10 Replies Latest reply on Dec 7, 2018 4:06 PM by reshmakoganti1

    JBOSS Remote EJB Authentication is failing with exception JBREM000308

    maheshpatil1987
    maheshpatil1987 Aug 27, 2018 4:43 AM

      Dear Team,

       

      Need help in resolving an error while setting up EJB remote call. We are migrating our application server from OC4J to Jboss EAP 7.1.

       

      I have set up a JAAS authentication correctly. it is working and downloading the client on remote server, EJB Bean is getting created but EJB invocation is failing from client.

      I am getting below error while accessing EJB. Need urgent help.

       

      Error:

      2018-08-27 10:22:24,890 INFO  org.wildfly.naming - WildFly Naming version 1.0.7.Final-redhat-1

      2018-08-27 10:22:25,015 INFO  org.wildfly.security - ELY00001: WildFly Elytron version 1.1.7.Final-redhat-1

      2018-08-27 10:22:25,026 INFO  org.jboss.ejb.client - EJBCLIENT000064: org.jboss.ejb.client.naming.ejb.ejbURLContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead

      2018-08-27 10:22:25,087 INFO  org.xnio - XNIO version 3.5.4.Final-redhat-1

      2018-08-27 10:22:25,093 INFO  org.xnio.nio - XNIO NIO Implementation Version 3.5.4.Final-redhat-1

      2018-08-27 10:22:25,221 DEBUG org.xnio.nio - Started channel thread 'XNIO-1 I/O-1', selector sun.nio.ch.KQueueSelectorImpl@7691c573

      2018-08-27 10:22:25,221 DEBUG org.xnio.nio - Started channel thread 'XNIO-1 Accept', selector sun.nio.ch.KQueueSelectorImpl@4af7f313

      2018-08-27 10:22:25,239 INFO  org.jboss.remoting - JBoss Remoting version 5.0.5.Final-redhat-1

      2018-08-27 10:22:25,272 INFO  org.jboss.ejb.client - JBoss EJB Client version 4.0.9.Final-redhat-1

      2018-08-27 10:22:25,328 DEBUG org.jboss.ejb.client.invocation - Calling invoke(module = msls_V17.1.000.002/admin/UCUserParameterBean, strong affinity = None, weak affinity = None):

      2018-08-27 10:22:25,735 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/common

      2018-08-27 10:22:25,736 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/msls_V17.1.000.002

      2018-08-27 10:22:25,736 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/damage

      2018-08-27 10:22:25,736 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module jsr-77/jsr-77

      2018-08-27 10:22:25,736 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/logos-web

      2018-08-27 10:22:25,737 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/framework-ejb

      2018-08-27 10:22:25,737 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/admin

      2018-08-27 10:22:25,737 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/billing

      2018-08-27 10:22:25,737 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/simulation

      2018-08-27 10:22:25,737 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/selfdispo

      2018-08-27 10:22:25,738 DEBUG org.jboss.ejb.client.invocation - Received MODULE_AVAILABLE(8) message for module msls_V17.1.000.002/masterdata

      2018-08-27 10:22:25,836 DEBUG org.jboss.ejb.client.invocation - Calling invoke(module = msls_V17.1.000.002/admin/UCUserParameterBean, strong affinity = None, weak affinity = None):

      2018-08-27 10:22:25,855 INFO  de.mgl.logos - OTHER..LogUtil.info:Bean: UCUserParameterBean sucessful created

      2018-08-27 10:22:25,856 DEBUG org.jboss.ejb.client.invocation - Calling invoke(module = msls_V17.1.000.002/admin/UCUserParameterBean, strong affinity = URI<http-remoting://localhost:8080>, weak affinity = None):

      2018-08-27 10:22:25,877 ERROR de.mgl.logos - OTHER..UCBDUserParameter.obtainUserParameter:Exception occured. Throwing FWBusinessProxyException.

