1 2 3 Previous Next 37 Replies Latest reply on Jan 20, 2014 7:59 AM by shivjan0610

    remote ejb client username is encrypted at the server(JBOSS7.1 Final)

    ganeshment

      we are using remote EJB JNDI based units tests to test the code and we are evaluating JBOSS7.1 CR1. With JBOSS7.1 CR1, username sent from the remote ejb client is encrypted at the server, database query using the encrypted username is returning no passwords and login is failing. We are stuck with this problem to continue evaluation of JBOSS7.1 CR1 release. Can you please suggest how to fix this issue.

       

      I have referred the following links to get the relevant information but unsuccessful

       

      https://issues.jboss.org/browse/AS7-2942

       

      https://issues.jboss.org/browse/AS7-2999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

       

      https://issues.jboss.org/browse/AS7-3002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

       

      Server Exception :

       

      18:54:39,652 ERROR [org.jboss.remoting.remote] (Remoting "machine1" read-1) JBREM000200: Remote connection failed: java.io.IOException: An existing connection was forcibly closed by the remote host
      18:57:45,423 DEBUG [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@10d0fc9
      18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) Begin isValid, principal:a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
      18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) defaultLogin, principal=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
      18:57:45,423 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (pool-9-thread-2) Begin getAppConfigurationEntry(iS3Login), size=4
      18:57:45,423 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (pool-9-thread-2) End getAppConfigurationEntry(iS3Login), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
      ControlFlag: LoginModuleControlFlag: sufficient
      Options:
      name=hashAlgorithm, value=SHA-256
      name=principalsQuery, value=select password from sessionuser where name=?
      name=hashEncoding, value=base64
      name=dsJndiName, value=java:/jdbc/exampleds
      name=rolesQuery, value=select role, 'Roles' from sessionrole where name=?
      [1]
      LoginModule Class: org.jboss.security.auth.spi.LdapLoginModule
      ControlFlag: LoginModuleControlFlag: sufficient
      Options:
      name=java.naming.provider.url, value=ldap://ldap.xxx.xxx.com:123/
      name=principalDNSuffix, value=,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com
      name=principalDNPrefix, value=CN=

      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) initialize
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Security domain: iS3Login
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Password hashing activated: algorithm = SHA-256, encoding = base64, charset = {default}, callback = null, storeCallback = null
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) DatabaseServerLoginModule, dsJndiName=java:/jdbc/exampleds

      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) principalsQuery=select password from sessionuser where name=?
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) rolesQuery=select role, 'Roles' from sessionrole where name=?
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) suspendResume=true
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) login
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) suspendAnyTransaction
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Excuting query: select password from sessionuser where name=?, with username: a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) Query returned no matches from db
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) resumeAnyTransaction
      18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) initialize
      18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Security domain: iS3Login
      18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) login
      18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Logging into LDAP server, env={java.naming.provider.url=ldap://ldap.xxx.xxx.com:123/, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, jboss.security.security_domain=iS3Login, principalDNPrefix=CN=, principalDNSuffix=,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com, java.naming.security.authentication=simple, java.naming.security.principal=CN=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com, java.naming.security.credentials=***}
      18:57:45,423 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Bad password for username=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
      18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (pool-9-thread-2) abort
      18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) abort
      18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) Login failure: javax.security.auth.login.FailedLoginException: PB00019: Processing Failed:No matching username found in Principals
      at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:186) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:248) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
      at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source) [:1.6.0_29]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_29]
      at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_29]
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [:1.6.0_29]
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_29]
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_29]
      at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_29]
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_29]
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:402) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.proceedWithJaasLogin(JaasSecurityManagerBase.java:341) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:329) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:207) [picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
      at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:267) [jboss-as-security-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:234) [jboss-as-security-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
      at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
      at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
      at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
      at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
      at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
      at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:283) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:61) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:191) [jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_29]
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_29]
      at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_29]
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_29]
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_29]
      at java.lang.Thread.run(Thread.java:662) [:1.6.0_29]
      at org.jboss.threads.JBossThread.run(JBossThread.java:122)

