3 Replies Latest reply on Feb 3, 2017 3:14 AM by macrergate

    Bug in WildFly http-remoting

    valsaraj007

      When I access remote EJB, the login credentials are passed into the custom security domain that is set for all EJBs. Here password is received in my custom login module as org.jboss.as.security.remoting.RemotingConnectionCredential@35ddbd0f.

       

      But when we login from browser, password is received as entered. What's wrong with remote calls?

       

      Here is my jndi.properties

        java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory java.naming.provider.url=http-remoting://localhost:8080 java.naming.security.principal=xxxx java.naming.security.credentials=xxxx jboss.naming.client.ejb.context=true

      I checked with latest stable version 8.2.0.

        • 1. Re: Bug in WildFly http-remoting
          macrergate

          I have same problem with wildfly10.10.Final

           

          JBossCallbackHandler

          has

          private Object credential;

          and

          /** Try to convert the credential value into a char[] using the
          first of the following attempts which succeeds:

          1. Check for instanceof char[]
          2. Check for instanceof String and then use toCharArray()
          3. See if credential has a toCharArray() method and use it
          4. Use toString() followed by toCharArray().
          @return a char[] representation of the credential.
          */
          private char[] getPassword()

          {

             char[] password = null;

             if (credential instanceof char[])

            {

            password = (char[]) credential;

            }

             else if (credential instanceof String)

            {

            String s = (String) credential;

            password = s.toCharArray();

            }

             else
             {

             try
             {

            Class<?>[] types = {};

            Method m = credential.getClass().getMethod("toCharArray", types);

            Object[] args = {};

            password = (char[]) m.invoke(credential, args);

            }

             catch (Exception e)

            {

             if (credential != null)

            {

            String s = credential.toString();

            password = s.toCharArray();

            }

            }

            }

             return password;

          }

           

          but credential in my case is instance of org.jboss.as.security.remoting.RemotingConnectionCredential

           

          It does not have implementations neither toCharArray, nor toString methods.

          1 of 1 people found this helpful
          • 2. Re: Bug in WildFly http-remoting
            macrergate

            the problem was in server configuration. 

            remoting/http-connector/security-realm value was incorrect.

            1 of 1 people found this helpful