      javax.ejb.NoSuchEJBException: EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for "msls_V17.1.000.002/admin/UCUserParameterBean", view is interface de.mgl.logos.admin.srv.uc.ejb.UCUserParameter, affinity is URI<http-remoting://localhost:8080>

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:567)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:503)

      at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:569)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:503)

      at org.jboss.ejb.client.TransactionPostDiscoveryInterceptor.handleInvocationResult(TransactionPostDiscoveryInterceptor.java:133)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:569)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:503)

      at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:108)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:569)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:503)

      at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:78)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:569)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:503)

      at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:172)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:569)

      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:503)

      at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:913)

      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:177)

      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:112)

      at com.sun.proxy.$Proxy4.getUserParameter(Unknown Source)

      at de.mgl.logos.admin.client.bd.UCBDUserParameter.obtainUserParameter(UCBDUserParameter.java:215)

      at de.mgl.logos.admin.client.bd.UCBDUserParameter.init(UCBDUserParameter.java:85)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

      at java.lang.reflect.Method.invoke(Method.java:498)

      at de.mgl.logos.fw.main.MainFrame.checkLogin(MainFrame.java:772)

      at de.mgl.logos.fw.main.MainFrame.logon(MainFrame.java:729)

      at de.mgl.logos.fw.main.MainFrame.jbInit(MainFrame.java:221)

      at de.mgl.logos.fw.main.MainFrame.<init>(MainFrame.java:171)

      at de.mgl.logos.fw.main.Main.<init>(Main.java:136)

      at de.mgl.logos.fw.main.Main.main(Main.java:234)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

      at java.lang.reflect.Method.invoke(Method.java:498)

      at com.sun.javaws.Launcher.executeApplication(Unknown Source)

      at com.sun.javaws.Launcher.executeMainClass(Unknown Source)

      at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)

      at com.sun.javaws.Launcher.run(Unknown Source)

      at java.lang.Thread.run(Thread.java:748)

      Suppressed: org.jboss.ejb.client.RequestSendFailedException

      at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:101)

      at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:74)

      at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215)

      at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720)

      at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)

      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

      ... 1 more

      Caused by: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left), tried: (none)

      at org.jboss.remoting3.ConnectionPeerIdentityContext.doAuthenticate(ConnectionPeerIdentityContext.java:368)

      at org.jboss.remoting3.ConnectionPeerIdentityContext.authenticate(ConnectionPeerIdentityContext.java:174)

      at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:505)

      at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:494)

      at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:208)

      at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720)

      at org.xnio.IoUtils$2.execute(IoUtils.java:71)

      at org.xnio.AbstractIoFuture.runNotifier(AbstractIoFuture.java:693)

      at org.xnio.AbstractIoFuture$CompleteState.withNotifier(AbstractIoFuture.java:132)

      at org.xnio.AbstractIoFuture.addNotifier(AbstractIoFuture.java:570)

      at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:494)

      at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433)

      at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51)

      at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122)

      at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.lambda$getConnection$2(RemoteEJBReceiver.java:185)

      at java.security.AccessController.doPrivileged(Native Method)

      at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.getConnection(RemoteEJBReceiver.java:185)

      at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.processInvocation(RemoteEJBReceiver.java:128)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:454)

      at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocation(RemotingEJBClientInterceptor.java:51)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:466)

      at org.jboss.ejb.client.TransactionPostDiscoveryInterceptor.handleInvocation(TransactionPostDiscoveryInterceptor.java:79)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:466)

      at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:94)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:466)

      at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:63)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:466)

      at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:165)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:466)

      at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:302)

      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:173)

