Server2Server remote ejb call: authentification issues
philba Aug 7, 2013 10:23 AMHello,
currently im trying to make a remote ejb call between two JBoss 7.1.1 AS instances.
I got the connection working, but I am having troubles with the authentication.
jboss-ejb-client.xml:
<jboss-ejb-client xmlns="urn:jboss:ejb-client:1.0"> <client-context> <ejb-receivers> <remoting-ejb-receiver outbound-connection-ref="remote-ejb-connection"/> </ejb-receivers> </client-context> </jboss-ejb-client>
client standalone.xml:
- ... <security-realm name="SimpleRealm"> <authentication> <properties path="simple.properties" relative-to="jboss.server.config.dir" plain-text="true" /> </authentication> </security-realm> ... <subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" /> <outbound-connections> <remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb" username="ejb" security-realm="SimpleRealm"> <properties> <property name="SSL_ENABLED" value="false" /> <property name="SECURE" value="false" /> <property name="SASL_POLICY_NOANONYMOUS" value="true" /> <property name="SASL_POLICY_NOPLAINTEXT" value="false" /> <property name="SASL_DISALLOWED_MECHANISMS" value="JBOSS-LOCAL-USER" /> </properties> </remote-outbound-connection> </outbound-connections> </subsystem> ...
host stabdalone.xml:
... <security-realm name="jaasRealm"> <authentication> <jaas name="ps-my-auth"/> </authentication> </security-realm> ... <subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="SimpleRealm"/> </subsystem> ... <security-domain name="ps-my-auth"> <authentication> <login-module code="com.MyLoginModule" flag="required" module="com.my.security"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain> ..
When I try to make the remote ejb call, I get the following output.
Client's Console:
16:05:29,388 TRACE [org.jboss.remoting.endpoint] (ejb-client-remote-connection-reconnect-3-thread-2) Allocated tick to 3 of endpoint "Client-JBoss" <6029c853> (opened Connection to /127.0.0.1:14447) 16:05:29,389 TRACE [org.jboss.remoting.remote] (ejb-client-remote-connection-reconnect-3-thread-2) Attempting to connect to "/127.0.0.1:14447" with options {org.xnio.Options.SASL_POLICY_NOPLAINTEXT=>false,org.xnio.Options.SECURE=>false,org.xnio.Options.SASL_DISALLOWED_MECHANISMS=>[JBOSS-LOCAL-USER],org.xnio.Options.SSL_STARTTLS=>true,org.xnio.Options.SSL_ENABLED=>true,org.xnio.Options.SASL_POLICY_NOANONYMOUS=>false} 16:05:29,393 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Greeting@27cb6fa9 16:05:29,393 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Received java.nio.HeapByteBuffer[pos=12 lim=8192 cap=8192] 16:05:29,394 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received greeting 16:05:29,394 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received server name: 127.0.0.1 16:05:29,394 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client sending capabilities request 16:05:29,394 TRACE [org.jboss.remoting.remote] (Remoting "Client-JBoss" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@1d0fd4a8 16:05:29,394 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=14 lim=14 cap=8192] (direct) 16:05:29,395 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Flushed channel (direct) 16:05:29,400 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capabilities response 16:05:29,400 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: version 1 16:05:29,400 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: remote endpoint name "HOST-JBoss" 16:05:29,401 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism JBOSS-LOCAL-USER 16:05:29,401 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism PLAIN 16:05:29,401 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) SASL mechanism PLAIN added to allowed set 16:05:29,403 TRACE [org.jboss.remoting.remote.connection] (Remoting "Client-JBoss" read-1) Connection error detail: javax.security.sasl.SaslException: Cannot get userid/password [Caused by javax.security.auth.callback.UnsupportedCallbackException] at com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:157) [rt.jar:1.7.0_13] at com.sun.security.sasl.ClientFactoryImpl.createSaslClient(ClientFactoryImpl.java:94) [rt.jar:1.7.0_13]
So the ejb call is failing, and my login module isnt even called. Honest I think the host's standalone.xml is wrong, since even local ejb calls on the host wont be working.
If I change the host's standalone like this, my login module gets called, but the credetials i get are hashed(ie. e2fe909a-e9b3-4f3d-a294-5b3915a874d6) and thus cant be used for the login.
The local ejb calls on the host are working as expected
<subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting"/> <!-- no security realm--> </subsystem>
I read everything i could about this topic, but I'm out of ideas so could anyone please help me?