4 Replies Latest reply on Jul 11, 2012 8:04 AM by andersonvass

    Remote lookup without user authentication

    andersonvass
    andersonvass Jul 6, 2012 3:43 PM

      Hi

       

      It's possible to lookup remote EJB  withou username and login configuration in jboss-ejb-client.properties?

       

      I use this properties:

       

      remote.connections=default

      endpoint.name=client-endpoint

      remote.connection.default.port=4447

      remote.connection.default.host=10.16.73.152

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

      remote.connection.default.username=remote

      remote.connection.default.password=123mudar

       

       

      And this Java code:

       

      String JBOSS_CONTEXT = "org.jboss.naming.remote.client.InitialContextFactory";

      Properties props = new Properties();

      props.put(Context.INITIAL_CONTEXT_FACTORY, JBOSS_CONTEXT);

      props.put(Context.PROVIDER_URL, "remote://10.16.73.152:4447");

      props.put(Context.SECURITY_PRINCIPAL, "remote");

      props.put(Context.SECURITY_CREDENTIALS, "123mudar");

      InitialContext context = new InitialContext(props);

       

      RemoteEjb remoteEjb = (RemoteEjb) context.lookup(jndiName);

      remoteEjb.callMethod();

       

      If i remove the username and password configurations, i can't call the method in remote ejb. I give the error: "No EJB receiver available for handling"

      Thanks

      • 1159 Views
      • Tags:
        • 1. Re: Remote lookup without user authentication
          jaikiran
          jaikiran Jul 7, 2012 1:22 AM (in response to andersonvass)

          AS7 is by default secure, which means that invocations on it need to be authenticate/authorized. So without the username/password from the client, the security check will fail, unless you disable security on the server side. Is that what you want? If yes, is there a specific reason to disable security?

            • Actions
          • 2. Re: Remote lookup without user authentication
            andersonvass
            andersonvass Jul 10, 2012 7:05 AM (in response to jaikiran)

            Jaikiran,

             

             

            Is that what i want. I have a legacy system where i have to migrate for jboss 7. In this system, was  not used the security for lookup of remote EJB.

             

             

            How i can disable this security feature for remote invocation in jboss 7.1?

             

             

            Thanks

              • Actions
            • 3. Re: Remote lookup without user authentication
              jaikiran
              jaikiran Jul 10, 2012 7:19 AM (in response to andersonvass)

              The remoting subsystem is configured with a connector named remoting-connector:

              <subsystem xmlns="urn:jboss:domain:remoting:1.1">
    <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
</subsystem>

              That's what's used for remote invocations. The security-realm attribute is what makes it secure. Just remove that attribute if you want security disabled:

              <subsystem xmlns="urn:jboss:domain:remoting:1.1">
    <connector name="remoting-connector" socket-binding="remoting" />
</subsystem>
                • Actions
              • 4. Re: Remote lookup without user authentication
                andersonvass
                andersonvass Jul 11, 2012 8:04 AM (in response to jaikiran)

                Thanks!

                  • Actions