      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:112)

      at com.sun.proxy.$Proxy4.getUserParameter(Unknown Source)

      at de.mgl.logos.admin.client.bd.UCBDUserParameter.obtainUserParameter(UCBDUserParameter.java:215)

      at de.mgl.logos.admin.client.bd.UCBDUserParameter.init(UCBDUserParameter.java:85)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

      at java.lang.reflect.Method.invoke(Method.java:498)

      at de.mgl.logos.fw.main.MainFrame.checkLogin(MainFrame.java:772)

      at de.mgl.logos.fw.main.MainFrame.logon(MainFrame.java:729)

      at de.mgl.logos.fw.main.MainFrame.jbInit(MainFrame.java:221)

      at de.mgl.logos.fw.main.MainFrame.<init>(MainFrame.java:171)

      at de.mgl.logos.fw.main.Main.<init>(Main.java:136)

      at de.mgl.logos.fw.main.Main.main(Main.java:234)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

      at java.lang.reflect.Method.invoke(Method.java:498)

      at com.sun.javaws.Launcher.executeApplication(Unknown Source)

      at com.sun.javaws.Launcher.executeMainClass(Unknown Source)

      at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)

      at com.sun.javaws.Launcher.run(Unknown Source)

      ... 1 more

        • 1. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
          mchoma
          mchoma Aug 28, 2018 1:36 AM (in response to maheshpatil1987)

          Interesting part is "tried: (none)" . So that mean for some reason client and server are not able to negotiate on common authentication mechanism. What is your expected mechanism? How is server (http-remoting://localhost:8080) secured? Do you specify username password on client?

           

          You can try to setup trace logging to reveal more.

          /subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL)

          /subsystem=logging/logger=org.jboss.security:add(level=ALL)

          /subsystem=logging/logger=org.jboss.as.security:add(level=ALL)

          /subsystem=logging/logger=org.picketbox:add(level=ALL)

          /subsystem=logging/logger=org.apache.catalina.authenticator:add(level=ALL)

          /subsystem=logging/logger=org.jboss.as.web.security:add(level=ALL)

          /subsystem=logging/logger=org.jboss.as.domain.management.security:add(level=ALL)

          /subsystem=logging/logger=org.wildfly.security:add(level=ALL)

          /subsystem=logging/logger=org.wildfly.elytron:add(level=ALL)

          # With Remoting

          /subsystem=logging/logger=org.jboss.sasl:add(level=ALL)

          /subsystem=logging/logger=org.jboss.as.ejb3:add(level=ALL)

          /subsystem=logging/logger=org.jboss.as.remoting:add(level=ALL)

          /subsystem=logging/logger=org.jboss.remoting3:add(level=ALL)

          /subsystem=logging/logger=org.jboss.remoting:add(level=ALL)

          /subsystem=logging/logger=org.jboss.naming.remote:add(level=ALL)

            • Actions
          • 2. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
            maheshpatil1987
            maheshpatil1987 Aug 28, 2018 8:51 AM (in response to mchoma)

            Hello Martin,

             

            I have added the required logger with level - ALL but no much useful logs are coming on server logs. Same above mentioned issue persist.

            We are using JAAS for authentication using DB approach. Here during EJB call it is using user details from application-user.properties.

            I do not know how we can specify server authentication mechanism for localhost:8080. Or how to secure the server.

            Can you please explain more on how I can configure it.

             

            Meanwhile:

            When I have added  exclude-local-receiver="true" property into my jboss-ejb-client.xml and it started giving no such ejb exception with affinity local during deployment startup.

            <jboss-ejb-client xmlns="urn:jboss:ejb-client:1.0">

                <client-context>

                    <ejb-receivers exclude-local-receiver="true">

                       <remoting-ejb-receiver outbound-connection-ref="remote-ejb-connection"/>

                    </ejb-receivers>

                </client-context>

            </jboss-ejb-client>

              • Actions
            • 3. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
              maheshpatil1987
              maheshpatil1987 Aug 28, 2018 9:14 AM (in response to mchoma)

              Hello Martin, mchoma

               

              I would like to give you my whole configuration.

