1 2 Previous Next 16 Replies Latest reply on Apr 22, 2015 7:25 AM by valsaraj007

    Remote login in WildFly-8.2

    valsaraj007

      Hi,

       

      I tried to remote login to WildFly-8.2 from client java class. The login seems to be worked but unable to get caller principal name in EJB method. It shows caller principal as $local always. Can anybody share how this can be solved?

       

      Thanks!

        • 1. Re: Remote login in WildFly-8.2
          dlofthouse

          Local authentication is kicking in as you are running the client locally, either run your client from a truly remote machine or remove local authentication from the ApplicationRealm definition.

          • 2. Re: Remote login in WildFly-8.2
            mpritt

            I'm having the same issue and I've removed the local authentication from the ApplicationRealm definition, and that still doesn't work for me (i.e. I've commented out the line

             

            <local default-user="$local" allowed-users="*" skip-group-loading="true"/>

             

            in the standalone.xml file).  I've also been trying to use the ClientLoginModule and LoginContext and I still don't see the principal created in the client passed to the server.

            1 of 1 people found this helpful
            • 3. Re: Remote login in WildFly-8.2
              valsaraj007

              Hi dlofthouse,

              I don't understand properly. Can you share some sample of what need to be changed? Which model you suggest for remote login, remote EJB? I logged in and accessed EJB using remote EJB model but since the principal is $local, it didn't work as expected.

               

              Thanks!

              • 4. Re: Remote login in WildFly-8.2
                valsaraj007

                Hi mpritt,

                 

                What was the principal shown instead of $local after commenting this line?

                 

                Thanks!

                • 5. Re: Remote login in WildFly-8.2
                  mpritt

                  No, I wouldn't get that far at all with the server...it threw the following exception on the client: 

                  java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms

                    at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)

                    at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:77)

                    at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)

                    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:155)

                    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:115)

                    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:47)

                    at org.jboss.ejb.client.EJBClientContext.getCurrent(EJBClientContext.java:271)

                    at org.jboss.ejb.client.EJBClientContext.requireCurrent(EJBClientContext.java:281)

                    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:176)

                    at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:144)

                    at com.sun.proxy.$Proxy0.add(Unknown Source)

                    at org.jboss.as.quickstarts.ejb.remote.client.RemoteEJBClient.invokeStatelessBean(RemoteEJBClient.java:162)

                    at org.jboss.as.quickstarts.ejb.remote.client.RemoteEJBClient.main(RemoteEJBClient.java:142)

                  Caused by: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms

                    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:388)

                    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)

                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                    at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:199)

                    at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:113)

                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                    at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)

                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                    at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

                    at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)

                    at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)

                    at ...asynchronous invocation...(Unknown Source)

                    at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:272)

                    at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:388)

                    at org.jboss.ejb.client.remoting.EndpointPool$PooledEndpoint.connect(EndpointPool.java:187)

                    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:153)

                    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:133)

                    at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:75)

                    ... 11 more

                  • 6. Re: Remote login in WildFly-8.2
                    valsaraj007

                    Hi Michael,

                     

                    Can you share the content of jboss-ejb-client.properties in your classpath?

                     

                    Thanks!

                    • 7. Re: Remote login in WildFly-8.2
                      valsaraj007

                      Hi Darran,

                       

                      Here is the content of jboss-ejb-client.properties in my class path:

                       

                      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                      remote.connections=default

                      remote.connection.default.host=localhost

                      remote.connection.default.port = 8080

                      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                       

                      In my client class:

                      public InitialContext getCtx() {

                              if (ctx == null) {

                                  try {

                                  final Hashtable<String, String> jndiProperties = new Hashtable<>();

                                      jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                                      ctx = new InitialContext(jndiProperties);

                                  } catch (NamingException ex) {

                                      throw new RuntimeException("Could not create initial context using supplied context properties", ex);

                                  }

                              }

                            

                              return ctx;

                          }

                       

                      public AppUser login(String uid, String password) {

                              // Login now

                              logger.info("Attempting to log in");

                            

                              System.setProperty(JAAS_LOGIN_CONFIG_PROPERTY, "app.auth");

                              UsernamePasswordHandler handler = new UsernamePasswordHandler(uid, password.toCharArray());

                              try {

                                  lc = new LoginContext("appLDAP", handler);

                                  lc.login();

                                  AppUser user = getAppBean().loginUser(uid, new Date());

                                  logger.info("User logged in as:" + lc.getSubject().getPrincipals());

                                  this.uid = uid;

                                  return user;

                              } catch (Exception ex) {

                                  throw new RuntimeException("Failed to login: " + uid, ex);

                              }

                          }

                       

                      In the EJB:

                      public AppUser loginUser( String principal, Date now) {

                                   // Verify that we have a subject to work with

                                   if (!principal.equals(ejbContext.getCallerPrincipal().getName())) {

                                      throw new IllegalStateException("[EJB]Principal not propagated to EJB");

                                  }

                               .............................

                               ...........................

                               return user;

                           }

                       

                      This code worked fine in JBoss 4.2.2.GA but in WildFly 8.2.0 it is throwing exception from EJB: throw new IllegalStateException("[EJB]Principal not propagated to EJB");

                       

                      It would be great if you can point out what's wrong or any suggestion or sample to make it working in WildFly.

                       

                      Thanks!

                      • 8. Re: Remote login in WildFly-8.2
                        valsaraj007

                        Hi Darran,

                         

                        I referred your solution here: https://developer.jboss.org/message/719442#719442

                        When I added this property, I got EJB Receiver not available error.

