1 2 Previous Next 17 Replies Latest reply on Sep 21, 2017 2:35 PM by wolfgangknauf

WildFly 11: Using Elytron on the client side

wolfgangknauf Sep 13, 2017 2:05 PM

Hi,

I try to dig my way through client login using Elytron (JavaEE application client, launched through "appclient.bat").

Question 1: for a programmatic login, it seems I need some JAR files on client side.

See e.g. the code snippet at https://docs.jboss.org/author/display/WFLY/Client+Authentication+with+Elytron+Client#ClientAuthenticationwithElytronClient-TheProgrammaticApproach => what JARs are needed? Most of the classes I found in "wildfly-11.0.0.CR1\modules\system\layers\base\org\wildfly\security\elytron-private\main\wildfly-elytron-1.1.1.Final.jar", but where are "Provider" and "WildFlyElytronProvider" from the sample?

I use Eclipse + JBoss Tools plugin, which provides a "WildFly 11" server runtime, but I assume that it lacks some JAR references, which would be worth a JBoss Tools JIRA. But I don't know the list of necessary files.

Question 2: what is the easiest way to do a login with credentials provided by the client app with minimal code?

The configuration file "wildfly-config.xml" just seems to support a fixed user/password.

And I don't want to do the security configuration in the client code - a config file is probably the better approach.

Is it possible to write a "wildfly-config.xml" file which declares all security related stuff, but username/password are provided by the client app? E.g. some callback?

Here is a sample file from a WildFly quickstart - I would like to avoid the "set-user-name" and "credentials" part:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="default-config"/>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="default-config">
                <set-user-name name="quickstartUser"/>
                <credentials>
                    <clear-password password="quickstartPwd1!"/>
                </credentials>
                <set-mechanism-realm name="LegacyRealm"/>
                <providers>
                    <use-service-loader />
                </providers>
            </configuration>
        </authentication-configurations>
    </authentication-client>
</configuration>

Thanks

Wolfgang

1. Re: WildFly 11: Using Elytron on the client side

wolfgangknauf Sep 17, 2017 6:45 AM (in response to wolfgangknauf)

I tried to apply the programmatic login code to my application client, but it seems the "appclient.bat" environment misses a reference:

12:40:42,319 ERROR [org.jboss.as.appclient] (Thread-45) WFLYAC0002: InvocationTargetException running app client main: java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_144]
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.8.0_144]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.8.0_144]
        at java.lang.reflect.Method.invoke(Unknown Source) [rt.jar:1.8.0_144]
        at org.jboss.as.appclient.service.ApplicationClientStartService$1.run(ApplicationClientStartService.java:99)
        at java.lang.Thread.run(Unknown Source) [rt.jar:1.8.0_144]
Caused by: java.lang.NoClassDefFoundError: org/wildfly/security/auth/client/AuthenticationConfiguration
        at org.jboss.as.quickstarts.ejb_security_jaas.RemoteClient.main(RemoteClient.java:43) [ejb_security_jaasClient.jar:]
        ... 6 more
Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.client.AuthenticationConfiguration from [Module "deployment.ejb_security_jaas.ear.ejb_security_jaasClient.jar" from Service Module Loader]
        at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:198) [jboss-modules.jar:1.6.0.Final]
        at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412) [jboss-modules.jar:1.6.0.Final]
        at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400) [jboss-modules.jar:1.6.0.Final]
        at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) [jboss-modules.jar:1.6.0.Final]
        ... 7 more

2. Re: WildFly 11: Using Elytron on the client side

wolfgangknauf Sep 18, 2017 2:43 PM (in response to wolfgangknauf)

OK, I managed to handle the ClassNotFoundException error by adding the line "<extension module="org.wildfly.extension.elytron"/>" to "appclient.xml" and by copying the "<subsystem xmlns="urn:wildfly:elytron:1.0">" and "<subsystem xmlns="urn:jboss:domain:security:2.0">" parts from "standalone.xml". But of course this did not work :-(.

It would be great if someone could give me some initial hints on how to use a JavaEE application client in combination with programmatic login, mostly based on the "ejb_security_jaas" quickstart.

Wolfgang
Actions
3. Re: WildFly 11: Using Elytron on the client side

jaikiran Sep 19, 2017 12:21 AM (in response to wolfgangknauf)

Is there any specific reason you are trying this as a (Java EE) application client instead of a standalone Java application? I have hardly seen anyone use a (Java EE) application client for anything advanced.
Actions
4. Re: WildFly 11: Using Elytron on the client side

wolfgangknauf Sep 19, 2017 2:35 AM (in response to jaikiran)

Nope, there is no specific reason, it is just an old sample that I try to convert to WildFly 11. Is advanced security/programmatic login not supported in JavaEE application client?

