11 Replies Latest reply on Apr 30, 2013 8:33 PM by atulkc

    Problems with Security Realm plugin

    atulkc

      Hi All,

       

      We are migrating our application from JBoss AS 5.1 to JBoss 7.2.x (actually I am now using the latest nightly build from jenkins, which says its Jboss AS 8.0.0 Alpha1-SNAPSHOT). In our application we do not use JAAS for authentication but have our custom authentication mechanism. So basically our ejb calls are unsecure and can be called without specifying any username/password. Once the authentication is done using our custom authentication mechanism (it could be DB based, LDAP, RADIUS...etc based on configuration and is done by making EJB call), we get back a session ID. We then use this session ID as userName in SecurityClient so that we can inject SessionContext in subsequent EJB calls and retrieve that sessionId using SessionContext.getCallerPrincipal method. Here is the code snippet:

       

             SecurityClient client = SecurityClientFactory.getSecurityClient();
            // Clear any stale security context association by doing a logout
            client.logout();
      
      
            // Perform a VM-wide association of security context
            client.setVmwideAssociation(true);
      
            client.setSimple(sessionId, null);
      
      
            // Login to inject Session ID into the security context
            client.login();
      

      EJBs in turn use this session ID to lookup the corresponding user data from one of the JBoss Service (annotated using @Service) and use it appropriately.

       

      We want to preserve this behavior when we migrate to JBoss 8.0 (code base is too huge to change all the places to pass sessionId as argument to all EJB calls). I removed the security-realm attribute in remoting-connector to allow unsecured access and tried to use the above snippet expecting that SessionContext that is injected will return sessionId as the caller principal. However, I always got 'Anonymous'. Based on https://docs.jboss.org/author/display/AS71/Security+Realms it looks like this is expected as for remoting connection anonymous mechanism will be used if no security realm is defined. Further in this section there is a subsection on defining plugins for security realm. Based on the description in this subsection I thought if I define my custom security realm that just acts as pass through then I can achieve this behavior. The idea was that until the authentication ejb is called the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS  would be empty or some hardcoded strings and once we get session id then we will set Context.SECURITY_PRINCIPAL to this sessionId. But after installing this new plugin and enabling remoting-connector to have this realm I started getting following exception:

       

      javax.naming.NamingException: Failed to connect to any server. Servers tried: [remote://10.24.49.148:4447]
                at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:213)
                at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:144)
                at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:125)
                at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:241)
                at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:79)
                at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:83)
                at javax.naming.InitialContext.lookup(InitialContext.java:411)
                at com.brocade.dcm.util.inject.ServiceLocator.lookup(ServiceLocator.java:102)
                ... 25 more
      

       

      There is no exception/error on server side log.Can anyone point out what I am doing wrong here?

       

      standalone-full.xml:

       

      <security-realm name="DCMRealm">
           <plug-ins>
                <plug-in module="com.appclient"/>
           </plug-ins>
           <authentication>
                <plug-in name="Anonymous" /> 
           </authentication> 
      </security-realm>
      ...
      ...
      <subsystem xmlns="urn:jboss:domain:remoting:1.1">
           <connector name="remoting-connector" socket-binding="remoting" security-realm="DCMRealm"/>
      </subsystem>
      
      

       

      For the com.appclient module following is the module.xml:

       

      <?xml version="1.0" encoding="UTF-8"?>
      <module xmlns="urn:jboss:module:1.0" name="com.appclient">
           <resources>
              <resource-root path="bna-appclient-module.jar"/>
          </resources>
          <dependencies> 
                <module name="org.jboss.as.domain-management"/> 
          </dependencies>
      </module>
      

       

      As indicated in the documentation I created the jar file with PlugInProvider implementation as well as AuthenticationPlugin implementation. I added META-INF/services/org.jboss.as.domain.management.plugin.PlugInProvider file containing the fully qualified class name of PlugInProvider implementation. Attached are the files used in this module.

