1 2 Previous Next 22 Replies Latest reply on Feb 18, 2014 5:00 AM by manawajaws Branched to a new discussion.

EJB invocation from a remote server instance - SaslException

tc7 Mar 19, 2012 11:18 PM

I'm having trouble accessing a remote EJB between jboss app server instances.

I've followed the example at https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance, but have been unable to make this work.

Both servers are running JBoss-7.1.1.Final Brontes.

I have no trouble accessing the remote EJB from a "remote client" (i.e. not a JBoss instance), however there appears to be an authentication issue between the app servers.

For this example Server A hosts the EJBs and Server B attempt to connect remotely in order to invoke the EJB.

1. Configuration

a) Server A

i) runtime parameter

-Djboss.node.name=serverA

ii) CostingServiceEJB implements following

package com.myapp.costing.ejb;

@Remote

public interface CostingService

{

public String ping(String costDomain) throws RemoteException;

}

iii) CostingServiceEJB and associated classes deployed as:

MyAppCosting.war within MyCosting.ear

b) Server B

i) no jboss-ejb-client.properties

ii) jboss-ejb-client.xml

<jboss-ejb-client xmlns="urn:jboss:ejb-client:1.0">

<client-context>

<ejb-receivers>

<remoting-ejb-receiver outbound-connection-ref="remote-ejb-connection"/>

</ejb-receivers>

</client-context>

</jboss-ejb-client>

iii) standalone-full.xml

<outbound-connections>

<remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb-binding" security-realm="ApplicationRealm">

</properties>

</remote-outbound-connection>

</outbound-connections>

</subsystem>

...

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

...

<outbound-socket-binding name="remote-ejb-binding">

<remote-destination host="<remote-host-ip-addr>" port="4447"/>

</outbound-socket-binding>

</socket-binding>

c) remote client (run in a Java VM from eclipse with the necessary JBoss jars)

followed procedure at:

https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI

i) jboss-ejb-client.properties

remote.connections=default

endpoint.name=client-endpoint

remote.connection.default.port = 4447

remote.connection.default.host=<remote-host-ip-address>

remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

remote.connection.default.username = <remote-username>

remote.connection.default.password = <remote-password>

ii) eclipse runtime config

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<eclipse-userlibraries version="2">

</library>

</eclipse-userlibraries>

2. EJB Lookup

2a: EJB lookup from server B

jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

jndiProperties.put(Context.SECURITY_PRINCIPAL, "<remote-user-name>");

jndiProperties.put(Context.SECURITY_CREDENTIALS, "<remote-password>");

final Context context = new InitialContext(jndiProperties);

...

//String lookupName = "ejb:MyCosting/MyAppCosting//CostingServiceEJB!com.myapp.costing.ejb.CostingService";

String lookupName = "ejb:MyCosting/MyAppCosting/serverA/CostingServiceEJB!com.myapp.costing.ejb.CostingService";

log.debug("EJB Lookup name: " + lookupName);

CostingService svc = (CostingService) context.lookup(lookupName);

svc.ping();

result

20120320 13:06:34,611 ERROR [org.jboss.remoting.remote.connection] (Remoting "myapp" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

20120320 13:06:34,902 ERROR [org.jboss.remoting.remote.connection] (Remoting "myapp" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

20120320 13:06:34,904 ERROR [com.myapp.project.solution.generation.plugin.costing.GMPreprintCostingPlugin] (Solution Generator 1) Error running Generic Material Preprint Costing Plugin: java.lang.IllegalStateException: No EJB receiver available for handling [appName:MyCosting,modulename:MyAppCosting,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@4fb54562: java.lang.IllegalStateException: No EJB receiver available for handling [appName:MyCosting,modulename:MyAppCosting,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@4fb54562

at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:584) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:119) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:181) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:136) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

at $Proxy21.ping(Unknown Source) at com.myapp.costing.ejb.CostingServiceEJBLocator.getCostingService(CostingServiceEJBLocator.java:141) [MyAppIntegration.jar:]

...

at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_01]

2b: Alternative lookup

As above, but tried adding:

jndiProperties.put("jboss.naming.client.ejb.context", "true");

jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");

jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");

jndiProperties.put("jboss.naming.client.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

result (as above)

2c: EJB lookup from standalone client

result

Using the same jndi properities as 2a above this works every time.

I'm not sure what I've missed, but am unable to get JBoss server to JBoss server ejb invocation working.

Can anyone see what I'm doing wrong, or recommend a solution?

I should also add that the EJB invocation works fine when the EJB ear is deployed within the same server as the caller (i.e. also deployed on server B).

