13 Replies Latest reply on Jun 7, 2012 1:47 AM by anssih

    JBoss 7.2.0 nightly build custom login module

    danjee

      I've downloaded the latest the 7.2.0 Alpha1 version and deployed my application that is running fine in 7.1.1 version and also in a snapshot of 7.1.2.

      Unfortunatelly it seems that something is not working with my login module in 7.2.0 Alpfha1  because the authentication is rejected for remoting

      What should I change in the 7.1.2 configuration to be able to deploy to 7.2.0 successfuly ?

       

      Thank you

        • 1. Re: JBoss 7.2.0 nightly build custom login module
          ctomc

          noting...

           

          current 7.2.0.alpha1 nightly builds don't have any changes over 7.1.2 in codebase yet, it is essentially the same as 7.1.2 tag with renamed version...

           

          i would look for problem somewhere else.

           

          --

          tomaz

          • 2. Re: JBoss 7.2.0 nightly build custom login module
            danjee

            Maybe something did change between 7.1.2 builds because I have a working version of 7.1.2 snapshot, but for the 7.2.0 version I get this exception

            18:08:10,657 TRACE [org.jboss.remoting.remote.server] (Remoting "vs420" read-1) Server received authentication request

            18:08:10,657 TRACE [org.xnio.nio.selector] (Remoting "vs420" read-1) Beginning select on sun.nio.ch.EPollSelectorImpl@530ce397

            18:08:10,657 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) Begin isValid, principal:SUPPORT, cache entry: org.jboss.securi

            ty.authentication.JBossCachedAuthenticationManager$DomainInfo@5b7e62ad

            18:08:10,658 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) Begin validateCache, info=org.jboss.security.authentication.JBo

            ssCachedAuthenticationManager$DomainInfo@5b7e62ad;credential.class=java.lang.String@686231088

            18:08:10,658 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) End validateCache, isValid=true

            18:08:10,658 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "vs420" task-3) End isValid, true

            18:08:10,658 TRACE [org.jboss.remoting.remote.server] (Remoting "vs420" task-3) Server sending authentication rejected (javax.security.sasl.SaslException: Callback handler invoc

            ation failed [Caused by javax.security.auth.callback.UnsupportedCallbackException])

             

            • 3. Re: JBoss 7.2.0 nightly build custom login module
              jaikiran

              What kind of authentication is going on here? I mean what is the usecase where this is failing?

              • 4. Re: JBoss 7.2.0 nightly build custom login module
                jaikiran

                Looking at the commits here https://github.com/jbossas/jboss-as/commits/master I don't see anything related to security that's changed after May 9 (the day 7.1.2 tag was created).

                • 5. Re: JBoss 7.2.0 nightly build custom login module
                  danjee

                  Here is a simple example of an app that worked on a 7.1.2 ( I think from April) and on 7.2.0 it gives me the

                   

                   

                  ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
                  Exception in thread "main" javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
                  
                  

                   

                   

                  The login module looks like this:

                   

                   

                  package com.asf.jboss7.security;
                  
                  
                  import java.security.acl.Group;
                  
                  
                  import javax.security.auth.login.LoginException;
                  
                  
                  import org.jboss.security.SimpleGroup;
                  import org.jboss.security.SimplePrincipal;
                  import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
                  
                  
                  public class TestLoginModule extends UsernamePasswordLoginModule {
                  
                  
                            // initial state
                            @Override
                            protected String getUsersPassword() throws LoginException {
                                      return "1";
                            }
                  
                  
                            /*
                             * (non-Javadoc)
                             * 
                             * @see
                             * org.jboss.security.auth.spi.UsernamePasswordLoginModule#validatePassword
                             * (java.lang.String, java.lang.String)
                             */
                            @Override
                            protected boolean validatePassword(String inputPassword,
                                                String expectedPassword) {
                                      System.out.println("--> username: " + super.getUsername());
                                      new Throwable("trace login module calls").printStackTrace();
                  
                  
                                      return super.validatePassword(inputPassword, expectedPassword);
                            }
                  
                  
                            @Override
                            protected Group[] getRoleSets() {
                                      Group[] groups = { new SimpleGroup("Roles"), new SimpleGroup("*") };
                                      SimplePrincipal role = new SimplePrincipal("ASF_Users");
                                      groups[0].addMember(role);
                                      return groups;
                            }
                  
                  
                  }
                  
                  

                   

                   

                  The client is this:

                   

                   

                  package com.asf.jndi.jboss7;
                  