       

      Following is the client code that does the lookup:

           Hashtable jndiProperties = new Hashtable<>();
            jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
            jndiProperties.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory");
            jndiProperties.put("java.naming.provider.url", "remote://10.24.49.148:4447");
            jndiProperties.put("jboss.naming.client.ejb.context", true);
      
      
            jndiProperties.put(Context.SECURITY_PRINCIPAL, "abc");
            jndiProperties.put(Context.SECURITY_CREDENTIALS, "123");
      
           InitialContext context = new InitialContext(jndiProperties);
           // 1) Using the context do the lookup of Authentication bean 
           // 2) call authenticate user method, which returns sessionId if the authentication is successful
           // 3) Now change the SECURITY_PRINCIPAL to sessionId
      

       

      Note that I get that excpetion on #1 in the above code.

       

      If I remove the security-realm from remoting-connector then I am able to lookup ejbs and make ejb calls.Why am I getting exception that it failed to connect to server when I turn on security? My security realm plugin doesn't even get any callbacks.

       

      Any help is highly appreciated.

       

      Thanks,

      Atul

        • 1. Re: Problems with Security Realm plugin
          atulkc

          Updates:

          I realized that the DcmAuthenticationPlugin was passing "realm" as password to Identity and hence the server was rejecting the connection request. By making DcmAuthenticationPlugin return same credentials as the ones that are set in client I am able to lookup and make EJB calls. However, even after this I am seeing that the javax.ejb.SessionContext that is injected in one of my beans is returning caller principal as 'anonymous'. I am injecting SessionContext using @Resource and the ejb in which it is injected is Singleton EJB.

           

          Any help is highly appreciated.

           

          Thanks,

          Atul

          • 2. Re: Problems with Security Realm plugin
            jaikiran

            Having fully read the thread, but what does the bean code look like?

            • 3. Re: Problems with Security Realm plugin
              atulkc

              Sorry for not including the bean code. Here is the EJB where we inject SessionContext:

               

              @Stateless
              @Interceptors(Tracer.class)
              @Local(AssetsLocal.class)
              @Remote(AssetsRemote .class)
              @TransactionAttribute(TransactionAttributeType.SUPPORTS)
              public class AssetsBean implements AssetsLocal, AssetsRemote {
              /**
                * Singleton EJB that holds the session information
                */
              @EJB
              private SessionManagerLocal sessionManager;
              
              /**
                 * Session context
                 */
                @Resource
                private javax.ejb.SessionContext ctx;
              
              /**
               * Returns the list of Ids of assets that are accessible/visible to the user as identified by caller principal of SessionContext
               */
              public List<String> getAssetIds() {
                 String sessionId = ctx.getCallerPrincipal().getName();
                 // If you print sessionId here it prints 'anonymous'
                 int userId = sessionManager.getUserId(sessionId);
                 // Make DB calls using userId to get the assets and return the list
              }
              }
              

               

              Some more information on the authentication plugin:

              I added some debug statements and observed that PlugInProvider and AuthenticationPlugin get called only once for the first EJB call from my test program. For subsequent calls the AuthenticationPlugin doesn't get invoked. Is this expected? And as I indicated earlier even though my AuthenticationPlugin is getting invoked the caller principal is always 'anonymous'.

              • 4. Re: Problems with Security Realm plugin
                jaikiran

                The EJB that you posted is not secure which means that no security related context setup/propagation will happen. You can mark a EJB as secure by using any of the security metadata that's applicable for your use case - like usage of @org.jboss.ejb3.annotation.SecurityDomain and/or @javax.annotation.RolesAllowed etc...

                1 of 1 people found this helpful
                • 5. Re: Problems with Security Realm plugin
                  atulkc

                  I tried using annotating the EJB with @SecurityDomain("DCMRealm") but the deployment fails as there is no 'DCMRealm' security domain. Since I had defined 'DCMRealm' as security realm that didn't work. Can you point me to example where I can define a security domain that takes in username/password as set in environment of InitialContext (jndiProperties.put(Context.SECURITY_PRINCIPAL, "abc"); jndiProperties.put(Context.SECURITY_CREDENTIALS, "123");).

