Need help: Jboss EAP 6.4/7.5 access with Fat EJB3 Client using LDAP
sandfurz Jul 28, 2015 8:13 AMHi,
I'm using Jboss EAP 6.4 and I want to access the server via a Java Swing Client which connects to the EJB3 on the server.
So far I'm able to connect when the users are stored locally in application-user.properties etc. via the standard ApplicationRealm
<security-realm name="ApplicationRealm">
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
[..]
<subsystem xmlns="urn:jboss:domain:remoting:1.2">
<connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
</subsystem>
The client uses the jboss-ejb-client.properties and the user and password is set there:
remote.connection.default.username=myuser
remote.connection.default.password=mypassword
Now I want to connect the JBoss to a LDAP server and the Client should authenticate again the users in that LDAP.
I created a new security-realm:
<security-realm name="LdapSecurityrealm">
<server-identities>
<ssl protocol="TLSv1">
<keystore path="admin.jks" relative-to="jboss.server.config.dir" keystore-password="pass" alias="alias"/>
</ssl>
</server-identities>
<authentication>
<ldap connection="ldap_connection" base-dn="ou=people,dc=company,dc=eu">
<username-filter attribute="uid"/>
</ldap>
</authentication>
<authorization>
<ldap connection="ldap_connection">
<group-search group-name="SIMPLE" group-name-attribute="cn">
<group-to-principal search-by="DISTINGUISHED_NAME" base-dn="ou=groups,dc=company,dc=eu" recursive="true">
<membership-filter principal-attribute="uniqueMember"/>
</group-to-principal>
</group-search>
</ldap>
</authorization>
</security-realm>
<outbound-connections>
<ldap name="ldap_connection" url="ldaps://ldap.company.eu:636" search-dn="uid=user,ou=people,dc=company,dc=eu" search-credential="secret"/>
</outbound-connections>
I changed the remoting subsystem:
<subsystem xmlns="urn:jboss:domain:remoting:1.2">
<connector name="remoting-connector" socket-binding="remoting" security-realm="LdapSecurityrealm"/>
</subsystem>
And I expected this should work similar when providing the user/password via the jboss-ejb-client.properties files.
But it's not working.
Do I need an additional security-domain or what is missing here ?
I hope you can help me.
Many thanks
kr
Mark
Message was edited by: M P OK, found the solution. In this case, the connection between Client and JBoss has to be SSL. jboss-ejb-clientSSL.properties: endpoint.name=client-endpoint remote.connections=default remote.connection.default.host=host remote.connection.default.port=4447 remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER remote.connection.default.username=user remote.connection.default.password=pass remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS=true remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=true