12 Replies Latest reply on Mar 28, 2013 4:13 AM by ohmygod

    JBoss 7.1.3, custom login module and JMS

    alxt

      I use jboss 7.1.3, custom login module, remote ejb client, remote jms client.

       

      *In standalone-full-ha.xml:*

      {code:xml}

      <security-domain name="RolesLoginModule" cache-type="default">

        <authentication>

          <login-module code="ru.start2com.common.auth.server_module.RolesLoginModule" flag="required" module="ru.start2com.Common.auth.module"/>

        </authentication>

      </security-domain>

      {code}

       

      {code:xml}

      <security-realm name="RolesLoginModuleRealm">

        <authentication> <jaas name="RolesLoginModule"/> </authentication>

      </security-realm>

      {code}

       

      {code:xml}

      <subsystem xmlns="urn:jboss:domain:remoting:1.1">

        <connector name="remoting-connector" socket-binding="remoting" security-realm="RolesLoginModuleRealm"/>

      </subsystem> (1) It is a problem code!!!

      {code} 

       

       

       

      In my EAR add jboss-app.xml

      {code:xml}

      <jboss-app>

        <security-domain>RolesLoginModule</security-domain>

      </jboss-app>

      {code}

       

      *In remote ejb client connect:*

      {code}

      Properties clientProp = new Properties();

      clientProp.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

      clientProp.put("remote.connections", "default");

      clientProp.put("remote.connection.default.host", serverHost);

      clientProp.put("remote.connection.default.port", serverPort);

      clientProp.put("remote.connection.default.username", login);

      clientProp.put("remote.connection.default.password", pwd);

      clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");

      clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");

      EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(clientProp);

      ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);

      EJBClientContext.setSelector(selector);

      params = new Hashtable<String, Object>();

      params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

      params.put(Context.PROVIDER_URL, serverUrl);

      params.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

      context = new InitialContext(params);

      {code}

      It work ONLY if (1) used. Else- principal in login module correct, by credentials - random UUID (used LocalCallbackHandlerService wich not setted "org.jboss.as.domain.management.subject_callback_supported")

       

      *In remote jms client connect:*

      {code}

      params = new Hashtable<String, Object>();

      params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

      params.put(Context.PROVIDER_URL, serverUrl);

      params.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

      params.put(Context.SECURITY_PRINCIPAL, login);

      params.put(Context.SECURITY_CREDENTIALS, pwd);

      context = new InitialContext(params);

      {code}

      It work ONLY if (1) NOT used (used default value). Else - error

          "Remoting "config-based-naming-client-endpoint" read-1:ERROR:org.jboss.remoting.remote.connection::JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed"

      In PlainSaslServer.SaslState.evaluateMessage in byte[] message not contained password...

       

      How to make configuration for use remote ejb and jms client in one server?

        • 1. Re: JBoss 7.1.3, custom login module and JMS
          alxt
          • 2. Re: JBoss 7.1.3, custom login module and JMS
            jaikiran

            Alexey, I don't fully understand what the problem is. Could you please leave out the JMS part from it for now and explain what problem you are running into with the EJB invocations? The EJB code and relevant exception stacktraces too would help.

            • 3. Re: JBoss 7.1.3, custom login module and JMS
              alxt

              If I not set socket-binding="remoting" security-realm="RolesLoginModuleRealm"

               

              client code:

               

                  final String LOGIN = "jmsUser";

                  final String PASSWORD = "123";

                  Properties clientProp = new Properties();

                  clientProp.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

                  clientProp.put("remote.connections", "default");

                  clientProp.put("remote.connection.default.host", "localhost");

                  clientProp.put("remote.connection.default.port", "4447");

                  clientProp.put("remote.connection.default.username", EJB_LOGIN);

                  clientProp.put("remote.connection.default.password", PASSWORD);

                  EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(clientProp);

                  ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);

                  EJBClientContext.setSelector(selector);

                  Hashtable<String, Object> params = new Hashtable<String, Object>();

                  params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

                  params.put(Context.PROVIDER_URL, "remote://localhost:4447");

                  params.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                  Context context = new InitialContext(params);

                  String name = "ejb:StartNg.twf-N2.S2.1/Common.auth.ejb-N2.1//AdmContextBL!ru.infosfera.common.auth.bl.AdmContextRemote";

                  AdmContextRemote admContext = (AdmContextRemote) context.lookup(name);

                  String userName = admContext.login("localhost", "alxt"); <-- real login in UserName login module and exception

               

              client exception:

               

              11:04:03.418:Remoting "config-based-ejb-client-endpoint" task-1:INFO :org.jboss.ejb.client.remoting       ::EJBCLIENT000011: Discarding result for invocation id 0 since no waiting context found

              javax.ejb.EJBAccessException: JBAS013323: Invalid User

                        at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54)

                        at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45)

                        at java.security.AccessController.doPrivileged(Native Method)

                        at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74)

                        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                        at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:42)

                        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                        at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)

                        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                        at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)

                        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                        at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:43)

                        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                        at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)

                        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)

                        at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)

                        at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:321)

                        at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:69)

                        at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:202)

                        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

                        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)

                        at java.util.concurrent.FutureTask.run(FutureTask.java:166)

                        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

                        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

                        at java.lang.Thread.run(Thread.java:722)

                        at org.jboss.threads.JBossThread.run(JBossThread.java:122)

                        at ...asynchronous invocation...(Unknown Source)

                        at org.jboss.ejb.client.remoting.InvocationExceptionResponseHandler$MethodInvocationExceptionResultProducer.getResult(InvocationExceptionResponseHandler.java:99)

                        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:272)

                        at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:46)

                        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:274)

                        at org.jboss.ejb.client.ReceiverInterceptor.handleInvocationResult(ReceiverInterceptor.java:129)

                        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:262)

                        at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:437)

                        at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:140)

                        at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121)

                        at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104)

                        at com.sun.proxy.$Proxy0.login(Unknown Source)

                        at ru.infosfera.common.auth.for_client.RolesLoginContext.login(RolesLoginContext.java:97)

               

              sever exception: my login module can not use password from client and throw exception.

