5 Replies Latest reply on Mar 30, 2013 7:17 AM by sagi7

Cannot invoke Remote EJB in a secured context: No matching username found in Principals

sagi7 Mar 7, 2013 4:16 PM

Hello,

i am invoking a (nonsecured) remote EJB with success.

When i turn on security features, my call fails.

The problem seems to be, that the username and password from jboss-ejb-client.properties is not used.

Here is my shortened standalone.xml:

{code:xml}

<security-domain name="mycompany" cache-type="default">

<login-module code="Database" flag="required">

<module-option name="dsJndiName" value="java:jboss/datasources/mycompanyMySqlDS"/>

<module-option name="principalsQuery" value="select password from users where userID=?"/>

<module-option name="rolesQuery" value="select r.role, 'Roles' from roles r join userroles ur on ur.RoleID = r.dbKeyRole where ur.userID=?"/>

<module-option name="password-stacking" value="useFirstPass"/>

</login-module>

<login-module code="Remoting" flag="optional">

<module-option name="password-stacking" value="useFirstPass"/>

</login-module>

</authentication>

</security-domain>

<security-realms>

<security-realm name="ManagementRealm">

</authentication>

</security-realm>

<security-realm name="ApplicationRealm">

</authentication>

</security-realm>

<security-realm name="mycompany">

</authentication>

</security-realm>

</security-realms>

<management-interfaces>

<native-interface security-realm="ManagementRealm">

<socket-binding native="management-native"/>

</native-interface>

<http-interface security-realm="ManagementRealm">

<socket-binding http="management-http"/>

</http-interface>

</management-interfaces>

</management>

{code:xml}

my jboss-ejb-client looks so:

{code}

endpoint.name=client-endpoint

remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

remote.connections=default

remote.connection.default.host=localhost

remote.connection.default.port = 4447

remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

remote.connection.default.username=myusername

remote.connection.default.password=mypwd

{code}

Here is my TestClient:

{code}

public static void main(String args[]) {

final String appName = "pdm-ear-1.0-SNAPSHOT";

final String moduleName = "pdm-server-1.0-SNAPSHOT";

final String distinctName = "";

final String beanName = "GenericFactory";

final String viewClassName = GenericFactoryBeanRemote.class.getName();

String jndiName = "ejb:" + appName + "/" + moduleName + "/"

+ distinctName + "" + beanName + "!" + viewClassName;

logger.info(jndiName);

Properties p = new Properties();

p.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

p.put(Context.SECURITY_PRINCIPAL, System.getProperty("username", "myuser"));

p.put(Context.SECURITY_CREDENTIALS,

System.getProperty("password", "mypass"));

p.put("jboss.naming.client.ejb.context", true);

InitialContext context;

try {

context = new InitialContext(p);

GenericFactoryBeanRemote vLookup = (GenericFactoryBeanRemote) context

.lookup(jndiName);

logger.info("result: "

+ vLookup.getLastOrder(Integer.valueOf(1),

"11880"));

try {

Logger.getLogger(LoginTemp.class).info(

vLookup.getLastOrder(Integer.valueOf(1),

"1128"));

} catch (RemoteException e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

catch (NamingException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (RemoteException e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

{code}

and the server log

{code}

21:51:37,021 ERROR [org.jboss.ejb3.invocation] (EJB default - 2) JBAS014134: EJB Invocation failed on component GenericFactory for method public abstract de.mycompany.pps.VoOrder de.mycompany.pps.interfaces.GenericFactoryBeanRemote.getLastOrder(java.lang.Integer,java.lang.String) throws java.rmi.RemoteException: javax.ejb.EJBAccessException: JBAS013323: Invalid User

at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:43) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:302) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:64) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:196) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439) [rt.jar:1.6.0_37]

at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [rt.jar:1.6.0_37]

at java.util.concurrent.FutureTask.run(FutureTask.java:138) [rt.jar:1.6.0_37]

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_37]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_37]

at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_37]

at org.jboss.threads.JBossThread.run(JBossThread.java:122)

22:04:29,770 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (EJB default - 3) Login failure: javax.security.auth.login.FailedLoginException: PB00019: Processing Failed:No matching username found in Principals

at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:186) [picketbox-4.0.7.Final.jar:4.0.7.Final]

at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:249) [picketbox-4.0.7.Final.jar:4.0.7.Final]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_37]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_37]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_37]

at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_37]

at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_37]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:306) [jboss-as-security-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:272) [jboss-as-security-7.1.1.Final.jar:7.1.1.Final]

at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]