Using a "wildfly-config.xml" file with fixed login/password works here.

Wolfgang
Actions
5. Re: WildFly 11: Using Elytron on the client side

ctomc Sep 19, 2017 3:52 AM (in response to wolfgangknauf)

In WILDFLY_HOME/docs/examples you have enable-elytron.cli script
wildfly/enable-elytron.cli at master · wildfly/wildfly · GitHub

You would need to execute against your server so it configures elytron properly.
This works for standalone.xml, but it should be quite similar for app client.
Actions
6. Re: WildFly 11: Using Elytron on the client side

dmlloyd Sep 19, 2017 8:41 AM (in response to wolfgangknauf)

Wolfgang Knauf wrote:

Nope, there is no specific reason, it is just an old sample that I try to convert to WildFly 11. Is advanced security/programmatic login not supported in JavaEE application client?

Using a "wildfly-config.xml" file with fixed login/password works here.

Wolfgang

It should work by adding in the Elytron subsystem and configuring the authentication client. That said, I'm not aware of whether or not there are tests that cover the scenario...
Actions

7. Re: WildFly 11: Using Elytron on the client side

dmlloyd Sep 19, 2017 8:56 AM (in response to wolfgangknauf)

Wolfgang Knauf wrote:

I tried to apply the programmatic login code to my application client, but it seems the "appclient.bat" environment misses a reference:

12:40:42,319 ERROR [org.jboss.as.appclient] (Thread-45) WFLYAC0002: InvocationTargetException running app client main: java.lang.reflect.InvocationTargetException
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_144]
 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.8.0_144]
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.8.0_144]
 at java.lang.reflect.Method.invoke(Unknown Source) [rt.jar:1.8.0_144]
 at org.jboss.as.appclient.service.ApplicationClientStartService$1.run(ApplicationClientStartService.java:99)
 at java.lang.Thread.run(Unknown Source) [rt.jar:1.8.0_144]
Caused by: java.lang.NoClassDefFoundError: org/wildfly/security/auth/client/AuthenticationConfiguration
 at org.jboss.as.quickstarts.ejb_security_jaas.RemoteClient.main(RemoteClient.java:43) [ejb_security_jaasClient.jar:]
 ... 6 more
Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.client.AuthenticationConfiguration from [Module "deployment.ejb_security_jaas.ear.ejb_security_jaasClient.jar" from Service Module Loader]
 at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:198) [jboss-modules.jar:1.6.0.Final]
 at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412) [jboss-modules.jar:1.6.0.Final]
 at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400) [jboss-modules.jar:1.6.0.Final]
 at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) [jboss-modules.jar:1.6.0.Final]
 ... 7 more

What if you add the org.wildfly.security.elytron module manually as a dependency in the MANIFEST, or in jboss-deployment-structure.xml?

8. Re: WildFly 11: Using Elytron on the client side

wolfgangknauf Sep 19, 2017 1:46 PM (in response to dmlloyd)

Hi David,

perfect, adding "Dependencies: org.wildfly.security.elytron" to the manifest file fixed the ClassNotFoundException without having to modify "appclient.xml".

But programmatic login using the (modified) code snippet from https://docs.jboss.org/author/display/WFLY/Client+Authentication+with+Elytron+Client#ClientAuthenticationwithElytronClient-TheProgrammaticApproach still fails with an error "EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for..." with the inner exception "javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported". Is the reason for this that the code sample uses a Runnable, thus creating a new thread, which is probably against the JavaEE spec?
And probably I misconfigured my programmatic security while trying to adopt this code snippet.

Could someone check the code snippet in the WildFly doc? It does not compile: "AuthenticationConfiguration.EMPTY" is deprecated, and the method "allowSaslMechanisms" does not exist. Is it replaced with "useSaslProtocol"?

But the basic question: How could I replace the "wildfly-config.xml" file from the "ejb-security-jaas" quickstart using a programmatic login, so that I could specify login/password?

Best regards

Wolfgang
Actions
9. Re: WildFly 11: Using Elytron on the client side

dmlloyd Sep 19, 2017 2:15 PM (in response to wolfgangknauf)
Wolfgang Knauf wrote:

Hi David,

perfect, adding "Dependencies: org.wildfly.security.elytron" to the manifest file fixed the ClassNotFoundException without having to modify "appclient.xml".

