0 Replies Latest reply on Jun 15, 2016 5:46 PM by yoav-golan

    EJBAccessException: JBAS013323: Invalid User - move to sso

    yoav-golan
    yoav-golan Jun 15, 2016 5:46 PM

      In our company application , we run few jboss 7.1 server instances on few machines. Every instance is being started with the same applicative user .

      The authentication is done against ldap . Client is a standalone Swing application.

      When a remote call is done between the jboss instances (EJB or pure RMI) the user is used for authentication.

      Sometimes we are getting Error :javax.ejb.EJBAccessException: Invalid User (see below) – this because the user is being locked on ldap for some reasone.

      My question is this : can I use sso in order to avoid authentication on remote call between servers ? if so , can you explain how ? I mean what is the configuration in standalone.xml in every server instance in order to keep it started with the applicative user but not request the user when a call to remote interface is being made from other instance ?

       

      1. javax.ejb.EJBAccessException: JBAS013323: Invalid User

      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:57)

      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:48)

      at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:83)

      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

      at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)

      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

      at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)

      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

      at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)

      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

      at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55)

      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

      at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)

      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)

      at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:185)

      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:329)

      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:70)

      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:203)

      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

      at java.util.concurrent.FutureTask.run(FutureTask.java:262)

      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

      at java.lang.Thread.run(Thread.java:745)

      at org.jboss.threads.JBossThread.run(JBossThread.java:122)

      at ...asynchronous invocation...(Unknown Source)

      at org.jboss.ejb.client.remoting.InvocationExceptionResponseHandler$MethodInvocationExceptionResultProducer.getResult(InvocationExceptionResponseHandler.java:99)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:272)

      at org.jboss.ejb.client.EJBObjectInterceptor.handleInvocationResult(EJBObjectInterceptor.java:64)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:274)

      at org.jboss.ejb.client.EJBHomeInterceptor.handleInvocationResult(EJBHomeInterceptor.java:88)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:274)

      at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:46)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:274)

      at org.jboss.ejb.client.ReceiverInterceptor.handleInvocationResult(ReceiverInterceptor.java:129)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:262)

      at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:437)

      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:202)

      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:181)

      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:144)

      at com.sun.proxy.$Proxy57.getPricingEnv(Unknown Source)

      at sun.reflect.GeneratedMethodAccessor150.invoke(Unknown Source)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

      at java.lang.reflect.Method.invoke(Method.java:606)



      <security-domains>

                      <security-domain name="db-security-domain" cache-type="default">

                          <authentication>

                            <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                              <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                              <module-option name="java.naming.provider.url" value=""/>

                              <module-option name="bindDN" value=""/>

                              <module-option name="bindCredential" value=""/>

                              <module-option name="baseCtxDN" value=""/>

                              <module-option name="baseFilter" value="(sAMAccountName={0})"/>

                              <module-option name="rolesCtxDN" value="DC=hq,DC=il,DC=leumi"/>

                              <module-option name="roleFilter" value="(sAMAccountName={0})"/>

                              <module-option name="roleAttributeID" value="memberOf"/>

                              <module-option name="roleAttributeIsDN" value="true"/>

                              <module-option name="roleNameAttributeID" value="cn"/>

                              <module-option name="allowEmptyPasswords" value="false"/>

                              <module-option name="throwValidateError" value="true"/>

                              <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                  <module-option name="password-stacking" value="useFirstPass"/>

                  <module-option name="parseUsername" value="true" />

                  <module-option name="usernameBeginString" value="\" />

                   <module-option name="usernameEndString" value="\" />

                              </login-module>

                   <login-module code="RoleMapping" flag="required">

                                              

                    <module-option name="rolesProperties" value="file:D:\\AD\\roleMapping.properties"/>

                    <module-option name="replaceRole" value="false"/>

                    </login-module>

                                         

                          </authentication>

                      </security-domain>