              Standalone.xml:

               

              <security-realm name="MyAppRealm">

               

                 <server-identities>

                 <secret value="TWV0cm8yMDE4Lg=="/>

                 </server-identities>

                 <authentication>

                 <jaas name="myDomain"/>

                 </authentication>

                 </security-realm>

               

               

              <subsystem xmlns="urn:jboss:domain:remoting:4.0">

               

                 <endpoint auth-realm="MyAppRealm"/>

                 <http-connector name="http-remoting-connector" connector-ref="default" security-realm="MyAppRealm">

                 <properties>

                 <property name="SASL_POLICY_NOANONYMOUS" value="false"/>

                 <property name="SASL_POLICY_NOPLAINTEXT" value="false"/>

                 <property name="SSL_ENABLED" value="false"/>

                 <property name="SASL_DISALLOWED_MECHANISMS" value="JBOSS-LOCAL-USER"/>

                 </properties>

                 </http-connector>

                 <outbound-connections>

                 <remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb" username="Metro" security-realm="MyAppRealm" protocol="http-remoting">

                 <properties>

                 <property name="SASL_POLICY_NOANONYMOUS" value="false"/>

                 <property name="SSL_ENABLED" value="false"/>

                 <property name="SASL_POLICY_NOPLAINTEXT" value="false"/>

                 <property name="SASL_DISALLOWED_MECHANISMS" value="JBOSS-LOCAL-USER"/>

                 </properties>

                 </remote-outbound-connection>

                 </outbound-connections>

                 </subsystem>

               

              Security domain has default "other" domain definition also present in it.

               

               

              <security-domains>

               

                 <security-domain name="myDomain" cache-type="default">

                 <authentication>

                 <login-module code="Remoting" flag="optional">

                 <module-option name="password-stacking" value="useFirstPass"/>

                 </login-module>

                 <login-module code="de.mgl.logos.admin.srv.bl.MSLSLoginModule" flag="required" module="deployment.msls_V17.1.000.002.ear.admin.jar">

                 <module-option name="multi-threaded" value="true"/>

                 <module-option name="restore-login-identity" value="true"/>

                 </login-module>

                 </authentication>

                 </security-domain>

               

               

              <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

                 <outbound-socket-binding name="remote-ejb">

                 <remote-destination host="localhost" port="8080"/>

                 </outbound-socket-binding>

                 </socket-binding-group>

               

              <http-invoker security-realm="MyAppRealm"/>

               

              Jboss-ejb-client.properties :

               

              endpoint.name=client-endpoint

              remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

              remote.connections=default

              remote.connection.default.host=localhost

              remote.connection.default.port = 8080

              remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

              remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

              remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

              remote.cluster.ejb.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

              remote.cluster.ejb.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

              remote.connection.default.username=****

              remote.connection.default.password=****

               

              Created same above credentials in application user as well using add-user.sh utility.

                • Actions
              • 4. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
                maheshpatil1987
                maheshpatil1987 Aug 28, 2018 1:55 PM (in response to mchoma)

                Hello mchoma,

                 

                After enabling client log level to ALL: Below difference if found:

                 

                First time when EJB is called from client:

                2018-08-28 18:39:03,651 TRACE org.wildfly.security - getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[], AuthenticationConfiguration=[AuthenticationConfiguration:principal=simadmin,set-host=localhost,set-protocol=remote+http,sasl-protocol-name=remote,set-port=8080,credentials-present,providers-supplier=org.wildfly.security.util.ProviderUtil$1@2a247d73,sasl-mechanism-selector=(true) -((#FAMILY(IEC-ISO-9798)||OTP||NTLM||CRAM-MD5)) -JBOSS-LOCAL-USER,mechanism-properties={javax.security.sasl.policy.noanonymous=false, javax.security.sasl.policy.noplaintext=false, wildfly.sasl.local-user.quiet-auth=false}]

                 

                2nd time when ejb is called from server to server ? :

                2018-08-28 18:39:03,680 TRACE org.wildfly.security - getAuthenticationConfiguration uri=remote+http://0.0.0.0:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=0.0.0.0,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@2a247d73,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]

                 

                Here you can see the difference in the host and principal as well.

                 

                How can I change assure that the same principal is propagated 2nd time as well?