                  
                  import java.rmi.RemoteException;
                  import java.util.Hashtable;
                  
                  
                  import javax.naming.Context;
                  import javax.naming.InitialContext;
                  import javax.naming.NamingException;
                  
                  
                  import com.asf.jboss7.RemoteCalculator;
                  import com.asf.kollecto.common.exception.AppException;
                  
                  
                  public class JndiTest {
                            public static void main(String[] args) throws NamingException,
                                                AppException, RemoteException {
                                      final Hashtable<String, Object> jndiProperties = new Hashtable<String, Object>();
                  
                  
                                      jndiProperties.put(Context.URL_PKG_PREFIXES,
                                                          "org.jboss.ejb.client.naming");
                                      jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY,
                                                          "org.jboss.naming.remote.client.InitialContextFactory");
                                      jndiProperties.put(Context.PROVIDER_URL,
                                                          "remote://vs420.intranet.asf.ro:4447");
                                      jndiProperties.put(Context.SECURITY_PRINCIPAL, "support");
                                      jndiProperties.put(Context.SECURITY_CREDENTIALS, "1");
                                      jndiProperties.put("jboss.naming.client.ejb.context", true);
                                      jndiProperties
                                                          .put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",
                                                                              "false");
                  
                  
                                      final Context context = new InitialContext(jndiProperties);
                                      final String appName = "myear";
                                      final String moduleName = "myejb3";
                                      final String distinctName = "";
                                      final String beanName = "CalculatorBean";
                                      final String viewClassName = RemoteCalculator.class.getName();
                                      String lookup = "ejb:" + appName + "/" + moduleName + "/"
                                                          + distinctName + "/" + beanName + "!" + viewClassName;
                                      System.out.println("lookup name: " + lookup);
                                      RemoteCalculator facade = (RemoteCalculator) context.lookup(lookup);
                                      System.out.println(facade);
                                      for (int i = 0; i < 3; i++) {
                                                System.out.println("test: " + facade.add(i, 8));
                                      }
                  
                  
                            }
                  }
                  
                  
                  • 6. Re: JBoss 7.2.0 nightly build custom login module
                    dlofthouse

                    18:08:10,658 TRACE [org.jboss.remoting.remote.server] (Remoting "vs420" task-3) Server sending authentication rejected (javax.security.sasl.SaslException: Callback handler invoc

                    ation failed [Caused by javax.security.auth.callback.UnsupportedCallbackException])

                     

                    This message looks like a candidate for the problem, just investigating now.

                    • 7. Re: JBoss 7.2.0 nightly build custom login module
                      dlofthouse

                      Daniel, one quick question while I am investigating - when you implement your login module are you able to access the users plain text password from wherever it is stored?  If so a realm plug-in may be better so you can leave the Remoting authentication to be Digest based without the need to force it down to Plain as is required to integrate with JAAS.

                      • 8. Re: JBoss 7.2.0 nightly build custom login module
                        danjee

                        The authentications reads from different sources for users passwords, some are them are stored in AD, others in non-reversible encoding in DB so I will need to send them in plain.

                         

                        Daniel

                        • 9. Re: JBoss 7.2.0 nightly build custom login module
                          dlofthouse

                          Ok so moving from the Realm to JAAS integration would probably not bring you a benefit.

                           

                          As you are running a self built AS can you try cherry picking the following commit into your branch and repeating your test https://github.com/darranl/jboss-as/commit/7671e50b652c1d521c9746ee639d17a666e5f004

                          • 10. Re: JBoss 7.2.0 nightly build custom login module
                            danjee

                            I am not working on a self-build AS. I've downloaded the application server from Jenkins's latest stable build:

                             

                            https://ci.jboss.org/jenkins/job/JBoss-AS-7.x-latest/ (May 14 version)

                            • 11. Re: JBoss 7.2.0 nightly build custom login module
                              dlofthouse

                              Ok in that case keep an eye on these pull requests: -

                               

                              https://github.com/jbossas/jboss-as/pull/2320

                              https://github.com/jbossas/jboss-as/pull/2321

                               

                              Once these are merged the next stable build after will contain the fix.

                              • 12. Re: JBoss 7.2.0 nightly build custom login module
                                danjee

                                Ok, thanks a lot

                                • 13. Re: JBoss 7.2.0 nightly build custom login module
                                  anssih

                                  Daniel, did this solve you're problem? I have a same kind of problems with authentication even with latest 7.2.0 version.