      18:57:45,439 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login] (pool-9-thread-2) End isValid, false
      18:57:45,439 ERROR [org.jboss.ejb3.invocation] (pool-9-thread-2) JBAS014134: EJB Invocation failed on component SessionBean for method public abstract java.security.Principal demo.SessionBeanInterface.getPrincipal(): javax.ejb.EJBAccessException: Invalid User
      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54)
      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45)
      at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
      at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
      at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:283)
      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:61)
      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:191)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_29]
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_29]
      at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_29]
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_29]
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_29]
      at java.lang.Thread.run(Thread.java:662) [:1.6.0_29]
      at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.0.0.GA.jar:2.0.0.GA]

        • 1. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
          ganeshment

          With JBOSS7.1 Final version also Iam getting encrypted username at the server and database login is failing.

           

          standalone.xml file contents :

           

          <security-realm name="ApplicationRealm">
                          <authentication>
                              <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                          </authentication>
                      </security-realm>

           

          <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                      <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm">
                          <sasl>
                              <policy>
                                  <no-anonymous value="true"/>
                                  <no-plain-text value="false"/>
                                  <pass-credentials value="true"/>
                              </policy>
                          </sasl>
                      </connector>
                  </subsystem>

           

          <security-domain name="MYLogin" cache-type="default">
                              <authentication>
                                  <login-module code="Remoting" flag="optional">
                                      <module-option name="password-stacking" value="useFirstPass"/>
                                  </login-module>
                                  <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="sufficient">
                                      <module-option name="dsJndiName" value="java:/jdbc/example"/>
                                      <module-option name="principalsQuery" value="select password from sessionuser where name=?"/>
                                      <module-option name="rolesQuery" value="select role, 'Roles' from sessionrole where name=?"/>
                                      <module-option name="hashAlgorithm" value="SHA-256"/>
                                      <module-option name="hashEncoding" value="base64"/>
                                  </login-module>
                              </authentication>
                          </security-domain>

          ...

           

          EJB is using Security Domain annotation

          @SecurityDomain

          (value = "MYLogin")

           

          Can you please suggest how to configure standalone.xml for remote ejb authentication to work properly using database login module.

          • 2. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
            dlofthouse

            Don't worry about the SASL options, they are selected automatically based on the capabilities of the authentication mechanism you choose.

             

            What you will need to do is reference the JAAS domain from the realm, an example of this is here: -

             

             

             <security-realm name="ManagementRealm">
             <authentication>
             <jaas name="darrans-domain" />
             </authentication>
             </security-realm>
            
            • 3. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
              apparaonali

              I am also facing the user name encrypted issue.

              I tried with the above suggestion, still it failed to login due to encrypted vaule of Principal/user.

              I enabled trace and verified the Principal/user value it is always encrypted value and different for run to run.

               

              I added below lines as per your suggestion:

              ================================

              <security-realm name="ManagementRealm">
              <authentication>
              <jaas name="AppuLogin" />
              </authentication>
              </security-realm>

               

              I also added below lines as remote socket binding referring to "ApplicationRealm <subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/> </subsystem>"

               

              security-realm name="ApplicationRealm">
                              <authentication>
                                  <jaas name="iS3Login"/>
                              </authentication>
                          </security-realm>

               

              Here is server side trace, I underlined the principal value:

               

              8:35:26,010 DEBUG [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@cfed14
              08:35:26,010 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) Begin isValid, principal:f048cdad-baf6-4aef-8591-186a7414350f
              08:35:26,010 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) defaultLogin, principal=f048cdad-baf6-4aef-8591-186a7414350f
              08:35:26,010 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (EJB default - 1) Begin getAppConfigurationEntry(AppuLogin), size=3
              08:35:26,026 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (EJB default - 1) End getAppConfigurationEntry(AppuLogin), authInfo=AppConfigurationEntry[]:
              [0]
              LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
              ControlFlag: LoginModuleControlFlag: sufficient
              Options:
              name=hashAlgorithm, value=SHA-256
              name=principalsQuery, value=select password from sessionuser where name=?
              name=hashEncoding, value=base64
              name=dsJndiName, value=java:/jdbc/AppuDS
              name=rolesQuery, value=select role, 'Roles' from sessionrole where name=?