                   

                  Thanks,

                  Atul

                  • 6. Re: Problems with Security Realm plugin
                    atulkc

                    So I changed my beans to be annotated with SecurityDomain("other") and could see that the caller principal of SessionContext is now the value I set for Context.SECURITY_PRINCIPAL in environment when creating InitialContext. As I described earlier my initial setting for SECURITY_PRINCIPAL is going to be some dummy value just required to honor the security-realm settings. Once I do my authentication using EJB call I set the SECURITY_PRINCIPAL to the sessionId and create the InitialContext again using the new environment. However, on server side the caller Principal in SessionContext is still the principal that I had set initially. How do I make the new principal to get injected in EJBs on server side?

                     

                    Here is the client code:

                     

                     

                         Hashtable jndiProperties = new Hashtable<>();
                         jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
                         jndiProperties.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory");
                         jndiProperties.put("java.naming.provider.url", "remote://10.24.49.148:4447");
                         jndiProperties.put("jboss.naming.client.ejb.context", true);
                     
                     
                         jndiProperties.put(Context.SECURITY_PRINCIPAL, "abc");
                         jndiProperties.put(Context.SECURITY_CREDENTIALS, "123");
                     
                         InitialContext context = new InitialContext(jndiProperties);
                         AuthenticationBean aBean = (AuthenticationBean)context.lookup(<appropriate JNDI name>);
                    
                              String sessionId = aBean.authenticateUser(userName, password);
                              // Now change the security principal
                              jndiProperties.put(Context.SECURITY_PRINCIPAL, sessionId);
                         context = new InitialContext(jndiProperties);
                    
                              AssetBean bean = (AssetBean)context.lookup(<appropriate JNDI name>);
                              List<String> assets = bean.getAssets(); // At this point if I look in AssetBean.getAssets method I see that the SessionContext.getCallerPrincipal() returns "abc" instead of sessionId
                    
                    • 7. Re: Problems with Security Realm plugin
                      jaikiran

                      Based on what you explain in your latest post, I think what you need is this https://github.com/jboss-jdf/jboss-as-quickstart/tree/master/ejb-security-interceptors

                      • 8. Re: Problems with Security Realm plugin
                        atulkc

                        Thanks. I will check it out and comment back on how it worked for me.

                        • 9. Re: Problems with Security Realm plugin
                          atulkc

                          OK, so I tried the security interceptors and ran into couple of issues. First let me describe what I did:

                          1) I added ClientSecurityInterceptor class to my client. (attached are the files used by the intercetpor).

                          2) Then changed my client code as follows:

                           

                                Hashtable jndiProperties = new Hashtable<>();
                               jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
                               jndiProperties.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory");
                               jndiProperties.put("java.naming.provider.url", "remote://10.24.49.148:4447");
                               jndiProperties.put("jboss.naming.client.ejb.context", true);
                           
                           
                               jndiProperties.put(Context.SECURITY_PRINCIPAL, "abc");
                               jndiProperties.put(Context.SECURITY_CREDENTIALS, "123");
                           
                               InitialContext context = new InitialContext(jndiProperties);
                               AuthenticationBean aBean = (AuthenticationBean)context.lookup(<appropriate JNDI name>);
                           
                               String sessionId = aBean.authenticateUser(userName, password);
                          
                          
                               // Added following two lines to setup the client security interceptor and set new principal as done in RemoteClient.java in the quickstart example
                          
                               EJBClientContext.getCurrent().registerInterceptor(4, new ClientSecurityInterceptor());
                               SecurityActions.securityContextSetPrincpal(new SimplePrincipal(userProfile.getSessionId()));
                          
                               AssetRemote bean = (AssetRemote)context.lookup(<appropriate JNDI name>);
                                    List<String> assets = bean.getAssets();
                          

                           

                          3) I added ServerSecurityInterceptor in my ear deployment (same code as in quickstart, just changed the DELEGATED_USER_KEY to match what I have in ClientSecurityInterceptor).

