3 Replies Latest reply on May 18, 2015 6:23 AM by ace1988

    JAAS via Wildfly

    ace1988

      Hello community,

       

      I want to use a JAAS-Authentication in a JAVA application via Wildfly (8.2.0).

      I have tried serveral methods and configurations....but I still get errors at the login (LoginContext)

       

      I have started to configure the standalone.xml (wildfly):

       

      - created a new security realm „TPRealm“ with the Jaas-authentication:

            

                     <security-realm name="TPRealm">

                           <authentication>

                                    <jaas name="TPLogin"/>

                           </authentication>

                      </security-realm>

       

       

      - set the realm as default?:

       

              <subsystem xmlns="urn:jboss:domain:remoting:2.0">

                      <endpoint worker="default"/>

                      <http-connector name="http-remoting-connector" connector-ref="default" security-realm="TPRealm"/>

              </subsystem>


       

      - at Last, I have created a security domain „TPLogin“ with the login module:


      <security-domain name="TPLogin" cache-type="default">

            <authentication>

                 <login-module code="Database" flag="required">

                      <module-option name="dsJndiName" value="java:jboss/datasources/TourPlanningDS"/>

                      <module-option name="principalsQuery" value="select passwordHash from TaUser where login=?"/>

                 </login-module>

            </authentication>

      </security-domain>





      In Java:

       

       

      String username = "Admin";
      String password = "admin";

      PasswordClientCallbackHandler handler = new PasswordClientCallbackHandler(username, "TPRealm", password.toCharArray());

      try {
           
      LoginContext loginContext = new LoginContext("TPRealm", handler);
           
      loginContext.login();
      } catch (LoginException e) {
           
      System.out.println("Login failed");
           
      return;
      }

       

       

      In Line 8 "new LoginContext(...)", I get following error
      javax.security.auth.login.LoginException: No LoginModules configured for TPRealm


      Moreoften i read, that a config-file is needed (jaas.config):

      TPRealm {


            org.jboss.security.auth.spi.TPLogin required;  // I dont know, what exactly have to stay here

      }
       
      I added this file to the System.Properties.


      System.setProperty("java.security.auth.login.config", jaasConfig)  //jaasConfig = path to file


      With this, I can compile "new LoginContext(...)" but compiling failes at the next line at loginContext.login():

      javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.auth.spi.TPLogin

      I also watched the log of wildfly expecting anything to be logged while running the code, but nothing was logged.


      In the Java Application i have added also these properties:


       

      Properties ejbProps = new Properties();

      ejbProps.put("endpoint.name", "client-endpoint");

      ejbProps.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

      ejbProps.put("remote.connections", "default");

      ejbProps.put("remote.connection.default.host", "localhost");

      ejbProps.put("remote.connection.default.port", "8080");

      ejbProps.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");

       

      EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(ejbProps);

      ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);

      EJBClientContext.setSelector(selector);

       


      Do i need to set further properties?
      Should i take notice on something else?



      I would be really pleased, if anyone could help me


        • 1. Re: JAAS via Wildfly
          jewellgm

          When you instantiate the LoginContext, I think you need to change the name from "TPRealm" to "TPLogin".  The TPLogin domain is where the authentication modules are defined.

           

          If you are able to get this to work, let me know.  Even though I can see that authentication occurs, the secured EJB doesn't seem to be receiving the credentials of the user, and I always get EJBAccessExceptions if the secured method in question isn't marked with a @PermitAll annotation.

          • 2. Re: JAAS via Wildfly
            ace1988

            Hello Greg,

             

            thanks for your reply

             

            I have changed now the name from "TPRealm" to "TPLogin".

            But unfortunately, i get still the same errors...

            • 3. Re: JAAS via Wildfly
              ace1988

              So...

              Now i get another problem.

               

              I can now use the login via JAAS almost succesfully:

               

              //USER - Ace

              //PASSWORD - myPassword

              LoginContext tLoginContext = new LoginContext(realm, new PasswordClientCallbackHandler(user, realm, password.toCharArray()));

              tLoginContext.login();

              (Tested with  "Subject subj = tLoginContext.getSubject();"  --> Subject NOT null)

               

               

              Then i execute following Code:

               

              System.out.println("login by " + sessionContext.getCallerPrincipal().getName());

               

              I have excepted, that this will print "login by Ace"

              But i get "login by @local"

               

               

              Why i am still logged in with "$local" and not with "Ace"   

              What should I do, that this works?