              08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) initialize
              08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Security domain: AppuLogin
              08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Password hashing activated: algorithm = SHA-256, encoding = base64, charset = {default}, callback = null, storeCallback = null
              08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) DatabaseServerLoginModule, dsJndiName=java:/jdbc/AppuDS
              08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) principalsQuery=select password from sessionuser where name=?
              08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) rolesQuery=select role, 'Roles' from sessionrole where name=?
              08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) suspendResume=true
              08:35:26,026 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) login
              08:35:26,041 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) suspendAnyTransaction
              08:35:26,041 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Excuting query: select password from sessionuser where name=?, with username: f048cdad-baf6-4aef-8591-186a7414350f
              08:35:26,072 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) Query returned no matches from db
              08:35:26,072 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) resumeAnyTransaction
              08:35:26,072 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (EJB default - 1) abort
              08:35:26,072 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.AppuLogin] (EJB default - 1) Login failure: javax.security.auth.login.FailedLoginException: PB00019: Processing Failed:No matching username found in Principals
              at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:186) [picketbox-4.0.6.final.jar:4.0.6.final]
              at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:248) [picketbox-4.0.6.final.jar:4.0.6.final]

              • 4. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                dlofthouse

                The username and password are not encrypted, they are random values as the values from the client connection are not arriving at the server.

                 

                What call are you making to the server at the time this is logged?

                • 5. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                  dlofthouse

                  Also where is your client located?  Looking at your log I think the local authentication mechanism could be getting selected which would explain why there is no username or password propagated to the login module.

                  • 6. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                    apparaonali

                    Thanks for your quick reply.

                     

                    When my test sesion bean trying to get the principal from the EJBContext, it is throwing the above error. Please find the detais of my test below.

                     

                    TestBean:

                    =======

                     

                     

                     

                     

                    @Stateless

                    @SecurityDomain(value = "AppuLogin")

                    public class SessionBean implements

                    SessionBeanInterface {

                         @Resource private EJBContext context;

                              Principal pp =  context.getCallerPrincipal();

                         @Override

                         public String getPrincipal() {

                              System.out.println(pp.toString());

                     

                     

                              return (String) (context.getCallerPrincipal().getName());

                         }

                     

                     

                     

                     

                     

                    }

                     

                    Standalone Remote Client code:

                    =========================

                    public class RemoteEJBClient {
                       
                        private static final String USER_LOGIN_NAME = "admin";
                        private static final String USER_PASSWORD = "admin";
                       
                        static {
                            Security.addProvider(new JBossSaslProvider());
                        }

                       
                        public static final String AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
                       
                        public static final String AUTH_CONF = "/auth.conf";

                        public static void main(String[] args) throws Exception {
                           
                            if (System.getProperties().getProperty(RemoteEJBClient.AUTH_LOGIN_CONFIG) == null) {
                                URL url = RemoteEJBClient.class.getClass().getResource(RemoteEJBClient.AUTH_CONF);
                                if (url != null) {
                                    System.getProperties().setProperty(RemoteEJBClient.AUTH_LOGIN_CONFIG, url.toString());
                                }
                            }
                           

                            AppCallbackHandler callbackHandler = new AppCallbackHandler(USER_LOGIN_NAME, USER_PASSWORD.toCharArray());
                            LoginContext loginContext = new LoginContext("logincontextname", callbackHandler);
                            loginContext.login();

                           
                            final Hashtable jndiProperties = new Hashtable();
                            jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
                            final Context context = new InitialContext(jndiProperties);


                            invokeStatelessBean(context);
                        }

                        private static void invokeStatelessBean(Context context) throws NamingException, LoginException {