                          4) I annotated my EJB to install this interceptor as follows:

                           

                          @Stateless
                          @Interceptors({ServerSecurityInterceptor.class, Tracer.class})
                          @Local(AssetsLocal.class)
                          @Remote(AssetsRemote .class)
                          @TransactionAttribute(TransactionAttributeType.SUPPORTS)
                          @SecurityDomain("other")
                          public class AssetsBean implements AssetsLocal, AssetsRemote {
                          

                           

                          Now when I deploy the ear and execute my client I got following exception:

                          Caused by: java.lang.NoClassDefFoundError: org/jboss/remoting3/Connection
                                    at com.brocade.dcm.util.interceptor.ServerSecurityInterceptor.aroundInvoke(ServerSecurityInterceptor.java:45) [util.jar:12.1.0.Development (build: CCTag=DCM_12_1_0_Development date=201304291938)]
                                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_07]
                                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_07]
                                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_07]
                                    at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_07]
                                    at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.2.0.Alpha1-SNAPSHOT.jar:7.2.0.Alpha1-SNAPSHOT]
                                    at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:58) [jboss-as-ee-7.2.0.Alpha1-SNAPSHOT.jar:7.2.0.Alpha1-SNAPSHOT]
                                    at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [jboss-as-ejb3-7.2.0.Alpha1-SNAPSHOT.jar:7.2.0.Alpha1-SNAPSHOT]
                                    at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.as.ejb3.concurrency.ContainerManagedConcurrencyInterceptor.processInvocation(ContainerManagedConcurrencyInterceptor.java:104) [jboss-as-ejb3-7.2.0.Alpha1-SNAPSHOT.jar:7.2.0.Alpha1-SNAPSHOT]
                                    at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.2.0.Alpha1-SNAPSHOT.jar:7.2.0.Alpha1-SNAPSHOT]
                                    at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:52) [jboss-as-ejb3-7.2.0.Alpha1-SNAPSHOT.jar:7.2.0.Alpha1-SNAPSHOT]
                                    at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
                                    at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:235) [jboss-as-ejb3-7.2.0.Alpha1-SNAPSHOT.jar:7.2.0.Alpha1-SNAPSHOT]
                                    ... 31 more
                          Caused by: java.lang.ClassNotFoundException: org.jboss.remoting3.Connection from [Module "deployment.dcm-server.ear.util.jar:main" from Service Module Loader]
                                    at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190) [jboss-modules.jar:1.1.3.GA]
                                    at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468) [jboss-modules.jar:1.1.3.GA]
                                    at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456) [jboss-modules.jar:1.1.3.GA]
                                    at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398) [jboss-modules.jar:1.1.3.GA]
                                    at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120) [jboss-modules.jar:1.1.3.GA]
                                    ... 54 more
                          
                          

                           

                          I went and added "org.jboss.remoting3" module to jboss-deployment-structure.xml but still got same exception. So I then changed the ServerSecurityInterceptor code to not lookup the org.jboss.remoting3.Connection (attached are the files- see in interceptor.zip). WIth this change now I am seeing the old behavior again. The callerPrincipal is 'anonymous'. Note that I haven't added any new security-domain as I am not doing any mapping between users as done in quick start example. I want to allow any user to switch the context to the new sessionId that we get. That is why I have retained the securityDomain as 'other' on my AssetsBean.

                           

                          What am I doing wrong?

                          • 10. Re: Problems with Security Realm plugin
                            atulkc

                            Any idea why the callerPrincipal is set to 'anonymous' even after implementing the security interceptors? I can see that the ServerSecurityInterceptor gets called and it sets the new SecurityContext with SecurityContextAssociation.

                             

                            I also tried https://docs.jboss.org/author/display/AS72/Scoped+EJB+client+contexts . But I am facing issues just invoking EJB API using EJB client API. My earlier lookups and invocations were based on remote-naming, which worked fine for me.