1. Re: EJB invocation from a remote server instance - SaslException

enakai00 Apr 8, 2012 5:41 PM (in response to tc7)

Hi, I encountered the same problem in following https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance with JBoss-7.1.1.Final Brontes.

Trying to figureout the root cause, I disabled sucurity-realm for the remoting-connector by removing 'security-realm="ApplicationRealm"' attribute in the connector tag in domain.xml below:

---
            <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                 <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
                 <outbound-connections>
...snip
                 </outbound-connections>
             </subsystem>
---

And it worked. So there is surely a problem in the SASL authentication mechanism. I'm not sure whether this a config problem or potential bug, yet.
Actions
2. Re: EJB invocation from a remote server instance - SaslException

vatsanm Apr 9, 2012 4:17 PM (in response to enakai00)

Nakai,
    I'm havign the same issue, but I do not have the <connector....... />. My config is below. Both my client and server are on the same physical server but different IP/ports.
.....
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
            <outbound-connections>
                <remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb1">
                    <properties>
                        <property name="SASL_POLICY_NOANONYMOUS" value="false"/>
                        <property name="SSL_ENABLED" value="false"/>
                    </properties>
                </remote-outbound-connection>
            </outbound-connections>
        </subsystem>
........
and in my socket-binding-group
<outbound-socket-binding name="remote-ejb1">
            <remote-destination host="myserver.com" port="42010"/>
</outbound-socket-binding>
Actions
3. Re: EJB invocation from a remote server instance - SaslException

vatsanm Apr 10, 2012 9:48 AM (in response to vatsanm)

additional info jsut in case: This is not EJB3 (EJB2.x) and also this the client and server are on 2 diff JBoss AS 7.1.1 servers.
Actions
4. Re: EJB invocation from a remote server instance - SaslException

vatsanm Apr 10, 2012 4:06 PM (in response to vatsanm)

trace info. This is a clustered environmetn 9usign standalone.xml) and not a domain.

16:00:01,413 ERROR [org.jboss.remoting.remote.connection] (Remoting "etmimage" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
16:00:01,419 ERROR [stderr] (http--0.0.0.0-8880-1) java.lang.IllegalStateException: No EJB receiver available for handling [appName:wfm,modulename:wfm,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@12a7b1d
16:00:01,421 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:584)
16:00:01,425 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:119)
16:00:01,426 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:181)
16:00:01,427 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:136)
16:00:01,429 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121)
16:00:01,430 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104)
16:00:01,431 ERROR [stderr] (http--0.0.0.0-8880-1)      at $Proxy70.getMdnsForPendingOrders(Unknown Source)
16:00:01,432 ERROR [stderr] (http--0.0.0.0-8880-1)      at client.EJBClient.getWfmUpgradePendingLines(Unknown Source)
16:00:01,432 ERROR [stderr] (http--0.0.0.0-8880-1)      at coei.webstore.PendingLinesServlet.getUpgradePendingLines(PendingLinesServlet.java:371)
16:00:01,433 ERROR [stderr] (http--0.0.0.0-8880-1)      at coei.webstore.PendingLinesServlet.coreOrderProcessing(PendingLinesServlet.java:222)
16:00:01,435 ERROR [stderr] (http--0.0.0.0-8880-1)      at coei.webstore.BaseServlet.doPost(BaseServlet.java:443)
16:00:01,435 ERROR [stderr] (http--0.0.0.0-8880-1)      at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
16:00:01,436 ERROR [stderr] (http--0.0.0.0-8880-1)      at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
16:00:01,437 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
16:00:01,438 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
16:00:01,439 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
16:00:01,440 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
16:00:01,442 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
16:00:01,443 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
16:00:01,444 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
16:00:01,445 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
16:00:01,446 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
16:00:01,447 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
16:00:01,448 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
16:00:01,455 ERROR [stderr] (http--0.0.0.0-8880-1)      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
16:00:01,456 ERROR [stderr] (http--0.0.0.0-8880-1)      at java.lang.Thread.run(Thread.java:662)
Actions
5. Re: EJB invocation from a remote server instance - SaslException

vatsanm Apr 11, 2012 6:26 PM (in response to vatsanm)

The issue was not at the client end. The EJB server was accidently configured for sercure users only ( and the system that was runnign it was takign me out of the application-users.properties file) assumign that they had disabled secure access at the connector. I did not need the jboss-ejb-client.peoperties in this case only jboss-ejb-client.xml. Its unsercured for now.
The bottomlime :

THE DOCUMENTAION FOR EJB INVOCATION BETWEEN 2 AS SERVERS IS CORRECT PER LINK - https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance

I also coverted a standalone client per the documentation and it works perfectly as per link https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI
Actions
6. Re: EJB invocation from a remote server instance - SaslException

tc7 Apr 12, 2012 1:21 AM (in response to enakai00)

Thanks Etsuji, not sure if you meant removing security-realm attribute from <connector..> or from <remote-outbound-connection..>
eg:
<remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb-binding" security-realm="ApplicationRealm">
becomes:
<remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb-binding">

I found the above change allows remote ejb invocation to work within the same JBoss container only! So a minor step forward I suppose.
I can do away with jboss-ejb-client.properties and move forward with the <remote-outbound-connection..> (config as above) and jboss-ejb-client.xml.

