Remote EJB + Custom Login Module + Hibernate
sergiu_pienar Oct 24, 2013 7:59 AMUsing JBoss 7.1.1 Final with Hibernate 3.6.9 (packed in my EAR file).
I'm also using a custom login module define in standalone.xml as:
<security-domain name="myRealm" cache-type="default">
<authentication>
<login-module code="com.login.LoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>
<module-option name="hashAlgorithm" value="SHA"/>
<module-option name="hashEncoding" value="BASE64"/>
<module-option name="principalsQuery" value="SELECT u.password FROM Usr u, Client c, UserRole ur WHERE u.logname = ? AND (u.status = 'active' OR u.status = 'system') AND u.clientid = c.clientid AND (c.status = 'active' OR c.status = 'system') AND (u.passwordExpireDate is null OR u.passwordExpireDate > now()) AND u.userId = ur.userId AND u.lockedStatus != 1 AND ur.roleId=20"/>
<module-option name="rolesQuery" value="SELECT p.label, 'Roles' FROM Usr u, Role r, Privilege p, RolePrivilege rp, UserRole ur WHERE u.logname = ? AND u.userId = ur.userId AND u.clientId = ur.clientId AND ur.roleId = r.roleId AND r.roleId = rp.roleId AND rp.privilegeId = p.privilegeId"/>
</login-module>
</authentication>
</security-domain>
The login module works fine both for remote invocations and local ones. The login module is deployed as a jar inside the remoting module with the remoting module pointing to it:
<module xmlns="urn:jboss:module:1.1" name="org.jboss.as.remoting">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="jboss-as-remoting-7.1.1.Final.jar"/>
<resource-root path="login-module.jar"/>
<!-- Insert resources here -->
</resources>
....
My problem is that the custom login class is using Hibernate to track user activity as below:
@Override
public boolean login()
throws LoginException {
String[] info = this.getUsernameAndPassword();
String logname = info[0];
boolean login = false;
try {
login = super.login();
if (login) {
Session session = null;
try {
session = BeanUtil.getSessionFactory().openSession();
User user = UserHelper.loadUser(session, logname);
....
where getSessionFactory does:
Context ctx = new InitialContext();
return (SessionFactory)ctx.lookup("java:jboss/HibernateFactory");
This login works fine (manages get the Session and do the proper calls) when used from within the application.
The problem occurs when I try to call a remote EJB that is under the security-domain that the customLogin module is mapped to.
I've added a dependency to hibernate in the remoting's module.xml (for the remoting module to be able to do Hibernate related operations).
I get the following error:
10:57:34,056 TRACE [org.jboss.remoting.remote] (Remoting "myApp" read-1) Accepted connection from /127.0.0.1:63577 to 127.0.0.1/127.0.0.1:4447
10:57:34,058 TRACE [org.jboss.remoting.remote] (Remoting "myApp" read-1) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@c84e90
10:57:34,059 TRACE [org.jboss.remoting.remote.connection] (Remoting "myApp" read-1) Sent message java.nio.HeapByteBuffer[pos=12 lim=12 cap=8192] (direct)
10:57:34,061 TRACE [org.jboss.remoting.remote.connection] (Remoting "myApp" read-1) Flushed channel (direct)
10:57:34,067 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Server received capabilities request
10:57:34,068 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Server received capability: version 1
10:57:34,069 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Server received capability: remote endpoint name "config-based-naming-client-endpoint"
10:57:34,071 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) No EXTERNAL mechanism due to explicit exclusion
10:57:34,072 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Trying SASL server factory org.jboss.sasl.localuser.LocalUserServerFactory@5e6cf7
10:57:34,074 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Added mechanism JBOSS-LOCAL-USER
10:57:34,075 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Trying SASL server factory org.jboss.sasl.digest.DigestMD5ServerFactory@14405c3
10:57:34,076 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list
10:57:34,078 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Trying SASL server factory org.jboss.sasl.plain.PlainServerFactory@d669c2
10:57:34,079 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Added mechanism PLAIN
10:57:34,080 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Trying SASL server factory org.jboss.sasl.anonymous.AnonymousServerFactory@b961d6
10:57:34,081 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Trying SASL server factory com.sun.security.sasl.digest.FactoryImpl@c62e1a
10:57:34,083 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list
10:57:34,084 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Trying SASL server factory com.sun.security.sasl.ServerFactoryImpl@fcb590
10:57:34,085 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Excluding mechanism CRAM-MD5 because it is not in the allowed list
10:57:34,087 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Trying SASL server factory com.sun.security.sasl.gsskerb.FactoryImpl@f4234b
10:57:34,088 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Excluding mechanism GSSAPI because it is not in the allowed list
10:57:34,090 TRACE [org.jboss.remoting.remote.connection] (Remoting "myApp" read-1) Sent message java.nio.HeapByteBuffer[pos=37 lim=37 cap=8192] (direct)
10:57:34,091 TRACE [org.jboss.remoting.remote.connection] (Remoting "myApp" read-1) Flushed channel (direct)
10:57:34,139 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Server received authentication request
10:57:34,168 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "myApp" task-4) Begin getAppConfigurationEntry(myAppRealm), size=6
10:57:34,169 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "myApp" task-4) End getAppConfigurationEntry(myAppRealm), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: com.login.LoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=hashAlgorithm, value=SHA
name=principalsQuery, value=SELECT u.password FROM Usr u, Client c, UserRole ur WHERE u.logname = ? AND (u.status = 'active' OR u.status = 'system') AND u.clientid = c.clientid AND (c.status = 'active' OR c.status = 'system') AND (u.passwordExpireDate is null OR u.passwordExpireDate > now()) AND u.userId = ur.userId AND u.lockedStatus != 1 AND ur.roleId=20
name=hashEncoding, value=BASE64
name=dsJndiName, value=java:jboss/datasources/myAppDS
name=rolesQuery, value=SELECT p.label, 'Roles' FROM Usr u, Role r, Privilege p, RolePrivilege rp, UserRole ur WHERE u.logname = ? AND u.userId = ur.userId AND u.clientId = ur.clientId AND ur.roleId = r.roleId AND r.roleId = rp.roleId AND rp.privilegeId = p.privilegeId
10:57:34,180 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" task-4) Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)
10:57:34,197 TRACE [org.jboss.remoting.remote.connection] (Remoting "myApp" task-4) Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)
10:57:34,199 TRACE [org.jboss.remoting.remote.connection] (Remoting "myApp" task-4) Flushed channel (direct)
10:57:34,200 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Server received capabilities request
10:57:34,201 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Server received capability: version 1
10:57:34,202 TRACE [org.jboss.remoting.remote.server] (Remoting "myApp" read-1) Server received capability: remote endpoint name "config-based-naming-client-endpoint"
10:57:34,203 TRACE [org.jboss.remoting.remote.connection] (Remoting "myApp" read-1) Sent message java.nio.HeapByteBuffer[pos=37 lim=37 cap=8192] (direct)
Debugging on server-sider shows a ClassNotFoundException - possibly the Session.java but I`m unsure for I could not find the sources for the ModulesClassLoader so I can move the debug in that area.
Any ideas are welcome.
-
1.PNG 10.9 KB