4 Replies Latest reply on Sep 26, 2013 10:10 AM by seeberger

EJB invocations from a remote server instance not working when using DataBaseLoginModule with hashAlgorithm

seeberger Sep 26, 2013 4:56 AM

Hi There,

i'm trying to make an outboundconnection from one JBoss to another. So I followed the Steps in https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance and got it working.

The remoting-connector is secured by a DatabaseLoginModule. When i don't set the option 'hashAlgorithm=SHA-256' everything works fine and i can call the destination-jboss, but if i set this option i always get the Message

"ERROR [org.jboss.remoting.remote.connection] (Remoting "vs-fok" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed" on Server-Startup (Client-JBoss).

I don't know why the security-realm for the remote-outbound-connection depends on the loginModule for the remoting-connector but there seems to be an dependency. Do i have to somehow hash the password in the application-user.properties or how can i get this to work?

My Configuration is as follows:

<security-realms>

.........

<security-realm name="MyRealm">

</authentication>

</security-realm>

<security-realm name="ejb-security-realm">

<server-identities>

</server-identities>

</security-realm>

</security-realms>

......

</management>

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

<outbound-connections>

<remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb" username="ejb" security-realm="ejb-security-realm">

</properties>

</remote-outbound-connection>

</outbound-connections>

</subsystem>

<security-domain name="dbDomain" cache-type="default">

<login-module code="Database" flag="required">

<module-option name="dsJndiName" value="java:jboss/datasources/AuthenticationDataSource"/>

<module-option name="principalsQuery" value="select pw from user where login =?"/>

<module-option name="hashAlgorithm" value="SHA-256"/>

<module-option name="hashEncoding" value="BASE64"/>

<module-option name="hashStorePassword" value="true"/>

</login-module>

</authentication>

</security-domain>

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

<socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>

<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>

<socket-binding name="ajp" port="8009"/>

<socket-binding name="http" port="8080"/>

<socket-binding name="https" port="8443"/>

<socket-binding name="osgi-http" interface="management" port="8090"/>

<socket-binding name="remoting" port="1099"/>

<socket-binding name="txn-recovery-environment" port="4712"/>

<socket-binding name="txn-status-manager" port="4713"/>

<outbound-socket-binding name="mail-smtp">

<remote-destination host="localhost" port="25"/>

</outbound-socket-binding>

<outbound-socket-binding name="remote-ejb">

<remote-destination host="localhost" port="1199"/>

</outbound-socket-binding>

</socket-binding-group>

1. Re: EJB invocations from a remote server instance not working when using DataBaseLoginModule with hashAlgorithm

ybxiang.china Sep 26, 2013 4:35 AM (in response to seeberger)

Please note that, your password in DB must in HASH mode.

I wrote some artices about JAAS and DB configuration, if you follow bellow articles, I think you can find solution:
JBoss AS 7.2.0 - Java EE application development - 00.Sumarry (English Version)
JBoss AS 7.2.0 - Java EE application development - 02.How to configure MySql Data source
JBoss AS 7.2.0 - Java EE application development - 03.How to create EJB,WAR,Connector and EAR projects
JBoss AS 7.2.0 - Java EE application development - 04.How to configure SSL
JBoss AS 7.2.0 - Java EE application development - 05.How to configure Security domain and JAAS - part.1 and part.2
Actions
2. Re: EJB invocations from a remote server instance not working when using DataBaseLoginModule with hashAlgorithm

ybxiang.china Sep 26, 2013 4:38 AM (in response to seeberger)

I spent several weeks on JAAS and hashed password.

Please pay more attention on
4.1 war/UserRegisterMBean.java
and
4.3 HashUtil.java

in JBoss AS 7.2.0 - Java EE application development - 05.How to configure Security domain and JAAS - part.2
Actions
3. Re: EJB invocations from a remote server instance not working when using DataBaseLoginModule with hashAlgorithm

seeberger Sep 26, 2013 4:49 AM (in response to ybxiang.china)

the pw in the DB is hashed and when i invoke the client-jboss with an standalone client it works and i can login.
And why are the securityrealms even connected.
I don't even use the DBLoginModule for the remote-outbound-connection. I thought thats why i had to create the "ejb-security-realm" to just use it for the remote-outbound-connection
Actions
4. Re: EJB invocations from a remote server instance not working when using DataBaseLoginModule with hashAlgorithm

seeberger Sep 26, 2013 10:10 AM (in response to seeberger)

Problem solved.
I simply had to encode the hashed Password in Base64 and put in

<security-realm name="ejb-security-realm">
     <server-identities>
          <secret value="ZWpicGFzc3dvcmQ="/>
     </server-identities>
</security-realm>
Actions

Go to original post

4.1 war/UserRegisterMBean.java

4.3 HashUtil.java