                  • Actions
                • 5. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
                  mchoma
                  mchoma Aug 28, 2018 3:33 PM (in response to maheshpatil1987)

                  So how is server to server ejb call performed? Seems remote-outbound-connection name="remote-ejb-connection" is not leveraged.

                   

                    • Actions
                  • 6. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
                    maheshpatil1987
                    maheshpatil1987 Aug 29, 2018 5:34 AM (in response to mchoma)

                    Hello mchoma,

                     

                    Thanks for your reply. I have added now wild-fly.xml with below configuration:

                     

                    It is now validating the request with principal="Metro". The same principal is getting propagated to EJB server side.

                    I want to propagate the principal which is entered into the login window (from user context) and not this hardcoded principal.

                    Can you please suggest a way?

                     

                    I have removed the wild-fly.xml file and the original exception JBREM000308 still persist.

                    I am using

                    java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory

                     

                    wild-fly.xml:

                    <configuration>

                        <authentication-client xmlns="urn:elytron:1.0">

                            <authentication-rules>

                                <rule use-configuration="default"/>

                            </authentication-rules>

                            <authentication-configurations>

                                <configuration name="default">

                                    <sasl-mechanism-selector selector="#ALL"/>

                                    <set-user-name name="Metro"/>

                                    <credentials>

                                        <clear-password password="Metro2018."/>

                                    </credentials>

                                </configuration>

                            </authentication-configurations>

                        </authentication-client>

                    </configuration>

                      • Actions
                    • 7. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
                      mchoma
                      mchoma Aug 29, 2018 5:44 AM (in response to maheshpatil1987)

                      Look at quickstart/ejb-security-context-propagation at master · wildfly/quickstart · GitHub

                       

                      This is Elytron example. I dont know how this can be achieved with legacy security (I guess with interceptors). Moving to Elytron is good step as legacy security will be removed sometime in future. In your case it will mean migrate custom login module de.mgl.logos.admin.srv.bl.MSLSLoginModule to Elytron (most probably you will need custom security realm, if standard Elytron security realms does not fit your needs)

                      1 of 1 people found this helpful
                        • Actions
                      • 8. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
                        maheshpatil1987
                        maheshpatil1987 Aug 29, 2018 10:25 AM (in response to mchoma)

                        Hello mchoma,

                         

                        Thanks a lot for your help.

                         

                        I have used the wildfly context factory:

                        org.wildfly.naming.client.WildFlyInitialContextFactory

                         

                        In legacy system below code does not propagate the principal in JBOSS EAP 7.1 or Wildfly servers.

                        env.put(Context.SECURITY_PRINCIPAL, UserContext.getInstance().getUsername());

                          env.put(Context.SECURITY_CREDENTIALS, UserContext.getInstance().getPassword());

                         

                        I have added below code and it is working fine. Issue has been resolved.

                         

                        AuthenticationConfiguration superUser = AuthenticationConfiguration.empty().setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism("PLAIN")).

                        useName(UserContext.getInstance().getUsername()).usePassword(UserContext.getInstance().getPassword());

                        final AuthenticationContext authCtx = AuthenticationContext.empty().with(MatchRule.ALL, superUser);

                        AuthenticationContext.getContextManager().setThreadDefault(authCtx);

                         

                        Thanks.

                          • Actions
                        • 9. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
                          mchoma
                          mchoma Aug 30, 2018 1:32 AM (in response to maheshpatil1987)

                          Glad to hear it works. After you migrate your app to EAP 7.1 I strongly encourage you to take a time and migrate your security to Elytron. You will have to do that sometime anyway as legacy security solution is deprecated now and will be removed in the future.

                          1 of 1 people found this helpful
                            • Actions
                          • 10. Re: JBOSS Remote EJB Authentication is failing with exception JBREM000308
                            reshmakoganti1
                            reshmakoganti1 Dec 7, 2018 4:06 PM (in response to maheshpatil1987)

                            Hello Mahesh,

                             

                            I have similar issue using wildfly11 . How to use the AuthenticationConfiguration in Struts2? Please let me know.

                              • Actions