               

              Today I change login module code- it NOT check password and create principal without any role.

              Method admContext.login now accept password, check it and add roles to principal.

              • 4. Re: JBoss 7.1.3, custom login module and JMS
                alxt

                If I set socket-binding="remoting" security-realm="RolesLoginModuleRealm"

                ejb client work correct, by jms client...

                 

                    final String LOGIN = "jmsUser";

                    final String PASSWORD = "123";

                    Hashtable<String, Object> params = new Hashtable<String, Object>();

                    params.put(Context.PROVIDER_URL, "remote://localhost:4447");

                    params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

                    params.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                    Context context = new InitialContext(params);

                    QueueConnectionFactory qcf = (QueueConnectionFactory) context.lookup("/jms/RemoteConnectionFactory");

                    QueueConnection queueConnection = qcf.createQueueConnection(LOGIN, PASSWORD);

                 

                client exception:

                 

                12:04:28.022 [main] DEBUG o.j.n.r.client.InitialContextFactory - jboss.naming.client.connect.options. has the following options {}

                12:04:28.256 [Remoting "config-based-naming-client-endpoint" read-1] ERROR org.jboss.remoting.remote.connection - JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                12:04:28.272 [main] DEBUG o.j.n.r.client.HaRemoteNamingStore - Failed to connect to server remote://localhost:4447

                java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                          at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                          at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:180) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                          at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:131) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                          at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:112) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                          at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:223) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                          at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:79) [jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                          at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:83) [jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                          at javax.naming.InitialContext.lookup(InitialContext.java:411) [na:1.7.0_15]

                          at ru.infosfera.starttk.adapter.test.JmsClientTest.main(JmsClientTest.java:79) [classes/:na]

                Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:377) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:226) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) ~[xnio-api-3.0.6.GA.jar:3.0.6.GA]

                          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189) ~[xnio-api-3.0.6.GA.jar:3.0.6.GA]

                          at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103) ~[xnio-api-3.0.6.GA.jar:3.0.6.GA]

                          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) ~[xnio-api-3.0.6.GA.jar:3.0.6.GA]

                          at org.xnio.nio.NioHandle.run(NioHandle.java:90) ~[xnio-nio-3.0.6.GA.jar:3.0.6.GA]

                          at org.xnio.nio.WorkerThread.run(WorkerThread.java:187) ~[xnio-nio-3.0.6.GA.jar:3.0.6.GA]

                          at ...asynchronous invocation...(Unknown Source) ~[na:na]

                          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                          at org.jboss.naming.remote.client.EndpointCache$EndpointWrapper.connect(EndpointCache.java:105) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                          at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:179) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                          ... 7 common frames omitted

                 

                in server - no any message

                • 5. Re: JBoss 7.1.3, custom login module and JMS
                  alxt

                  for use JMS client with custom login module need add to initial context params:

                   

                      params.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); <-- for allow plain text password from client to server

                  • 6. Re: JBoss 7.1.3, custom login module and JMS
                    ohmygod

                    Hi Alexey, can you please suggest how to build out a 7.1.3 version?

                    • 7. Re: JBoss 7.1.3, custom login module and JMS
                      alxt

                      1. Download source https://github.com/jbossas/jboss-as/tree/7.1.3.Final (by zip - https://github.com/jbossas/jboss-as/archive/7.1.3.Final.zip)

                      2. Build by "mvn -Dmaven.test.skip=true clean install" (some test not passed- not work with proxy?).

                      3. Result in build/target/jboss-as-7.1.3.Final/

                      • 8. Re: JBoss 7.1.3, custom login module and JMS
                        ohmygod

                        Thanks Alexey. One question: Is 7.1.3 the latest version that can be used now?

                        • 9. Re: JBoss 7.1.3, custom login module and JMS
                          ohmygod

                          And how about checking out https://github.com/jbossas/jboss-as.git directly without any tag?

                          • 10. Re: JBoss 7.1.3, custom login module and JMS
                            alxt

                            > Thanks Alexey.

                             

                            Use "Like" button

                             

                            > Is 7.1.3 the latest version that can be used now?

                             

                            Now - latest.

                            https://github.com/jbossas/jboss-as/tree/7.2.0.Final mark as "Prepare 7.2.0.Final for pre-releases" and no more tags.

                            But in https://issues.jboss.org/browse/AS7?selectedTab=com.atlassian.jira.plugin.system.project%3Aroadmap-panel 7.1.4 has ONE not resolved issue. 7.1.4 coming soon?

                             

                            > And how about checking out https://github.com/jbossas/jboss-as.git directly without any tag?

                             

                            This is a 8.0 (or 9.0?) pre-alfa version. For jboss-as developers only.

                            For users - only tags.

                            • 11. Re: JBoss 7.1.3, custom login module and JMS
                              ohmygod

                              Thanks, Alexey. So 7.1.3 is the latest version that we can use for our application? How about 7.2.0.Final?

                               

                               

                              And since I am a bit new to GIT is there any way for us to check all the available tags? Can we do this?

                              • 12. Re: JBoss 7.1.3, custom login module and JMS
                                ohmygod

                                Please ignore above requests. I found them at https://github.com/jbossas/jboss-as.