0 Replies Latest reply on Jul 15, 2014 10:53 AM by marco.simoes

Create a SecurityRealm for remoting JMS in domain mode - JBoss EAP 6.2.3

marco.simoes Jul 15, 2014 10:53 AM

Hi Guys,

I have a question about create new security Realm for my remoting JMS in domain mode.

I have a Domain Controller with JBoss EAP 6.2.3 without any servers, and in another machine i have a Host Controller with JBoss EAP 6.2.3 with one server in full profile.

I configured a queeu in Domain Controller with name "testQueue".

When i created a JMS client Connection to send messages for queue on Host Controller target machine, i got this error::

Error
ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed Exception in thread "main" javax.naming.NamingException: Failed to connect to any server. Servers tried: [remote://192.168.56.81:4447] at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:213) at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:144) at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:125) at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:241) at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:79) at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:83) at javax.naming.InitialContext.lookup(InitialContext.java:411) at com.teste.jms.QueueSend.init(QueueSend.java:35) at com.teste.jms.QueueSend.main(QueueSend.java:65)

Error

ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

Exception in thread "main" javax.naming.NamingException: Failed to connect to any server. Servers tried: [remote://192.168.56.81:4447]

at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:213)

at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:144)

at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:125)

at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:241)

at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:79)

at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:83)

at javax.naming.InitialContext.lookup(InitialContext.java:411)

at com.teste.jms.QueueSend.init(QueueSend.java:35)

at com.teste.jms.QueueSend.main(QueueSend.java:65)

In my Domain Controller i added user to ApplicationRealm correct. In my Host Controller i don't added a user, but when i add the problem is fixed.

My questions is, how can i will create a security Realm to use only users of Domain Controller and not necessary create users on Host Controller ?

I'm tryed to implements this solutions, but not works:

Domain.xml
<subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="JMSRealm"/> </subsystem> <subsystem xmlns="urn:jboss:domain:security:1.2"> <security-domains> <security-domain name="jms-security-domain" cache-type="default"> <authentication> <login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="defaultUsersProperties" value="${jboss.server.config.dir}/application-users.properties"/> <module-option name="defaultRolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain> .....

Domain.xml

</subsystem>

<security-domains>

<security-domain name="jms-security-domain" cache-type="default">

<login-module code="Remoting" flag="optional">

<module-option name="password-stacking" value="useFirstPass"/>

</login-module>

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

<module-option name="defaultUsersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

<module-option name="defaultRolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

<module-option name="password-stacking" value="useFirstPass"/>

</login-module>

</authentication>

</security-domain>

.....

host.xml
<security-realm name="JMSRealm"> <authentication> <jaas name="jms-security-domain"/> </authentication> </security-realm>

host.xml

<security-realm name="JMSRealm">
        <authentication>
                  <jaas name="jms-security-domain"/>
        </authentication>

</security-realm>

Thanks.