Authentication of a remote client
kferkic Oct 14, 2012 5:11 AMHi,
currently I'm porting an application from JBoss 4.2.3 to JBoss 7.1.1
Till now everything went well. But now I'm stuck a little bit with the security.
We have a remote client which is a desktop application. The remote client is used for administrating the server application.
For that, the client have to login with his username and password. For the authentication we also send other things to the server like app-version, mandator...
On the server-side we use a custom authentication module which is based on the DatabaseServerLoginModule. We do not deploy that login-module as a module to the AS,
but with our application, cause it uses some ejbs from the application to authenticate the user.
We used the SecurityAssociation to pass the (custom) principal and credentials from the client to the server. Basically it was just using the setters on the clientside and the getters on the serverside
for the principal and credentials in the SecurityAssociation class.
Now here comes the problem:
There is no SecurityAssociation anymore. I found a SecurityContextAssociation class which has the same methods as the SecurityAssociation class. But if I set the principal and credentials on it,
they do not get sent to the server. On the serverside the principal and credentials in the SecurityContextAssociation are allways null. Same in the custom login module: The subject is allways empty
and the principal and credentials in the callback handler are some random UUIDs.
So I tried to put the principal and credentials in the environment properties for the jndi lookup - same thing
{code}
final Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
props.put(Context.PROVIDER_URL, "remote://localhost:4447");
props.put("jboss.naming.client.ejb.context", true);
props.put(Context.SECURITY_PRINCIPAL, "testUserName");
props.put(Context.SECURITY_CREDENTIALS, "testPassword");
props.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");
props.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", false);
InitialContext ctx = new InitialContext(props);
{code}
I've seen somewhere an example with the SecurityClient, so I've tried that, but no luck:
{code}
SecurityClient sc = SecurityClientFactory.getSecurityClient();
sc.setSimple("testUserName", "testPassword");
sc.login();
{code}
Also I've found some examples with the LoginContext, but I couldn't get this to work.
Here is my standalone.xml:
{code:xml}
...
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
<security-realm name="ApplicationRealm">
<authentication>
<jaas name="testSD" />
</authentication>
</security-realm>
</security-realms>
...
<security-domains>
<security-domain name="testSD" cache-type="default">
<authentication>
<login-module code="de.kf.CustomLoginModule" flag="required" />
</authentication>
</security-domain>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmUsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
</security-domains>
{code}
I'm realy a little bit desperate right now. I hope you guys can help me out.
What is the right (usual) way to do this? And why all this I've tried till now didn't worked?
Thank you in advance!