Migrate Jboss AS 6 to WildFly 10 (UsersRolesLoginModule, CallerIdentityLoginModule, <security-domain>IG_CallerDS</security-domain>)?
boa-ig Dec 1, 2016 3:22 AMPlease tell me how to migrate an application from the Jboss AS 6 in WildFly 10?
(sorry my english).
really want to read an example of realizing the possibilities of Jboss AS 6, if it is possible to implement in WildFly
Configuration Jboss AS 6:
<application-policy name = "IGRoles">
<authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">IG_users.properties</module-option> <module-option name="rolesProperties">IG_roles.properties</module-option> </login-module> </authentication> </application-policy>
<application-policy name = "IG_CallerDS"> <authentication> <login-module code = "org.jboss.resource.security.CallerIdentityLoginModule" flag = "required"> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OraDSIG</module-option> </login-module> </authentication> </application-policy>
<datasources> <local-tx-datasource> <jndi-name>OraDSIG</jndi-name> <connection-url>jdbc:oracle:thin:@localhost:1521:olg1</connection-url> <driver-class>oracle.jdbc.driver.OracleDriver</driver-class> <security-domain>IG_CallerDS</security-domain> <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name> </local-tx-datasource> </datasources>
Configuration WildFly 10:
test did the following:
- standalone.xml
<security-domain name="ejb-security-domain33" cache-type="default"> <authentication> <login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="UsersRoles" flag="required"> <module-option name="defaultUsersProperties" value="${jboss.server.config.dir}/ejb-users.properties"/> <module-option name="defaultRolesProperties" value="${jboss.server.config.dir}/ejb-roles.properties"/> <module-option name="usersProperties" value="${jboss.server.config.dir}/ejb-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/ejb-roles.properties"/> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain>
does not transmit the password but the file ejb-users.propertis requires
<security-domain name="ejb-security-domain" cache-type="default"> <authentication> <login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="RealmDirect" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="DatabaseUsers" flag="required"> <module-option name="dsJndiName" value="java:jboss/OraDSIG"/> <module-option name="principalsQuery" value="select passwd AS PASSWORD from IG.USERS where login=?"/> <module-option name="rolesQuery" value="select role 'Roles', RoleGroup from IG.USER_ROLES where login=?"/> </login-module> </authentication> </security-domain>
I checked a lot of variants, but the error is always this:
2016-12-01 10:46:14,472 TRACE [org.jboss.security] (default task-2) PBOX00236: Begin initialize method
2016-12-01 10:46:14,472 TRACE [org.jboss.security] (default task-2) PBOX00240: Begin login method
2016-12-01 10:46:14,472 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (default task-2) Storing username 'ejbUser'
2016-12-01 10:46:14,472 TRACE [org.jboss.security] (default task-2) PBOX00236: Begin initialize method
2016-12-01 10:46:14,472 TRACE [org.jboss.security] (default task-2) PBOX00240: Begin login method
2016-12-01 10:46:14,473 TRACE [org.jboss.security] (default task-2) PBOX00236: Begin initialize method
2016-12-01 10:46:14,473 TRACE [org.jboss.security] (default task-2) PBOX00262: Module options [dsJndiName: java:jboss/OraDSIG, principalsQuery: select passwd AS PASSWORD from IG.USERS where login=?, rolesQuery: select role 'Roles', RoleGroup from IG.USER_ROLES where login=?, suspendResume: true]
2016-12-01 10:46:14,474 TRACE [org.jboss.security] (default task-2) PBOX00240: Begin login method
2016-12-01 10:46:15,283 TRACE [org.jboss.security] (default task-2) PBOX00263: Executing query select passwd AS PASSWORD from IG.USERS where login=? with username ejbUser
2016-12-01 10:46:15,618 DEBUG [org.jboss.security] (default task-2) PBOX00283: Bad password for username ejbUser
2016-12-01 10:46:15,619 TRACE [org.jboss.security] (default task-2) PBOX00244: Begin abort method, overall result: true
2016-12-01 10:46:15,619 TRACE [org.jboss.security] (default task-2) PBOX00244: Begin abort method, overall result: true
2016-12-01 10:46:15,619 TRACE [org.jboss.security] (default task-2) PBOX00244: Begin abort method, overall result: false
2016-12-01 10:46:15,619 DEBUG [org.jboss.security] (default task-2) PBOX00206: Login failure: javax.security.auth.login.FailedLoginException: PBOX00070: Password invalid/Password required
<datasource jta="false" jndi-name="java:jboss/OraDSIG" pool-name="OraDSIG" enabled="true" use-ccm="false"> <connection-url>jdbc:oracle:thin:@localhost:1521:olg1</connection-url> <driver-class>oracle.jdbc.driver.OracleDriver</driver-class> <driver>oracle</driver> <security> <user-name>ig</user-name> <password>abcd</password> </security> <validation> <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/> <background-validation>true</background-validation> <stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker"/> <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/> </validation> </datasource>
<driver name="oracle" module="com.oracle.jdbc"> <driver-class>oracle.jdbc.driver.OracleDriver</driver-class> </driver>
Client WildFly 10
CallerRemote remote=IGGetEJB.getEJBAccess3("ejbUser","1","127.0.0.1","8080");
…..
public static CallerRemote getEJBAccess3(String uName, String uPass,String serverHost, String serverPort) { String serverUrl = "http-remoting://" + serverHost + ":" + serverPort; // serverPort обычно 4447 Hashtable<String, Object> params = new Hashtable<String, Object>(); params.put(Context.PROVIDER_URL, serverUrl); params.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"); params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory"); params.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "true"); // params.put(Context.SECURITY_PRINCIPAL, uName); //java.naming.security.principal // params.put(Context.SECURITY_CREDENTIALS, uPass);//java.naming.security.credentials Properties clientProp = new Properties(); clientProp.put("remote.connections", "default"); clientProp.put("remote.connection.default.host", serverHost); clientProp.put("remote.connection.default.port", serverPort); clientProp.put("remote.connection.default.username", uName); // clientProp.put("remote.connection.default.password",uPass); /* try { MessageDigest md = MessageDigest.getInstance("SHA-256"); byte[] passwordBytes = uPass.getBytes(); byte[] hash = md.digest(passwordBytes); String passwordHash = Base64.getEncoder().encodeToString(hash); System.out.println("password hash: "+passwordHash); clientProp.put("remote.connection.default.password", "a4ayc/80/OGda4BO/1o/V0etpOqiLx1JwB5S3beHW0s="); } catch (NoSuchAlgorithmException e1) { // TODO Auto-generated catch block e1.printStackTrace(); }*/ clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "true"); // clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS","JBOSS-LOCAL-USER"); clientProp.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "true"); EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(clientProp); ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc); EJBClientContext.setSelector(selector); // EJBClientContext.getCurrent().registerInterceptor(0, new ClientInterceptor()); try { InitialContext context = new InitialContext(params); final String jndiName = "/TestRemoteEJBEAR/CallerBean!remote.CallerRemote"; CallerRemote remote = (CallerRemote) context.lookup(jndiName); // CallerRemote remote = connectEjb(context, jndiName); return remote; } catch (NamingException e) { // TODO Auto-generated catch block e.printStackTrace(); } return null; }