5 Replies Latest reply on Nov 29, 2017 7:49 AM by irfan.dogar

    Wildfly 10.1.0 getting "anonymous" as principal name in EJB

    asimkhalil

      HI,

       

      Problem Statement: context.getCallerPrincipal().getName() always gives "anonymous" with following client and server settings

       

      Client Side Settings:

       

      jboss-ejb-client.properties

       

      jboss-ejb-client-snippet.PNG

      Initial Context Creation

       

      initial-context.PNG

       

      Used jboss-client.jar

       

      I have used the jboss-client.jar lib provided with in "WILDFLY_HOME/bin/client" directory

       

      Server Side Settings

       

      standalone-full.xml

       

      ejb realm:

       

      ejb -realm.PNG

       

      remoting subsystem settings:

      outbound.PNG

       

      Socket binding group:

       

      socket binding group.PNG

       

      application-users.properties

       

      Application-users.PNG

       

      application-roles.properties

       

      No change in this file

       

      Session Bean Changes

       

      @Stateless

      @Local(AbstractEnterpriseSessionFacadeLocal.class)

      @Remote(AbstractEnterpriseSessionFacadeRemote.class)

      @SuppressWarnings({WarningConst.UNCHECKED, "rawtypes"})

      @PermitAll

      //@org.jboss.ejb3.annotation.SecurityDomain("acegi-simple")

      public class AbstractEnterpriseSessionFacadeBean<T, E extends IGeneralObject> implements AbstractEnterpriseSessionFacade {

       

      injection of context in above class

       

      @Resource

          private transient SessionContext context;

       

      After above settings, when I am calling context.getCallerPrincipal().getName() it always gives me "anonymous"

       

      Please help!

       

      If more detail is needed I can also provide

        • 1. Re: Wildfly 10.1.0 getting "anonymous" as principal name in EJB
          jaikiran

          Why is the SecurityDomain annotation on that EJB commented out? The value of that annotation should actually point to a valid security domain configured in the subsystem for security to be enabled on the EJB.

          • 2. Re: Wildfly 10.1.0 getting "anonymous" as principal name in EJB
            asimkhalil

            Hi, Thanks for your quick reply

             

            I have also tried by un commenting the security domain annoation. and also providing the security domain settings in "other" domain tag. BUt I am getting the same problem

             

            Please see below is the security domain I am using

             

                           <security-domain name="acegi-simple">

                                <authentication>

                                    <login-module code="com.os.sp.undertow.extension.CustomSpringSecurityModule" flag="required">

                                        <module-option name="dsJndiName" value="java:/OSSPDS"/>

                                        <module-option name="hashAlgorithm" value="MD5"/>

                                        <module-option name="hashEncoding" value="hex"/>

                                        <module-option name="appContextLocation" value="META-INF/acegi-simple.xml"/>

                                        <module-option name="key" value="required_key"/>

                                    </login-module>

                                </authentication>

                                <authorization>

                                    <policy-module code="com.os.sp.undertow.extension.CustomSpringSecurityModule" flag="required">

                                        <module-option name="dsJndiName" value="java:/OSSPDS"/>

                                        <module-option name="hashAlgorithm" value="MD5"/>

                                        <module-option name="hashEncoding" value="hex"/>

                                        <module-option name="appContextLocation" value="META-INF/acegi-simple.xml"/>

                                        <module-option name="key" value="required_key"/>

                                    </policy-module>

                                </authorization>

                            </security-domain>

             

            The CustomSpringSecurityModule extends the "AbstractServerLoginModule"

            • 3. Re: Wildfly 10.1.0 getting "anonymous" as principal name in EJB
              mchoma

              Could you try SASL_POLICY_NOPLAINTEXT=false

               

              Boolean value that enables or disables the use of plain text messages during the authentication. If using JAAS, it must be set to false to allow a plain text password.

              • 4. Re: Wildfly 10.1.0 getting "anonymous" as principal name in EJB
                asimkhalil

                Hi,

                 

                I have included the above mentioned property in jboss-ejb-client.properties

                 

                remote.connections=default

                remote.connection.default.port=8080

                remote.connection.default.host=127.0.0.1

                remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

                remote.connection.default.username=XXXX

                remote.connection.default.password=XXXX

                 

                Initial Context creation on client

                 

                Properties prop1 = new Properties();

                prop1.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                prop1.put(Context.INITIAL_CONTEXT_FACTORY, InitialContextFactory.class.getName());

                prop1.put(Context.PROVIDER_URL, "http-remoting://localhost:8080/");

                prop1.put(InitialContext.SECURITY_PRINCIPAL, "root");

                prop1.put(InitialContext.SECURITY_CREDENTIALS, "catch22*");

                prop1.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS","false");

                prop1.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT","false");

                prop1.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS","JBOSS-LOCAL-USER");