                            final SessionBeanInterface statelessSessionBeanInterface = lookupRemoteStatelessCalculator(context);
                            System.out.println("Obtained a remote stateless SessionBeanInterface for invocation");
                            try {
                                final String principal = statelessSessionBeanInterface.getPrincipal();
                                System.out.println("EJB principal " + statelessSessionBeanInterface.getPrincipal());
                            } catch (RuntimeException e) {
                                e.printStackTrace();
                            }
                        }


                        private static SessionBeanInterface lookupRemoteStatelessCalculator(Context context) throws NamingException, LoginException {

                           

                            final String appName = "TestEAR";
                            final String moduleName = "TestEJB";
                            final String distinctName = "";
                            final String beanName = "SessionBean";
                            final String viewClassName = SessionBeanInterface.class.getName();
                            System.out.println("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);

                            return (SessionBeanInterface) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName
                                    + "!" + viewClassName);
                        }

                    }

                     

                    Client ejb properties:

                    ===============

                     

                     

                     

                     

                     

                     

                     

                    remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                     

                    remote.connections=default

                     

                    remote.connection.default.host=

                    localhost

                     

                    remote.connection.default.port = 4447

                    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                     

                    remote.connection.two.host=

                    localhost

                     

                    remote.connection.two.port = 4447

                    remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                     

                    aut.conf:

                    ======

                    logincontextname

                    {

                    org.jboss.security.ClientLoginModule required

                    ;

                    };

                    • 7. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                      dlofthouse

                      Can you try the following client properties: -

                       

                      remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

                      remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

                       

                      I believe from the message you show that the client and server are running local to each other so the authentication is ocurring silently and locally, these properties first allow for the username and password to be sent to the server and secondly will allow the password to be passed plain text to the server which is required to pass it to JAAS.

                      • 8. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                        apparaonali

                        I added these properties, still I am geting these exceptions.

                         

                        Client side I obsrsed the below warning related to new property

                         

                        WARN: Invalid option 'org.xnio.Options..SASL_DISALLOWED_MECHANISMS' in property 'remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS':

                        java.lang.IllegalArgumentException : Class 'org.xnio.Options.' not found

                         

                        Thanks for your quck replies.

                         

                        Here is file ejb client properties I used to run the test:

                        =======================================

                        remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=

                        remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                        remote.connections=default

                        remote.connection.default.host=localhost

                        remote.connection.default.port = 4447

                        remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                        remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

                        remote.connection.two.host=localhost

                        remote.connection.two.port = 4447

                        remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                        remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

                        • 9. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                          jw

                          Remove the .. in the property:

                           

                          remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS

                           

                          should be

                           

                          remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS

                           

                          But I still have the same problem you have

                          • 10. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                            jaikiran

                            Darran Lofthouse wrote:

                             

                            Can you try the following client properties: -

                             

                            remote.connection.default.connect.options.org.xnio.Options..SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

                            remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

                             

                            There are a couple of typos in there. What Darran meant was:

                             

                            remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

                            remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

                             

                            (Notice the connection name is "default" and not "two").

                            • 11. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                              jw

                               

                              auth.conf:


                               

                               

                               

                              logincontextname

                              {

                               

                               

                              org.jboss.security.ClientLoginModule required

                              ;

                              };

                               

                               

                               

                               

                               

                              Is this supported again? I thought this JAAS module is not compatible anymore (as of 7.1.0.Cr1)

                              • 12. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                                dlofthouse

                                jw - that is a new question so I would suggest starting a new thread - but no that module is not currently supported.

                                • 13. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                                  dlofthouse

                                  jw - can you also please describe your environment?

                                  • 14. Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
                                    jw

                                    Darran Lofthouse schrieb:

                                     

                                    jw - that is a new question so I would suggest starting a new thread - but no that module is not currently supported.

                                    your're right. Just saw this in apparaonali's example. Thouht it could be a hint.

                                    1 2 3 Previous Next