9 Replies Latest reply: Jun 4, 2012 9:55 AM by jkreska RSS

    Is there a way to disable all auth on 7.1.2.Final

    jkreska Newbie

      I don't want ejb auth, mgmt auth, user auth etc.  I would like it to run wide open.

        • 1. Re: Is there a way to disable all auth on 7.1.2.Final
          Darran Lofthouse Master

          Just remove all of the security-realm="..." attributes and then any user that can access the ports of your AS installation will have full control to access what they like.

          • 2. Re: Is there a way to disable all auth on 7.1.2.Final
            jkreska Newbie

            That works great for the management console and jconsole access but doesn't seem to have any affect on ejb access.  I have added security realm for ejb-security per the docs

             

                    <security-realm name="ejb-security-realm">
                        <server-identities>
                            <secret value="dHJ1c3RubzE="/>
                        </server-identities>
                    </security-realm>

             

            Do I remove this?  I am trying to get rid of all these log stmts when remote clients connect

             

             

            May 24, 2012 8:27:44 AM org.jboss.ejb.client.remoting.RemotingConnectionEJBReceiver associate
            INFO: EJBCLIENT000013: Successful version handshake completed for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@14c92844, receiver=Remoting connection EJB receiver [connection=Remoting connection <67a78ec>,channel=jboss.ejb,nodename=jb7-8]} on channel Channel ID cfdbcc58 (outbound) of Remoting connection 3de08f43 to jb7-8.alpha.farecompare.com/192.168.12.83:4447
            May 24, 2012 8:27:44 AM org.jboss.remoting3.remote.RemoteConnection handleException
            ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
            May 24, 2012 8:27:44 AM org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager getEJBReceiver
            INFO: Could not create a connection for cluster node ClusterNode{clusterName='ejb', nodeName='jb7-8', clientMappings=[ClientMapping{sourceNetworkAddress=/0:0:0:0:0:0:0:0, sourceNetworkMaskBits=0, destinationAddress='192.168.12.83', destinationPort=4447}], resolvedDestination=[Destination address=192.168.12.83, destination port=4447]} in cluster ejb
            java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
            
            • 3. Re: Is there a way to disable all auth on 7.1.2.Final
              jaikiran pai Master

              Get rid of the security-realm reference from the remoting-connector in the remoting subsystem, if you don't want to enable security. Also you won't have to create any of those new security realms referenced in the EJB documentation if you don't need security.

              • 4. Re: Is there a way to disable all auth on 7.1.2.Final
                jkreska Newbie

                I am getting some exceptions about unrecognized SSL message when a cluser tries to make a remote connection to another cluster

                 

                13:23:08,529 INFO  [org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager] (ejb-client-cluster-node-connection-creation-4-thread-2) Could not create a connection for cluster node ClusterNode{clusterName='jboss7-test-server1-ejb', nodeName='jb7-1', clientMappings=[ClientMapping{sourceNetworkAddress=/0:0:0:0:0:0:0:0, sourceNetworkMaskBits=0, destinationAddress='192.168.12.223', destinationPort=4447}], resolvedDestination=[Destination address=192.168.12.223, destination port=4447]} in cluster jboss7-test-server1-ejb: java.lang.RuntimeException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
                        at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)
                        at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:89)
                
                • 5. Re: Is there a way to disable all auth on 7.1.2.Final
                  jkreska Newbie

                  Unrecognized SSL message, plaintext connection?
                          at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

                   

                  messages have dis-appeard and communication is working again

                  • 6. Re: Is there a way to disable all auth on 7.1.2.Final
                    jaikiran pai Master

                    jkreska wrote:

                     

                     

                    Unrecognized SSL message, plaintext connection?
                            at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

                     

                     

                    messages have dis-appeard and communication is working again

                    I'm marking this thread as answered then.

                    • 7. Re: Is there a way to disable all auth on 7.1.2.Final
                      jkreska Newbie

                      If i remove the security-realm attribute in jboss-ejb-client.xml file it fails with the following exception

                       

                      15:14:17,273 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC00001: Failed to start service jboss.deployment.unit."xxi-framework-test-modul
                      e-deploy-ejb.ear".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."xxi-framework-test-module-deploy-ejb.ear".POST_MODUL
                      E: JBAS018733: Failed to process phase POST_MODULE of deployment "xxi-framework-test-module-deploy-ejb.ear"
                              at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:123) [jboss-as-server-7.1.2.Final.jar:7.1.2.Fin
                      al]
                              at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
                              at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
                              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0_04]
                              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0_04]
                              at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_04]
                      Caused by: java.lang.IllegalArgumentException: Name segment is null for security_realm
                              at org.jboss.msc.service.ServiceName.of(ServiceName.java:82) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
                              at org.jboss.msc.service.ServiceName.append(ServiceName.java:112) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
                              at org.jboss.as.ejb3.remote.EJBClientCommonConnectionConfig$CallbackHandlerProvider.<init>(EJBClientCommonConnectionConfig.java:114)
                              at org.jboss.as.ejb3.remote.EJBClientCommonConnectionConfig.setCallbackHandler(EJBClientCommonConnectionConfig.java:86)
                              at org.jboss.as.ejb3.remote.EJBClientClusterConfig.<init>(EJBClientClusterConfig.java:72)
                              at org.jboss.as.ejb3.deployment.processors.EJBClientDescriptorMetaDataProcessor.createClientConfiguration(EJBClientDescriptorMetaDataProcessor.jav
                      a:158)
                              at org.jboss.as.ejb3.deployment.processors.EJBClientDescriptorMetaDataProcessor.deploy(EJBClientDescriptorMetaDataProcessor.java:89)
                              at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:116) [jboss-as-server-7.1.2.Final.jar:7.1.2.Fin
                      
                      • 8. Re: Is there a way to disable all auth on 7.1.2.Final
                        jaikiran pai Master

                        Can you please file a JIRA for this one? I'll take a look.