HA not working: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
fernando46 Dec 3, 2012 6:10 AMHi, I'm trying to test the communication between a client and a jBoss cluster, to use the HA in an EE/EJB application (i.e. the behaviour after the failure of a cluster node).
But I am having problems with the client-server communication (during the topology discovery) when the server is started in HA configuration instead of in standalone configuration (that it works properly). I have read problems similar to this in other threads, but it has not helped me to solve the issue.
My client is made of POJOs, nothing special. To connect the server uses jboss-client.jar. In the server side I builded a simple EE/EJBs application containing one SFSB, qualifies as Clustered. The application is deployed in two JBoss AS 7.1.1 Final, each one in a different machine.
Here is my server configuration:
Server 1: 192.168.0.35
OS
--
Linux na1 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
JRE/JDK
-------
OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~12.04.1)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)
Server 2: 192.168.0.33
OS
--
Linux na2 3.2.0-29-generic-pae #46-Ubuntu SMP Fri Jul 27 17:25:43 UTC 2012 i686 i686 i386 GNU/Linux
JRE/JDK
-------
OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~12.04.1)
OpenJDK Server VM (build 20.0-b12, mixed mode)
The EE/EJBs application looks correctly deployed in each server. I can see in the log, the EBJs exposed to the client.
Each server was started by: ./standalone.sh -server-config=standalone-ha.xml
The config file standalone-ha.xml was modified to bind ports to external interface addresses.
Also, peter/lois user was added to ApplicationRealm in each server.
The cluster appears to be working with both servers started. In the log it can be seen:
On 192.168.0.35
GMS: address=na1/ejb, cluster=ejb, physical address=192.168.0.35:55200
...
Received new cluster view: [na2/ejb|3] [na2/ejb, na1/ejb]
And on 192.168.0.33
GMS: address=na2/ejb, cluster=ejb, physical address=192.168.0.33:55200
...
Received new cluster view: [na1/ejb|1] [na1/ejb, na2/ejb]
The client uses jboss-client.jar to connect EJBs on server side. Initial JNDI parameters are:
p.put(Context.INITIAL_CONTEXT_FACTORY, org.jboss.naming.remote.client.InitialContextFactory.class.getName());
p.put(Context.PROVIDER_URL, "remote://192.168.0.35:4447");
p.put(Context.SECURITY_PRINCIPAL, "peter");
p.put(Context.SECURITY_CREDENTIALS, "lois");
p.put("jboss.naming.client.ejb.context", true);
As far as the documenation specifies, the server tells to the client the cluster topology, so that's would be enough. I have also tried to define the jboss-ejb-client.properties (as it is said in other forum threads, defining
properties such as 'remote.clusters=ejb', 'remote.cluster.ejb.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS', 'remote.cluster.ejb.connect.options.org.xnio.Options.SSL_ENABLED'), but the result is the same.
Is really needed another property on the client side? It does not appear to solve the client-server communication problem.
In this point occurs the first strange thing. The JNDI context is created, but the client side is unable to connect to the rest of elements of the cluster. I didn't get any exception, but I saw client log that says:
****************************************************************************************
INFO: Could not create a connection for cluster node ClusterNode{clusterName='ejb', nodeName='na2', clientMappings=[ClientMapping{sourceNetworkAddress=/0:0:0:0:0:0:0:0, sourceNetworkMaskBits=0, destinationAddress='192.168.0.33', destinationPort=4447}], resolvedDestination=[Destination address=192.168.0.33, destination port=4447]} in cluster ejb
java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)
at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:117)
at org.jboss.ejb.client.ClusterContext$EJBReceiverAssociationTask.run(ClusterContext.java:333)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.nio.NioHandle.run(NioHandle.java:90)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)
at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:115)
... 7 more
nov 30, 2012 12:05:39 PM org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager getEJBReceiver
INFO: Could not create a connection for cluster node ClusterNode{clusterName='ejb', nodeName='na1', clientMappings=[ClientMapping{sourceNetworkAddress=/0:0:0:0:0:0:0:0, sourceNetworkMaskBits=0, destinationAddress='192.168.0.35', destinationPort=4447}], resolvedDestination=[Destination address=192.168.0.35, destination port=4447]} in cluster ejb
java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)
at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:117)
at org.jboss.ejb.client.ClusterContext$EJBReceiverAssociationTask.run(ClusterContext.java:333)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.nio.NioHandle.run(NioHandle.java:90)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)
at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:115)
... 7 more
****************************************************************************************
In that piece of log, it can be seen how the the jboss library tries to connect to each node of the cluster, and it got javax.security.sasl.SaslException. I don't know the reason and how to solve it. Is it required an specific configuration in the client or server to avoid the previous exception? With this exception, the client can not be informed about the cluster topology.
The second strange thing is that the client can execute any method over the remote bean successfuly even after the previous exception (although only requesting to the server node declared in the client-side).
I have already read and followed the next documentation:
https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI
I suspect that my server side config needs any special security parameter. Can you help me to address this issue?
Thank you in advance