                         

                        remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                        remote.connections=default

                        remote.connection.default.host=localhost

                        remote.connection.default.port = 8080

                        remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                        remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

                        remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

                         

                        <subsystem xmlns="urn:jboss:domain:remoting:2.0">

                                        <endpoint worker="default"/>

                                        <http-connector name="http-remoting-connector" connector-ref="default" security-realm="SSLRealm"/>

                                    </subsystem>

                         

                        What is the cause this error?

                         

                        Thanks!

                        • 9. Re: Remote login in WildFly-8.2
                          mpritt

                          valsaraj,

                           

                          Here are my jboss-ejb-client.properties file.

                           

                          remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                          remote.connections=default

                          remote.connection.default.host=localhost

                          remote.connection.default.port = 8080

                          remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                          • 10. Re: Remote login in WildFly-8.2
                            mpritt

                            Hi Valsaraj,

                             

                            I got the principal passed using the following article: http://blog.jonasbandi.net/2013/08/jboss-remote-ejb-invocation-unexpected.html

                             

                            I believe the key is using the PropertiesBasedEJBClientConfiguration and setting a new ConfigBasedEJBClientContextSelector  for the EJBClientContext.  I'm still learning about why this all works, so read that article and give it a shot.

                             

                            Mike

                            1 of 1 people found this helpful
                            • 11. Re: Remote login in WildFly-8.2
                              valsaraj007

                              Thanks Micheal! Let me go through it.

                               

                              So you have used above jboss-ejb-client.properties file and the following code?

                              /////////////////////////////////////////////

                                 // Using the proprietary JBoss EJB Client API

                                 final Properties ejbProperties = new Properties();

                                ejbProperties.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

                                ejbProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                                ejbProperties.put("remote.connections", "1");

                                ejbProperties.put("remote.connection.1.host", "localhost");

                                ejbProperties.put("remote.connection.1.port", "4447");

                                 //ejbProperties.put("remote.connection.1.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER"); // needed for forcing authentication over remoting (i.e. if you have a custom login module)

                                 //ejbProperties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); // needed for a login module that requires the password in plaintext

                                ejbProperties.put("remote.connection.1.username", "ejbuser");

                                ejbProperties.put("remote.connection.1.password", "ejbuser123!");

                                 //ejbProperties.put("org.jboss.ejb.client.scoped.context", "true"); // Not needed when EJBClientContext.setSelector is called programatically. ATTENTION: Client-Interceptor registration below does not work with this property! BUG?

                               

                                 final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(ejbProperties);

                                 final ConfigBasedEJBClientContextSelector selector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);

                                 EJBClientContext.setSelector(selector);

                                 EJBClientContext.getCurrent().registerInterceptor(0, new ClientInterceptor());

                               

                                 final Context ejbContext = new InitialContext(ejbProperties);

                                 final HelloWorld ejbHelloWorld = (HelloWorld) ejbContext.lookup("ejb:ejbremote-ear/ejbremote-ejb/HelloWorldBean!"+ HelloWorld.class.getName());

                                 System.out.println(ejbHelloWorld.sayHello());

                              • 12. Re: Remote login in WildFly-8.2
                                valsaraj007

                                Hi Michael,

                                 

                                I have removed jboss-ejb-client.properties file and used programmatic login method as suggested in the link.

                                final Properties ejbProperties = new Properties();

                                                ejbProperties.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

                                                ejbProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                                                ejbProperties.put("remote.connections", "default");

                                                ejbProperties.put("remote.connection.default.host", "localhost");

                                                ejbProperties.put("remote.connection.default.port", "8080");

                                                ejbProperties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER"); // needed for forcing authentication over remoting (i.e. if you have a custom login module)

                                                ejbProperties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); // needed for a login module that requires the password in plaintext

                                                ejbProperties.put("remote.connection.default.username", "appUser");

                                                ejbProperties.put("remote.connection.default.password", "plain-password");

                                                //ejbProperties.put("org.jboss.ejb.client.scoped.context", "true"); // Not needed when EJBClientContext.setSelector is called programatically. ATTENTION: Client-Interceptor registration below does not work with this property! BUG?

                                                ctx = new InitialContext(ejbProperties);

                                             

                                                final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(ejbProperties);

                                                final ConfigBasedEJBClientContextSelector selector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);

                                                EJBClientContext.setSelector(selector);

                                                EJBClientContext.getCurrent().registerInterceptor(0, new ClientInterceptor());

                                 

                                But I got this error when I tried login.

                                ERROR [connection] JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms

                                WARN  [ConfigBasedEJBClientContextSelector] Could not register a EJB receiver for connection to localhost:8080

                                 

                                Do you have any idea how to resolve this?

                                 

                                Thanks!

                                • 13. Re: Remote login in WildFly-8.2
                                  mpritt

                                  Valsaraj,

                                   

                                  I took your properties and got the same error as you did.  However when I commented out the following line it worked and saw the principal passed to the server:

                                   

                                  ejbProperties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER"); // needed for forcing authentication over remoting (i.e. if you have a custom login module)


                                  Not sure why but when I did that it works.


                                  Mike

                                  1 of 1 people found this helpful
                                  • 14. Re: Remote login in WildFly-8.2
                                    valsaraj007

                                    Hi Michael,

                                    That's correct, when that property is removed it will work. Also, it is working even without the following code:

                                                    final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(ejbProperties);

                                                    final ConfigBasedEJBClientContextSelector selector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);

                                                    EJBClientContext.setSelector(selector);

                                                    EJBClientContext.getCurrent().registerInterceptor(0, new ClientInterceptor());

                                     

                                    Another issue that I faced is with my custom module. Even if I removed this property it didn't work because I am using custom login module which checks permission to access EJBs. When I login from client using LoginContext, password is not reached in plain form. It is coming as character array of an object.

                                     

                                    Thanks!

                                    1 2 Previous Next