SASL - how to propagate custom Principal and Credential?
henrikdeluxe Sep 25, 2013 11:03 AMHello,
i got another problem migrating my application from AS 5.1.0 to AS 7.2.0
my architecture looks like this:
- some standalone client apps calling secured remote-ejb's
- client apps passing an custom principal and an plain password for authentication
- server uses an own LoginModule (extends org.jboss.security.auth.spi.LdapExtLoginModule)
--> using AS 5.1.0 everything works fine
--> using AS 7.2.0 my custom LoginModule dont get the correct principal and password from the calling client
I have tried to find solutions in quickstart-projects and other discussions here and in other forums, but nothing works for me.
If i disable security in my EJB everything works fine (but with unauthenticated identiy).
I suggest my fault either in standalone-configuration or clientside security implementation, but i've tried everything comes into my mind but i'm shortly before surrender.
Could anyone please give an advise?
I have attached my standalone.xml and my maven projects to offer full implementation.
Server contains of an EJB-project, an API-project, an JAR-project for security. All is packaged in an EAR-project.
Client only contains of an JAR-Project also using servers api- and security-projects.
I have tried following server configurations:
- own SecurityDomain with custom LoginModule for EJB + securing remoting-connector with default "ApplicationRealm" (local-authentication)
- remote ejb lookup works fine
- remote ejb method call invoke custom LoginModule on serverside, but send wrong Principal & Password ($local & random-password)
- --> raises EJBAccessException: JBAS013323: invalid user
- own SecurityDomain with custom LoginModule for EJB + securing remoting-connector with own Realm (jaas-authentication with own LoginModule)
- causes exception during ejb lookup and custom LoginModule is never called (javax.naming.NamingException: Failed to connect to any server. Servers tried: [remote://localhost:4447])
- causes exception during ejb lookup and custom LoginModule is never called (javax.naming.NamingException: Failed to connect to any server. Servers tried: [remote://localhost:4447])
- own SecurityDomain with custom LoginModule for EJB + remoting-connector without security
- remote ejb lookup works fine
- remote ejb method call invoke custom LoginModule on serverside, but send wrong Principal & Password (anonymous & random-password)
- --> raises EJBAccessException: JBAS013323: invalid user
In JBoss AS 5.1 i'm pass my principal object an password credential on clientside as follows:
final SecurityClient client = SecurityClientFactory.getSecurityClient(JBossSecurityClient.class); client.setVmwideAssociation(true); client.setSimple(customPrincipal, plainPass); client.login();
This works fine for AS 5.1 but seems to be ignored in AS 7.1.
So my question is how to propagate the principal object and password (plain) correct, to use these values in my LoginModule??
-
standalone.xml 18.3 KB
-
ejb-remote-client.zip 6.0 KB
-
ejb-remote-security.zip 5.9 KB
-
ejb-remote-server.zip 3.8 KB
-
ejb-remote-server-api.zip 3.8 KB
-
ejb-remote-server-deploy.zip 2.3 KB