EJB Authentication fails in 7.1.2, works on 7.1.1
anssih Jun 1, 2012 9:01 AMHi!
We have problems to authenticate our standalone client ejb call against JBoss 7.1.2. Same mechanism works on JBoss 7.1.1. We are using custom login module
<security-domain name="our-domain" cache-type="default">
<authentication>
<login-module code="Database" flag="required" module="deployment.Some.ear.SomeEJBs.jar">
<module-option name="dsJndiName" value="java:/jdbc/databaseDS"/>
<module-option name="principalsQuery" value="SELECT password FROM employee WHERE attribute = ?"/>
<module-option name="ignorePasswordCase" value="true"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="hex"/>
<module-option name="principalClass" value="com.company.auth.User"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
We are creating EJBClientConfiguration from properties file
public static void setUpEJBClientContext(String ejbHostsString, String username, String password) { List<EJBHost> ejbHosts = parseHosts(ejbHostsString); final Properties clientProps = buildClientProperties(username, password, ejbHosts); final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(clientProps); LOG.debug("ejbClientConfiguration done"); final ContextSelector<EJBClientContext> ejbClientContextSelector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration); LOG.debug("ejbClientContextSelector done"); final ContextSelector<EJBClientContext> previousSelector = EJBClientContext.setSelector(ejbClientContextSelector); LOG.debug("previousSelector done"); } private static Properties buildClientProperties(String username, String password, List<EJBHost> hosts) { final Properties clientConfigProps = new Properties(); clientConfigProps.put("endpoint.name", "client-endpoint"); clientConfigProps.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false"); List<String> connectionNames = new ArrayList<String>(hosts.size()); int counter = 0; for (EJBHost ejbHost : hosts) { String connectionName = CONNECTION_NAME_PREFIX + counter++; connectionNames.add(connectionName); String propertyPrefix = "remote.connection."+ connectionName; clientConfigProps.put(propertyPrefix +".host", ejbHost.getHost()); clientConfigProps.put(propertyPrefix +".port", ejbHost.getPort()); clientConfigProps.put(propertyPrefix +".connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false"); clientConfigProps.put(propertyPrefix +".connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER"); clientConfigProps.put(propertyPrefix +".username", username); clientConfigProps.put(propertyPrefix +".password", password); } clientConfigProps.put("remote.connections", StringUtils.join(connectionNames.iterator(), ",")); return clientConfigProps; }
There can be more than one host but this time there is only one used. I did try jboss-ejb-client.properties file I came up with same error as with dynamically created properties-file.
I have set org.jboss.security to logging level TRACE but nothing comes to server log.
Client log:
06-01@14:37:25 DEBUG ( ?:?) - setUpEJBClientContext
ejbHostsString=localhost:4447
06-01@14:37:25 DEBUG ( ?:?) - Host: localhost, port: 4447
06-01@14:37:25 DEBUG ( ?:?) - Validate done
06-01@14:37:25 DEBUG ( ?:?) - Properties building starting
06-01@14:37:25 DEBUG ( ?:?) - Properties building done
06-01@14:37:25 DEBUG ( ?:?) - clientProps
{remote.connection.connection_0.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false,
endpoint.name=client-endpoint,
remote.connection.connection_0.host=localhost,
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false,
remote.connection.connection_0.username=TTM,
remote.connection.connection_0.port=4447,
remote.connection.connection_0.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER,
remote.connections=connection_0,
remote.connection.connection_0.password=ttmm2keh}
06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:230)
- endpoint.create.options. has the following options {}
06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:230)
- remote.connectionprovider.create.options. has the following options
{org.xnio.Options.SSL_ENABLED=>false}
06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:230)
- remote.connection.connection_0.connect.options. has the following
options {org.xnio.Options.SASL_POLICY_NOANONYMOUS=>false,org.xnio.Options.SASL_DISALLOWED_MECHANISMS=>[JBOSS-LOCAL-USER]}
06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:230)
- remote.connection.connection_0.channel.options. has the following
options {}
06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:464)
- Connection org.jboss.ejb.client.PropertiesBasedEJBClientConfiguration$RemotingConnectionConfigurationImpl@465ff916
successfully created for connection named connection_0
06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:283)
- No clusters configured in properties
06-01@14:37:25 DEBUG ( ?:?) - ejbClientConfiguration done
06-01@14:37:25 DEBUG (WorkerThread.java:88) - Started channel thread
'Remoting "client-endpoint" read-1', selector
sun.nio.ch.KQueueSelectorImpl@269be2b5
06-01@14:37:25 DEBUG (WorkerThread.java:88) - Started channel thread
'Remoting "client-endpoint" write-1', selector
sun.nio.ch.KQueueSelectorImpl@d896a4c
06-01@14:37:25 ERROR (RemoteConnection.java:99) - JBREM000200: Remote
connection failed: javax.security.sasl.SaslException: Authentication
failed: all available authentication mechanisms failed
06-01@14:37:25 WARN (ConfigBasedEJBClientContextSelector.java:131) -
Could not register a EJB receiver for connection to localhost:4447
java.lang.RuntimeException: javax.security.sasl.SaslException:
Authentication failed: all available authentication mechanisms failed
at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)
at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)
at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:76)
at fi.soft.util.EJBClientUtil.setUpEJBClientContext(Unknown Source)
**** SNIP ***
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.nio.NioHandle.run(NioHandle.java:90)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)
at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)
at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)
at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:117)
... 53 more
06-01@13:24:49 DEBUG (ConfigBasedEJBClientContextSelector.java:135) - Registered a reconnect handler in EJB client context org.jboss.ejb.client.EJBClientContext@181b7c76 for remote://localhost:4447
06-01@13:24:49 DEBUG (ConfigBasedEJBClientContextSelector.java:140) - Registered 0 remoting EJB receivers for EJB client context org.jboss.ejb.client.EJBClientContext@181b7c76
06-01@13:24:49 DEBUG (WorkerThread.java:88) - Started channel thread 'Remoting "client-endpoint" read-1', selector sun.nio.ch.KQueueSelectorImpl@317cfd38
06-01@13:24:49 DEBUG (WorkerThread.java:88) - Started channel thread 'Remoting "client-endpoint" write-1', selector sun.nio.ch.KQueueSelectorImpl@49aacd5f
06-01@13:24:49 ERROR (RemoteConnection.java:99) - JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
However if I use jboss-ejb-client.jar from 7.1.1 with my standlone app authentication is done against security-domain domain and after that user is in cache
14:18:54,650 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-3) Begin isValid, principal:USER, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@4689ad
14:18:54,650 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-3) Begin validateCache, info=org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@4689ad;credential.class=java.lang.String@21680077
14:18:54,650 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-3) End validateCache, isValid=true
14:18:54,651 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-3) End isValid, true
14:18:54,855 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-4) Begin isValid, principal:USER, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@4689ad
14:18:54,855 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-4) Begin validateCache, info=org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@4689ad;credential.class=java.lang.String@21680077
14:18:54,855 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-4) End validateCache, isValid=true
14:18:54,855 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-4) End isValid, true
14:18:55,484 DEBUG [org.jboss.jca.core.connectionmanager.pool.idle.IdleRemover] (IdleRemover) Notifying pools, interval: 30000
Client still logs same error as with jboss-ejb-client.jar from 7.1.2.
Good ideas where to start looking for a solution to the problem?