But programmatic login using the (modified) code snippet from https://docs.jboss.org/author/display/WFLY/Client+Authentication+with+Elytron+Client#ClientAuthenticationwithElytronClient-TheProgrammaticApproach still fails with an error "EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for..." with the inner exception "javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported". Is the reason for this that the code sample uses a Runnable, thus creating a new thread, which is probably against the JavaEE spec?
The "PLAIN" mechanism is only supported when the client is configured to log in with a user name and password. Also creating a Runnable does not create a new thread! Nor does the context.run(runnable) method. It's just a block of code which is run while the authentication context is active.

A better example might look like this:

//create your authentication configuration AuthenticationConfiguration adminConfig = AuthenticationConfiguration.EMPTY .useProviders(() -> new Provider[] { new WildFlyElytronProvider() }) .setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism("DIGEST-MD5")) .useRealm("ManagementRealm") .useName("administrator") .usePassword("password1!"); //create your authentication context AuthenticationContext context = AuthenticationContext.empty(); context = context.with(MatchRule.ALL.matchHost("127.0.0.1"), adminConfig); // now run the action context.run(() -> { try { //Establish your connection and do some work } catch (Exception e) { e.printStackTrace(); } });

Hopefully this makes it more apparent that the inside of the body of the Runnable (shown as a lambda here) is simply run directly.
Actions
10. Re: WildFly 11: Using Elytron on the client side

fjuma Sep 19, 2017 2:26 PM (in response to wolfgangknauf)

Could someone check the code snippet in the WildFly doc? It does not compile: "AuthenticationConfiguration.EMPTY" is deprecated, and the method "allowSaslMechanisms" does not exist. Is it replaced with "useSaslProtocol"?
Thanks for pointing this out, I've updated the code snippet in the doc. AuthenticationConfiguration.empty() should now be used instead and as in David's example, the "setSaslMechanismSelector" method should be used instead of "allowSaslMechanisms".
Actions
11. Re: WildFly 11: Using Elytron on the client side

wolfgangknauf Sep 20, 2017 1:54 PM (in response to fjuma)
David,

it still does not work, below is the full client stacktrace.

I attach two versions of the sample, maybe you could take a look at it? Source code is included in the ear/jar files.
In "ejb_security_jaas.zip", there are two folders "wildflyconfigxml" (contains the working sample using wildfly-config.xml) and "programmatic" (contains my latest source code based on your suggestions).