                 

                context = new InitialContext(prop1);

                 

                Application Realm

                 

                <security-realm name="ApplicationRealm">

                                <server-identities>

                                    <ssl>

                                        <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>

                                    </ssl>

                                </server-identities>

                                <authentication>

                                    <jaas name="acegi-simple"/>

                                </authentication>

                                <authorization>

                                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>

                                </authorization>

                            </security-realm>

                 

                Http-Connector

                 

                <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>

                 

                Included module in jboss-deployment-structure.xml

                 

                <module name="org.jboss.as.remoting"/>

                 

                I have also attached the standalone-full.xml file

                 

                After Above Changes now I am getting following exception

                 

                [java] javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:

                     [java]    PLAIN: Server rejected authentication

                     [java]     at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:114)

                     [java]     at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:389)

                     [java]     at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:241)

                     [java]     at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                     [java]     at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:198)

                     [java]     at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:112)

                     [java]     at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                     [java]     at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)

                     [java]     at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                     [java]     at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

                     [java]     at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)

                     [java]     at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)

                     [java]     at ...asynchronous invocation...(Unknown Source)

                     [java]     at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:294)

                     [java]     at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:430)

                     [java]     at org.jboss.ejb.client.remoting.EndpointPool$PooledEndpoint.connect(EndpointPool.java:192)

                     [java]     at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:153)

                     [java]     at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:133)

                     [java]     at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:78)

                     [java]     at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)

                     [java]     at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:161)

                     [java]     at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:118)

                     [java]     at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:47)

                     [java]     at org.jboss.ejb.client.EJBClientContext.getCurrent(EJBClientContext.java:281)

                     [java]     at org.jboss.ejb.client.EJBClientContext.requireCurrent(EJBClientContext.java:291)

                     [java]     at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:178)

                     [java]     at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)

                     [java]     at com.sun.proxy.$Proxy0.findContactByUsername(Unknown Source)

                     [java]     at com.os.sp.installer.BaseInstaller.administratorLogin(BaseInstaller.java:145)

                     [java]     at com.os.sp.installer.BaseInstaller.setup(BaseInstaller.java:127)

                     [java]     at com.os.sp.installer.BaseInstaller.run(BaseInstaller.java:81)

                     [java]     at com.os.sp.installer.nodes.CustomNodesInstaller.main(CustomNodesInstaller.java:24)

                     [java]     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                     [java]     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                     [java]     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                     [java]     at java.lang.reflect.Method.invoke(Method.java:498)

                     [java]     at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:218)

                     [java]     at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:153)

                     [java]     at org.apache.tools.ant.taskdefs.Java.run(Java.java:772)

                     [java]     at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:222)

                     [java]     at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:136)

                     [java]     at org.apache.tools.ant.taskdefs.Java.execute(Java.java:109)

                     [java]     at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:293)

                     [java]     at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

                     [java]     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                     [java]     at java.lang.reflect.Method.invoke(Method.java:498)

                     [java]     at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)

                     [java]     at org.apache.tools.ant.Task.perform(Task.java:348)

                     [java]     at org.apache.tools.ant.Target.execute(Target.java:435)

                     [java]     at org.apache.tools.ant.Target.performTasks(Target.java:456)

                     [java]     at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1405)

                     [java]     at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:38)

                     [java]     at org.apache.tools.ant.Project.executeTargets(Project.java:1260)

                     [java]     at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:441)

                     [java]     at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:293)

                     [java]     at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

                     [java]     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                     [java]     at java.lang.reflect.Method.invoke(Method.java:498)

                     [java]     at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)

                     [java]     at org.apache.tools.ant.Task.perform(Task.java:348)

                     [java]     at org.apache.tools.ant.Target.execute(Target.java:435)

                     [java]     at org.apache.tools.ant.Target.performTasks(Target.java:456)

                     [java]     at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1405)

                     [java]     at org.apache.tools.ant.Project.executeTarget(Project.java:1376)

                     [java]     at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)

                     [java]     at org.apache.tools.ant.Project.executeTargets(Project.java:1260)

                     [java]     at org.apache.tools.ant.Main.runBuild(Main.java:853)

                     [java]     at org.apache.tools.ant.Main.startAnt(Main.java:235)

                     [java]     at org.apache.tools.ant.launch.Launcher.run(Launcher.java:285)

                     [java]     at org.apache.tools.ant.launch.Launcher.main(Launcher.java:112)

                • 5. Re: Wildfly 10.1.0 getting "anonymous" as principal name in EJB
                  irfan.dogar

                  Please add following configuration in your custom login module:

                  <login-module code="org.jboss.security.ClientLoginModule" flag="required" > 

                  <module-option name="multi-threaded" value="true"/>

                  <module-option name="restore-login-identity" value="true"/>

                  </login-module>