The following now works (with the security-realm attribute removed):
            <outbound-socket-binding name="remote-ejb-binding">
                <remote-destination host="localhost" port="4447"/>
            </outbound-socket-binding>

But attempting to configure the outbound socket binding with an IP address (instead of localhost) results in:
No EJB receiver available for handling [appName:MyAppCostingEngine,modulename:CostingEngine,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@8c75805: java.lang.IllegalStateException: No EJB receiver available for handling [appName:AppCostingEngine,modulename:CostingEngine,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@8c75805
          at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:584) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]
          at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:119) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]
          at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:181) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]
          at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:136) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]
          at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]
          at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]
          at $Proxy21.ping(Unknown Source)          at com.myapp.costing.corrugated.ejb.CostingServiceEJBLocator.getCostingService(CostingServiceEJBLocator.java:142) [AppCosting.jar:]
          at com.myapp.project.solution.generation.plugin.costing.GMPreprintCostingPlugin.perform(GMPreprintCostingPlugin.java:139) [AppIntegration.jar:]
          at com.myapp.project.solution.generation.SolutionGenerator.doSolutionGenPart1(SolutionGenerator.java:684) [AppIntegration.jar:]
          at com.myapp.project.solution.generation.FullSolutionGenerator.run(FullSolutionGenerator.java:145) [AppIntegration.jar:]
          at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_03]
          at com.myapp.util.localization.LocalizedThread.run(LocalizedThread.java:82) [AppUtil.jar:]

Using telnet I can verify the remote IP address / port 4447 are accessible.
I also tried removing the security-realm attribute from the standalone-full.xml on the remote server - but it seemed to have no effect.
I also tried setting the distinctName to the jboss.node.name specified in standalone.conf via -D.

As ususal my remote client to JBoss server test case (using jboss-ejb-client.properties) works every time for both localhost or remote server via IP address.

Still stuck.
Actions
7. Re: EJB invocation from a remote server instance - SaslException

enakai00 Apr 12, 2012 2:13 AM (in response to tc7)

Hi,

I removed "security-realm="ApplicationRealm" from the <connector name="...."> tag. There's no "security-realm" in <remote-outbound-connection..> tag from the beginning. The following is the my current config.

--------------------------
             <subsystem xmlns="urn:jboss:domain:pojo:1.0"/>
             <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                 <connector name="remoting-connector" socket-binding="remoting"/>
                 <outbound-connections>
                     <remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb">
                         <properties>
                             <property name="SASL_POLICY_NOANONYMOUS" value="false"/>
                             <property name="SSL_ENABLED" value="false"/>
                         </properties>
                     </remote-outbound-connection>
                 </outbound-connections>
             </subsystem>
--------------------------

Note that as there're multiple profiles by default, you have to modify the <connection> tag corresponding to your using profile.

And, corresponding outbound-socket-binding is as below:

--------------------------
    <socket-binding-groups>
         <socket-binding-group name="standard-sockets" default-interface="public">
(snip)             <outbound-socket-binding name="mail-smtp">
                 <remote-destination host="localhost" port="25"/>
             </outbound-socket-binding>
             <outbound-socket-binding name="remote-ejb">
                 <remote-destination host="node02" port="4447"/>
             </outbound-socket-binding>
--------------------------

Again, you have to modify the one corresponding to your using socket binding.

node02 is the remote ejb container. It works for me, though without a security protection...
Actions
8. Re: EJB invocation from a remote server instance - SaslException

vatsanm Apr 12, 2012 9:34 AM (in response to enakai00)

I did the same (mine was the clinet), btu the server/receiver had the secure attribute and once I removed it , stuff is workign now. Thx
Actions
9. Re: EJB invocation from a remote server instance - SaslException

vatsanm Apr 12, 2012 9:43 AM (in response to vatsanm)

tc7,
here are the steps that I folowed to get it to work.

server A (receiver):
     1. In standalone.xml (or full), enable remoting
     2. In the connector line for remoting do not have "security-realm attribute. So it will look like
                <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                      <connector name="remoting-connector" socket-binding="remoting"/>
                </subsystem>
      3. Your socket group will have
               <socket-binding name="remoting" port="42010"/>

server B (client):
     1. In your app WEB-INF - add jboss-ejb-client.xml (it can only be in teh WEB-INF directory
     2. Your client changes need to be as - https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance

Restart both servers (server A 1st and then B) and it should work, This is how I got it to work fro me.
Actions
10. Re: EJB invocation from a remote server instance - SaslException

tc7 Apr 12, 2012 9:52 PM (in response to vatsanm)

Thanks Vatsan, I've followed your steps but still no success.