To run it, you first have to modify "standalone.xml" with exactly the same "configure-elytron-jaas.cli" file taken from the "ejb-security-jaas" quickstart: https://github.com/wildfly/quickstart/tree/11.x/ejb-security-jaas
Then copy to deploy directory and run the client:
c:\Temp\wildfly-11.0.0.CR1\bin\appclient.bat ejb_security_jaas.ear#ejb_security_jaasClient.jar
And here is the stacktrace:
2017-09-20 19:40:05,022 ERROR [stderr] (Thread-45) javax.ejb.NoSuchEJBException: EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for "ejb_security_jaas/ejb_security_jaasEJB/SecuredEJB", view is interface org.jboss.as.quickstarts.ejb_security_jaas.SecuredEJBRemote, affinity is None
2017-09-20 19:40:05,023 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)
2017-09-20 19:40:05,023 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)
2017-09-20 19:40:05,023 ERROR [stderr] (Thread-45)     at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56)
2017-09-20 19:40:05,024 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:572)
2017-09-20 19:40:05,024 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)
2017-09-20 19:40:05,024 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:98)
2017-09-20 19:40:05,025 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:572)
2017-09-20 19:40:05,025 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)
2017-09-20 19:40:05,025 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:49)
2017-09-20 19:40:05,026 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:572)
2017-09-20 19:40:05,026 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)
2017-09-20 19:40:05,026 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:86)
2017-09-20 19:40:05,027 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:572)
2017-09-20 19:40:05,027 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)
2017-09-20 19:40:05,028 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:929)
2017-09-20 19:40:05,028 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:174)
2017-09-20 19:40:05,028 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:107)
2017-09-20 19:40:05,029 ERROR [stderr] (Thread-45)     at com.sun.proxy.$Proxy13.getSecurityInformation(Unknown Source)
2017-09-20 19:40:05,029 ERROR [stderr] (Thread-45)     at org.jboss.as.quickstarts.ejb_security_jaas.RemoteClient$1.run(RemoteClient.java:67)
2017-09-20 19:40:05,029 ERROR [stderr] (Thread-45)     at org.wildfly.common.context.Contextual.run(Contextual.java:73)
2017-09-20 19:40:05,029 ERROR [stderr] (Thread-45)     at org.jboss.as.quickstarts.ejb_security_jaas.RemoteClient.main(RemoteClient.java:83)
2017-09-20 19:40:05,030 ERROR [stderr] (Thread-45)     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2017-09-20 19:40:05,030 ERROR [stderr] (Thread-45)     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
2017-09-20 19:40:05,030 ERROR [stderr] (Thread-45)     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
2017-09-20 19:40:05,031 ERROR [stderr] (Thread-45)     at java.lang.reflect.Method.invoke(Unknown Source)
2017-09-20 19:40:05,031 ERROR [stderr] (Thread-45)     at org.jboss.as.appclient.service.ApplicationClientStartService$1.run(ApplicationClientStartService.java:99)
2017-09-20 19:40:05,031 ERROR [stderr] (Thread-45)     at java.lang.Thread.run(Unknown Source)
2017-09-20 19:40:05,032 ERROR [stderr] (Thread-45)     Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported
2017-09-20 19:40:05,032 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:440)
2017-09-20 19:40:05,032 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
2017-09-20 19:40:05,032 ERROR [stderr] (Thread-45)         at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
2017-09-20 19:40:05,033 ERROR [stderr] (Thread-45)         at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
2017-09-20 19:40:05,033 ERROR [stderr] (Thread-45)         at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
2017-09-20 19:40:05,034 ERROR [stderr] (Thread-45)         at org.xnio.nio.WorkerThread.run(WorkerThread.java:571)
2017-09-20 19:40:05,034 ERROR [stderr] (Thread-45)         at ...asynchronous invocation...(Unknown Source)
2017-09-20 19:40:05,034 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570)
2017-09-20 19:40:05,034 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:536)
2017-09-20 19:40:05,035 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83)
2017-09-20 19:40:05,035 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56)
2017-09-20 19:40:05,035 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:487)
2017-09-20 19:40:05,035 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433)
2017-09-20 19:40:05,036 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51)
2017-09-20 19:40:05,036 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122)
2017-09-20 19:40:05,036 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.lambda$connectAndDiscover$0(RemotingEJBDiscoveryProvider.java:340)
2017-09-20 19:40:05,037 ERROR [stderr] (Thread-45)         at java.security.AccessController.doPrivileged(Native Method)
2017-09-20 19:40:05,037 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.connectAndDiscover(RemotingEJBDiscoveryProvider.java:340)
2017-09-20 19:40:05,037 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:135)
2017-09-20 19:40:05,037 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemoteEJBDiscoveryConfigurator.lambda$configure$0(RemoteEJBDiscoveryConfigurator.java:42)
2017-09-20 19:40:05,038 ERROR [stderr] (Thread-45)         at org.wildfly.discovery.Discovery.discover(Discovery.java:100)
2017-09-20 19:40:05,038 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.discover(DiscoveryEJBClientInterceptor.java:188)
2017-09-20 19:40:05,039 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.doAnyDiscovery(DiscoveryEJBClientInterceptor.java:317)
2017-09-20 19:40:05,039 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.executeDiscovery(DiscoveryEJBClientInterceptor.java:256)
2017-09-20 19:40:05,039 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:82)
2017-09-20 19:40:05,039 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:470)
2017-09-20 19:40:05,040 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:45)
2017-09-20 19:40:05,040 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:470)
2017-09-20 19:40:05,040 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:81)
2017-09-20 19:40:05,040 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:470)
2017-09-20 19:40:05,041 ERROR [stderr] (Thread-45)         at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203)
2017-09-20 19:40:05,041 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:306)
2017-09-20 19:40:05,041 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:170)
2017-09-20 19:40:05,041 ERROR [stderr] (Thread-45)         ... 11 more
2017-09-20 19:40:05,042 ERROR [stderr] (Thread-45)     Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported
2017-09-20 19:40:05,043 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:440)
2017-09-20 19:40:05,043 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
2017-09-20 19:40:05,043 ERROR [stderr] (Thread-45)         at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
2017-09-20 19:40:05,044 ERROR [stderr] (Thread-45)         at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
2017-09-20 19:40:05,044 ERROR [stderr] (Thread-45)         at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
2017-09-20 19:40:05,044 ERROR [stderr] (Thread-45)         at org.xnio.nio.WorkerThread.run(WorkerThread.java:571)
2017-09-20 19:40:05,044 ERROR [stderr] (Thread-45)         at ...asynchronous invocation...(Unknown Source)
2017-09-20 19:40:05,045 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570)
2017-09-20 19:40:05,045 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:536)
2017-09-20 19:40:05,045 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83)
2017-09-20 19:40:05,046 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56)
2017-09-20 19:40:05,046 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:487)
2017-09-20 19:40:05,046 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433)
2017-09-20 19:40:05,047 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51)
2017-09-20 19:40:05,047 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122)
2017-09-20 19:40:05,047 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.lambda$connectAndDiscover$0(RemotingEJBDiscoveryProvider.java:340)
2017-09-20 19:40:05,047 ERROR [stderr] (Thread-45)         at java.security.AccessController.doPrivileged(Native Method)
2017-09-20 19:40:05,048 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.connectAndDiscover(RemotingEJBDiscoveryProvider.java:340)
2017-09-20 19:40:05,048 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.countDown(RemotingEJBDiscoveryProvider.java:417)
2017-09-20 19:40:05,048 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt$1.handleFailed(RemotingEJBDiscoveryProvider.java:306)
2017-09-20 19:40:05,049 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt$1.handleFailed(RemotingEJBDiscoveryProvider.java:298)
2017-09-20 19:40:05,049 ERROR [stderr] (Thread-45)         at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215)
2017-09-20 19:40:05,049 ERROR [stderr] (Thread-45)         at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720)
2017-09-20 19:40:05,050 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
2017-09-20 19:40:05,050 ERROR [stderr] (Thread-45)         at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
2017-09-20 19:40:05,050 ERROR [stderr] (Thread-45)         at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
2017-09-20 19:40:05,050 ERROR [stderr] (Thread-45)         ... 1 more

