context = new InitialContext(jndiProperties);

         

      String lookUp = "ejb:" + appName + "/" + moduleName + "/" + beanName + "!" + interfaceClassName;

       

      TestEJB facade = (TestEJB)context.lookup(lookUp);

       

      boolean connectionSuccessful = facade.canConnect();

       

      It does not matter what I set in the jndiProperties for the username and password, it will always use the username and password that were set in the jboss-ejb-client.properties.

      If I remove the username and password from jboss-ejb-client.properties and leave everything else the same, the lookup is successful but when the service is called an exception thrown on the client side is:

      java.lang.IllegalStateException: No EJB receiver available for handling [appName:MyAppEar, moduleName:MyAppJar,distinctname:] combination.

       

      I have looked through many other discussion items and it seems that everyone that has gotten security working, has the username and password in the jboss-ejb-client.properties.

       

      If anyone has any suggestions that would be great.

      Thanks.

        • 1. Re: Remote EJB Client Security (Jboss7.1)
          jaikiran pai Master

          If you are using the ejb: namespace approach then you don't need the jndi.properties file nor the jboss.naming specific properties in your intial context. All you need is this https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI and the jboss-ejb-client.properties.

          • 2. Re: Remote EJB Client Security (Jboss7.1)
            rathm1 Newbie

            Thanks for the quick reply.

             

            I have gotten rid of the jndi.properties files but still have the same error.

            When I specify the username and password in the jboss-ejb-client.properties all is well but I don't want to have it hard coded so I am trying to set the username and password in the InitialContext.

             

            My set up is now:

            jboss-ejb-client.properties

             

            remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

            remote.connections=default

            remote.connection.default.host=localhost

            remote.connection.default.port=4447

            remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

            remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

             

            Client Application Code:

             

            final Hashtable jndiProperties = new Hashtable();

             

            jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

            jndiProperties.put(Context.SECURITY_PRINCIPAL, username);

            jndiProperties.put(Context.SECURITY_CREDENTIALS, password);

            Context context = new InitialContext(jndiProperties); 

             

            String lookUp = "ejb:" + appName + "/" + moduleName + "/" + beanName + "!" + interfaceClassName;

             

            TestEJB facade = (TestEJB)context.lookup(lookUp);

            boolean connectionSuccessful = facade.canConnect();

             

            The error again being:

            java.lang.IllegalStateException: No EJB receiver available for handling [appName:MyAppEar, moduleName:MyAppJar,distinctname:] combination.

            • 3. Re: Remote EJB Client Security (Jboss7.1)
              Petr Mates Newbie

              Try set remote.connection.default.callback.handler.class in jboss-ejb-client.properties with your callbackhandler where you can set your username and password

              or

              check this test https://github.com/jbossas/jboss-as/blob/master/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/naming/remote/ejb/RemoteNamingEjbTestCase.java

              • 4. Re: Remote EJB Client Security (Jboss7.1)
                rathm1 Newbie

                Thanks for the help!

                The winning combination was...

                 

                jboss-ejb-client.properties

                 

                remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                remote.connections=default

                remote.connection.default.host=localhost

                remote.connection.default.port=4447

                remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

                 

                Client Application Code:

                 

                final Properties jndiProperties = new Properties();

                 

                jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, org.jboss.naming.remote.client.InitialContextFactory.class.getName());

                jndiProperties.put(Context.PROVIDER_URL, "remote://localhost:4447");

                jndiProperties.put("jboss.naming.client.ejb.context", true);

                jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");       

                jndiProperties.put(Context.SECURITY_PRINCIPAL, username);

                jndiProperties.put(Context.SECURITY_CREDENTIALS, password);

                Context context = new InitialContext(jndiProperties); 

                 

                String lookUp = appName + "/" + moduleName + "/" + beanName + "!" + interfaceClassName;

                 

                TestEJB facade = (TestEJB)context.lookup(lookUp);

                boolean connectionSuccessful = facade.canConnect();

                • 5. Re: Remote EJB Client Security (Jboss7.1)
                  Sebastian Bayerlein Newbie

                  Hello rathm,

                   

                  Can you please post the code of your custom login module?

                  I'm using a custom UsernamePasswordLoginModule and whenever I call a secured ejb, I get the following exception:

                   

                  07.03.2012 09:38:52 org.jboss.remoting3.remote.RemoteConnection handleException

                  ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechani

                  sms failed

                  javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslEx

                  ception: Authentication failed: all available authentication mechanisms failed]

                  ...

                   

                  Regards,

                  Sebastian

                  • 6. Re: Remote EJB Client Security (Jboss7.1)
                    rathm1 Newbie

                    Hi Sebastian,

                    We don't have a custom login module.

                    We use a custom security domain but that is just the standard ldap configuration with our custom configuration.

                    If you look at my previous post, that is all the code that I need to login to the server for authentication and authorization.

                    When the initial context is created with the properties including the username and password, the login is authenticated to the ldap.