However I did make one observation which perhaps points to the problem.
I accidentally deployed the remote EJB service locally (eg both client and server EARs to the same local JBoss deployment) while configured to connect to the remote server ("server A"), and it worked. At first I thought I'd connected remotely, then I shutdown server B (client) and removed the EJB deployment and tried again - failure.

In other words it appears the remote-ejb binding host/port are being ignored.

I have verified this by purposely setting the port to a value other than the remoting port on the same host, and the EJB lookup still works, eg:
            <socket-binding name="remoting" port="4447"/>
            <outbound-socket-binding name="remote-ejb-binding">
                <remote-destination host="localhost" port="12345"/>
            </outbound-socket-binding>
I have tried both IPv4 address ("aaa.bbb.ccc.ddd"), and hostname (added to /etc/hosts), but neither seems to make a difference.

I know my jboss-ejb-client.xml is being read as I get the following exception if I remove the remote-ejb-connection outbound connection completely:
MyAppEJB.HandleDelegate, service jboss.naming.context.java.comp.MyApp.PrincipalServiceEJB.ValidatorFactory]
      service jboss.remoting.endpoint.subsystem.outbound-connection.remote-ejb-connection (missing) dependents: [service jboss.ejb3.dd-based-ejb-client-context."MyApp.ear"]
Simillarly I get an exception if the (otherwise ignored) outbound-socket-binding is omitted.

Can anyone confirm whether they've been able to get JBoss server <--> JBoss server remote EJB invocation working where server A (ejb server) resides on a different host/IP address to server B (client)?
Can anyone confirm whether setting host/port values other than defaults in an outbound-socket-binding / remote-destination has any effect?

This looks like a bug to me.
Actions
11. Re: EJB invocation from a remote server instance - SaslException

vatsanm Apr 13, 2012 10:53 AM (in response to tc7)

looks like it.
I created another instance of JB7 AS with only the EJB client as ear adn it failed to connect (after successful handshake).
Actions
12. Re: EJB invocation from a remote server instance - SaslException

jaikiran Apr 13, 2012 10:55 AM (in response to vatsanm)

Theo pinged me about this thread and I'm updating the original article tonight to fix some security related details there. Once that's done, please refer to that article and retry your application.
Actions
13. Re: EJB invocation from a remote server instance - SaslException

jaikiran Apr 15, 2012 2:05 AM (in response to jaikiran)

I've updated the https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance article to include the security configurations required to communicate between two AS7 instances. Please refer to that article and give it a try. If you still run into issues, either create new threads (if they are not related to this thread) or add a new post here.
Actions
14. Re: EJB invocation from a remote server instance - SaslException

enakai00 Apr 16, 2012 2:15 AM (in response to jaikiran)

Great thanks!

By following the updated document, I succeeded to use remote EJB connection with authentication.

I used a domain configuration consisting of two separate servers, and the following is the summary of what I've done.

1. Add user "ejb" with add-user.sh on the EJB server side, and check its host.xml
==============
    <management>
        <security-realms>

            <security-realm name="ApplicationRealm">
                <authentication>
                    <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
            </security-realm>
        </security-realms>
==============

2. Edit the EJB client's host.xml
==============
    <management>
        <security-realms>

            <security-realm name="ejb-security-realm">
                <server-identities>
                    <secret value="YXNkZmhvZ2U="/>
                </server-identities>
            </security-realm>
==============

3. Edit domain's domain.xml
==============
    <socket-binding-groups>
        <socket-binding-group name="standard-sockets" default-interface="public">
            <outbound-socket-binding name="remote-ejb">
                <remote-destination host="node02" port="4447"/>
            </outbound-socket-binding>
        </socket-binding-group>
...
            <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>

                <outbound-connections>

                    <remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb"
                                                security-realm="ejb-security-realm" username="ejb">
...
                    </remote-outbound-connection>
                </outbound-connections>
            </subsystem>
==============
1 of 1 people found this helpful
Actions

1 2 Previous Next

Go to original post