Thanks

Wolfgang

ejb_security_jaas.zip 25.4 KB
Actions
12. Re: WildFly 11: Using Elytron on the client side

dmlloyd Sep 20, 2017 2:03 PM (in response to wolfgangknauf)
Wolfgang Knauf wrote:

David,

it still does not work, below is the full client stacktrace.

I attach two versions of the sample, maybe you could take a look at it? Source code is included in the ear/jar files.
In "ejb_security_jaas.zip", there are two folders "wildflyconfigxml" (contains the working sample using wildfly-config.xml) and "programmatic" (contains my latest source code based on your suggestions).

To run it, you first have to modify "standalone.xml" with exactly the same "configure-elytron-jaas.cli" file taken from the "ejb-security-jaas" quickstart: https://github.com/wildfly/quickstart/tree/11.x/ejb-security-jaas
Then copy to deploy directory and run the client:
c:\Temp\wildfly-11.0.0.CR1\bin\appclient.bat ejb_security_jaas.ear#ejb_security_jaasClient.jar
And here is the stacktrace:
2017-09-20 19:40:05,042 ERROR [stderr] (Thread-45) Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported

Thanks

Wolfgang
This error occurs because your client configuration does not have a password configured; PLAIN requires a password so therefore it is not supported. You can choose to configure a password on your client ("usePassword" is the method on AuthenticationConfiguration), or you can enable a mechanism which does not require a password (there are not many though: JBOSS-LOCAL-USER is the only likely candidate and it only works if the client is on the same host as the server).
Actions
13. Re: WildFly 11: Using Elytron on the client side

fjuma Sep 20, 2017 3:04 PM (in response to wolfgangknauf)

One thing to note is that it looks like there's one difference between your working wildfly-config.xml file and your programmatic set up - the rule used for deciding which authentication configuration to use when establishing a connection is slightly different. The <rule use-configuration="default-config"/> line in your wildfly-config.xml file indicates that the "default-config" authentication configuration should always be used. However, in your programmatic set up, context.with(MatchRule.ALL.matchHost("127.0.0.1"), adminConfig) indicates that the authentication configuration you specified should only be used if the name of the host that the client is attempting to connect to matches "127.0.0.1". If your client is attempting to connect to a host other than "127.0.0.1", the rule won't match so your authentication configuration won't get used. One thing you could try to do is change the rule in your programmatic set up to context.with(MatchRule.ALL, adminConfig) to see if that makes a difference.
Actions
14. Re: WildFly 11: Using Elytron on the client side

wolfgangknauf Sep 20, 2017 3:29 PM (in response to fjuma)
Hi David,

"usePassword" is already part of my code ;-).

The change to
context = context.with(MatchRule.ALL, adminConfig);
did not make any change. The client connects to localhost.
Actions

1 2 Previous Next

Go to original post