                    The authorization is then done when I call the canConnect() method on the facade.

                    Sorry that I can't be more help.

                    • 8. Re: Remote EJB Client Security (Jboss7.1)
                      rodakr Novice

                      Fixing this will be like performance buster for  remote calls...

                      • 9. Re: Remote EJB Client Security (Jboss7.1)
                        Pooja Varma Newbie

                        Hi Rathm,

                         

                        I'm getting same error as yours

                        The error again being:

                        java.lang.IllegalStateException: No EJB receiver available for handling [appName:MyAppEar, moduleName:MyAppJar,distinctname:] combination.

                         

                        Then followed your suggestion, still I see same error.

                        Please advise

                         

                        We are using EJB2.1 and Jboss7.1.0 Final.

                         

                        Thanks,

                        Pooja

                        • 10. Re: Remote EJB Client Security (Jboss7.1)
                          rathm1 Newbie

                          Hi Pooja,

                          We are using EJB3.1 and Jboss7.1.0 Final.

                          Sorry I can't be more help, but I posted my configuration earlier and that is all I needed to get it working.

                          • 11. Re: Remote EJB Client Security (Jboss7.1)
                            Pooja Varma Newbie

                            Hi Rathm,

                             

                            Thanks for looking in. I got it working... The problem is in my code. I had context.lookup(""); after loading properties.

                             

                            Thanks,

                            Pooja

                            • 12. Re: Remote EJB Client Security (Jboss7.1)
                              abhi0123 Newbie

                              rathm1 wrote:

                               

                              Sorry I can't be more help, but I posted my configuration earlier and that is all I needed to get it working.

                               

                              For those, who came across this post like I did and wished they knew what dependencies to use (trust me, figuring it out is not as easy as you'd think):

                               

                               

                              
                              <profile>
                                    <id>jboss</id>
                                <activation>
                                <activeByDefault>true</activeByDefault>
                                </activation>
                                <dependencies>
                                <dependency>
                                    <groupId>org.jboss</groupId>
                                    <artifactId>jboss-ejb-client</artifactId>
                                    <version>1.0.5.Final</version>
                                    <scope>runtime</scope>
                                </dependency>
                                <dependency>
                                    <groupId>org.jboss.xnio</groupId>
                                    <artifactId>xnio-nio</artifactId>
                                    <version>3.0.0.GA</version>
                                    <scope>runtime</scope>
                                </dependency>
                                <dependency>
                                    <groupId>org.jboss.marshalling</groupId>
                                    <artifactId>jboss-marshalling-river</artifactId>
                                    <version>1.3.10.GA</version>
                                    <scope>runtime</scope>
                                </dependency>
                                <dependency>
                                    <groupId>org.jboss.sasl</groupId>
                                    <artifactId>jboss-sasl</artifactId>
                                    <version>1.0.0.Final</version>
                                    <scope>runtime</scope>
                                </dependency>
                                <dependency>
                                    <groupId>org.jboss.remoting3</groupId>
                                    <artifactId>jboss-remoting</artifactId>
                                    <version>3.2.3.GA</version>
                                    <scope>runtime</scope>
                                </dependency>
                                <dependency>
                                    <groupId>org.jboss.spec</groupId>
                                    <artifactId>jboss-javaee-6.0</artifactId>
                                    <version>3.0.0.Final</version>
                                    <type>pom</type>
                                     <scope>provided</scope>
                                <exclusions>
                                <exclusion>
                                    <groupId>xalan</groupId>
                                    <artifactId>xalan</artifactId>
                                </exclusion>
                                </exclusions>
                                </dependency>
                                <dependency>
                                    <groupId>xalan</groupId>
                                    <artifactId>xalan</artifactId>
                                    <version>2.7.1</version>
                                    <scope>runtime</scope>
                                </dependency>
                                <dependency>
                                    <groupId>org.jboss.as</groupId>
                                    <artifactId>jboss-as-ejb-client-bom</artifactId>
                                    <version>7.1.1.Final</version>
                                    <type>pom</type>
                                </dependency>
                                </dependencies>
                              </profile>
                              

                               

                              • 13. Re: Remote EJB Client Security (Jboss7.1)
                                rathm1 Newbie

                                Sorry about leaving out that info.

                                Here is a snippet from our classpath for our swing application:

                                 

                                SET CLASSPATH=../lib/jboss-client-7.1.0.Final.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/jboss-common-core-2.2.17.GA.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/jboss-logging-3.1.0.GA.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/jboss-remoting-3.2.2.GA.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/jta-1.1.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/jboss-ejb-api_3.1_spec-1.0.1.Final.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/commons-lang-2.4.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/log4j-1.2.16.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/mail-1.4.4.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/hibernate-core-4.0.1.Final.jar;%CLASSPATH%

                                SET CLASSPATH=../lib/jboss-metadata-ejb-7.0.0.Final.jar;%CLASSPATH%