1 Reply Latest reply on Jun 18, 2014 4:01 PM by purringpigeon

    Remote Stateless Session Bean - Access to Caller Principal?

    purringpigeon

      Hello,

       

      I have a web application which is being considered to be ported to a Java FX 8 client.  Currently our security is handled via the j_security_check login which will create a User Principal in the session, which is accessed to record history and actions.

       

      I am attempting to invoke our EJBs remotely, and while my connection parameters allow invocation of the EJB, the principal is always anonymous.

       

      Properties jbossEjbClientProperties = new Properties();
      jbossEjbClientProperties.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");
      jbossEjbClientProperties.put("remote.connections", "remoting");
      jbossEjbClientProperties.put("remote.connection.remoting.host", "localhost");
      jbossEjbClientProperties.put("remote.connection.remoting.port", "4457");
      jbossEjbClientProperties.put("remote.connection.remoting.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "true");
      jbossEjbClientProperties.put("remote.connection.remoting.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");
      jbossEjbClientProperties.put("remote.connection.remoting.username", "purring");
      jbossEjbClientProperties.put("remote.connection.remoting.password", "pigeon");
      
      
      
      

       

      If I provide incorrect credentials the call will fail with :

      Jun 18, 2014 10:33:43 AM org.jboss.ejb.client.EJBClient <clinit>
      INFO: JBoss EJB Client version 1.0.11.Final-redhat-1
      Jun 18, 2014 10:33:43 AM org.jboss.remoting3.remote.RemoteConnection handleException
      ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
      
      
      
      

      So I know that the authentication is happening, but I am not sure how to get the caller principal to be created with the credentials provided.

       

      Is there a way to do that?

       

      Thanks.

       

      Message was edited by: Derek F Cleaned up the code....

        • 1. Re: Remote Stateless Session Bean - Access to Caller Principal?
          purringpigeon

          I was able to figure it out...

          Here are the steps to make it work...  The yellow was important in making the magic happen.


          Changes needed to the standalone.xml:

           

          1) Change the authentication from $local to jass and provide the realm name...

          <security-realm name="ApplicationRealm">

          <authentication>

          <jaas name="securityDomainName"/>

          <!--

          <local default-user="$local"/>

          <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>

          -->

          </authentication>

          </security-realm>

           

          2) Update the location of the login module to point to the deployment (since the login isn't its own module)

          <security-domain name=" securityDomainName ">

          <authentication>

             <login-module code="custom.login.module" module="deployment.myear.ear" flag="required">

          <module-option name="dsJndiName" value="java:/usersDB"/>

          <module-option name="principalsQuery" value="select * from users where user_lgn_nm=?"/>

          <module-option name="unauthenticatedIdentity" value="anonymous"/>

          </login-module>

          </authentication>

          </security-domain>

           

          3) Ensure this is set:

          <subsystem xmlns="urn:jboss:domain:remoting:1.1">

             <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>

          </subsystem>

           

          4) Client set up:

          Properties jbossEjbClientProperties = new Properties();

          jbossEjbClientProperties.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

          jbossEjbClientProperties.put("remote.connections", "remoting");

          jbossEjbClientProperties.put("remote.connection.remoting.host", "localhost");

          jbossEjbClientProperties.put("remote.connection.remoting.port", "4457");

          jbossEjbClientProperties.put("remote.connection.remoting.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "true");

          jbossEjbClientProperties.put("remote.connection.remoting.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");

          jbossEjbClientProperties.put("remote.connection.remoting.username", "myuser");

          jbossEjbClientProperties.put("remote.connection.remoting.password", "mypassword");

          jbossEjbClientProperties.put("remote.connection.remoting.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT","false");

          5) This annotation on the bean itself: @SecurityDomain("ApplicationRealm")