                             

                            Following are the EJB client context properties that I setup:

                             

                                environment.put("org.jboss.ejb.client.scoped.context", true);
                                environment.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
                                environment.put("endpoint.name", "client");
                                environment.put("remote.connections", "main");
                                environment.put("remote.connection.main.host", providerHost);
                                environment.put("remote.connection.main.port", providerPort);
                                environment.put("remote.connection.main.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");
                                environment.put("remote.connection.main.username", principal);
                                environment.put("remote.connection.main.password", credentials);
                                environment.put("remote.connection.main.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "true");
                                environment.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");
                            
                                 InitialContext ctx = new InitialContext(environment);
                                 AssetsRemote r = (AssetsRemote)ctx.lookup("ejb:dcm-server/system/AssetsBean!< FQN of AssetsRemote");
                                 r.getAssets(); //Execution of this line of code throws below exception
                            
                            

                             

                            Exception stack trace:

                             

                            java.lang.AssertionError: java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:dcm-server, moduleName:system, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@4dc7268a
                                      at com.brocade.dcm.as7.test.TestAsyncManagerBean.testDBAccess(TestAsyncManagerBean.java:94)
                                      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
                                      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                                      at java.lang.reflect.Method.invoke(Method.java:601)
                                      at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:84)
                                      at org.testng.internal.Invoker.invokeMethod(Invoker.java:714)
                                      at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:901)
                                      at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1231)
                                      at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:127)
                                      at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:111)
                                      at org.testng.TestRunner.privateRun(TestRunner.java:767)
                                      at org.testng.TestRunner.run(TestRunner.java:617)
                                      at org.testng.SuiteRunner.runTest(SuiteRunner.java:334)
                                      at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:329)
                                      at org.testng.SuiteRunner.privateRun(SuiteRunner.java:291)
                                      at org.testng.SuiteRunner.run(SuiteRunner.java:240)
                                      at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
                                      at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
                                      at org.testng.TestNG.runSuitesSequentially(TestNG.java:1224)
                                      at org.testng.TestNG.runSuitesLocally(TestNG.java:1149)
                                      at org.testng.TestNG.run(TestNG.java:1057)
                                      at org.testng.remote.RemoteTestNG.run(RemoteTestNG.java:111)
                                      at org.testng.remote.RemoteTestNG.initAndRun(RemoteTestNG.java:204)
                                      at org.testng.remote.RemoteTestNG.main(RemoteTestNG.java:175)
                            Caused by: java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:dcm-server, moduleName:system, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@4dc7268a
                                      at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:693)
                                      at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:116)
                                      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183)
                                      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:177)
                                      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:161)
                                      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:124)
                                      at $Proxy7.findAll(Unknown Source)
                                      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
                                      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                                      at java.lang.reflect.Method.invoke(Method.java:601)
                                      at com.brocade.dcm.util.inject.ServiceProfiler.invoke(ServiceProfiler.java:84)
                                      at $Proxy7.findAll(Unknown Source)
                                      at com.brocade.dcm.as7.test.TestAsyncManagerBean.testDBAccess(TestAsyncManagerBean.java:89)
                                      ... 24 more
                            

                             

                            So basically I am stuck and cannot proceed. Any help/pointers are highly appreciated.

                             

                            Regards,

                            Atul

                            • 11. Re: Problems with Security Realm plugin
                              atulkc

                              After adding following lines of code before InitialContext instantiaion helped resolve the issue for me:

                               

                                  EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(environment);
                                  ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);
                                  EJBClientContext.setSelector(selector);
                              

                               

                              Don't know why this is required, when none of the documentation states this. Should the documentation be changed to include this? Or is it something that I am missing? Note that the client context properties are not coming from jboss-ejb-client.properties but being added to a Map/Properties instance that is used to get InitialContext.

                               

                              Once that got working the scoped EJBClientContext did the trick for me. It doesn't look optimal as my authentication plugin is invoked on instantiation of each InitialContext and it is mostly fall back to old JNDI style lookup and the optimizations done in EJB client API are not used. Anyways, this worked for me. Unless anyone can tell me how to get the security interceptors working I think I will stick with this approach.