EJB invocations from a remote server instance not working when using DataBaseLoginModule with hashAlgorithm
seeberger Sep 26, 2013 4:56 AMHi There,
i'm trying to make an outboundconnection from one JBoss to another. So I followed the Steps in https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance and got it working.
The remoting-connector is secured by a DatabaseLoginModule. When i don't set the option 'hashAlgorithm=SHA-256' everything works fine and i can call the destination-jboss, but if i set this option i always get the Message
"ERROR [org.jboss.remoting.remote.connection] (Remoting "vs-fok" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed" on Server-Startup (Client-JBoss).
I don't know why the security-realm for the remote-outbound-connection depends on the loginModule for the remoting-connector but there seems to be an dependency. Do i have to somehow hash the password in the application-user.properties or how can i get this to work?
My Configuration is as follows:
<management>
<security-realms>
.........
<security-realm name="MyRealm">
<authentication>
<jaas name="dbDomain"/>
</authentication>
</security-realm>
<security-realm name="ejb-security-realm">
<server-identities>
<secret value="ZWpicGFzc3dvcmQ="/>
</server-identities>
</security-realm>
</security-realms>
......
</management>
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting" security-realm="MyRealm"/>
<outbound-connections>
<remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb" username="ejb" security-realm="ejb-security-realm">
<properties>
<property name="SASL_POLICY_NOANONYMOUS" value="false"/>
<property name="SSL_ENABLED" value="false"/>
<property name="SASL_DISALLOWED_MECHANISMS" value="JBOSS-LOCAL-USER"/>
</properties>
</remote-outbound-connection>
</outbound-connections>
</subsystem>
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<security-domain name="dbDomain" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/AuthenticationDataSource"/>
<module-option name="principalsQuery" value="select pw from user where login =?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="BASE64"/>
<module-option name="hashStorePassword" value="true"/>
</login-module>
</authentication>
</security-domain>
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
<socket-binding name="ajp" port="8009"/>
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
<socket-binding name="osgi-http" interface="management" port="8090"/>
<socket-binding name="remoting" port="1099"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
<outbound-socket-binding name="remote-ejb">
<remote-destination host="localhost" port="1199"/>
</outbound-socket-binding>
</socket-binding-group>