3 Replies Latest reply on Feb 2, 2012 2:32 AM by jw

    Remote EJB authentication via SecurityClient.setSimple

    Eugene Nikolaev Newbie

      Hi guys!

      I've got some troubles while migrating to AS7 (7.1.0.CR1b "Flux Capacitor") from AS6.

       

      Before, I used SecurityClient's setSimple(login, password) method to perform simple authentication to some remote EJBs.

      Now, this is not working. There are no any exception when I'm calling SecurityClient's login method - only "Invalid user" exception when I'm invoking a method of a remote EJB.

       

      Is there any way to make SecurityClient work in AS7 the same way as in AS6?

        • 1. Re: Remote EJB authentication via SecurityClient.setSimple
          jw Newbie

          Same problem here. Using JAAS on remote client.

           

          Remote Client Code:

           

          {code}      

                      loginContext = new LoginContext("client-login", new UsernamePasswordHandler(username, password.getBytes()));

           

                      loginContext.login();

                      service = ... // get the remote service

                      service.doSomething();

          {code}

           

          Remote Client auth.conf:

           

          {code}

          client-login {

             org.jboss.security.ClientLoginModule required;

          }

          {code}

           

           

          jboss-app.xml in ear:

           

          {code}

          <jboss-app>

            <security-domain>my-security-domain</security-domain>

          </jboss-app>

          {code}

           

          AS7 standalone configuration file:

           

          {code}

                  <subsystem xmlns="urn:jboss:domain:security:1.1">

                      <security-domains>

                          <security-domain name="my-security-domain" cache-type="default">

                              <authentication>

                                  <login-module code="Database" flag="required">

                                      <module-option name="dsJndiName" value="...."/>

                                      <module-option name="principalsQuery" value="...."/>

                                      <module-option name="rolesQuery" value="...."/>

                                      <module-option name="hashAlgorithm" value="SHA"/>

                                      <module-option name="hashEncoding" value="BASE64"/>

                                  </login-module>

                              </authentication>

                          </security-domain>

                      </security-domains>

                  </subsystem>

          {code}

           

           

          Exception in the server log

           

          {code}

          ....throws javax.ejb.EJBAccessException: javax.ejb.EJBAccessException: Invalid User

                  at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54) [jboss-as-ejb

          3-7.1.0.CR1b.jar:7.1.0.CR1b]

                  at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb

          3-7.1.0.CR1b.jar:7.1.0.CR1b]

                  at java.security.AccessController.doPrivileged(Native Method) [:1.7.0_02]

                  at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [

          jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]

                  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja

          r:1.1.1.Final]

                  at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)

          [jboss-as-ee-7.1.0.CR1b.jar:7.1.0.CR1b]

                  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja

          r:1.1.1.Final]

                  at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.CR1b.

          jar:7.1.0.CR1b]

                  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja

          r:1.1.1.Final]

                  at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57) [jb

          oss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]

                  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja

          r:1.1.1.Final]

                  at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1

          .Final.jar:1.1.1.Final]

                  at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.CR1b.jar:7.1.0.CR1

          b]

                  at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMess

          ageHandler.java:283) [jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]

                  at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessag

          eHandler.java:61) [jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]

                  at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHand

          ler.java:191) [jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]

                  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.7.0_02]

                  at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.7.0_02]

                  at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.7.0_02]

                  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.7.0_02]

                  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.7.0_02]

                  at java.lang.Thread.run(Thread.java:722) [:1.7.0_02]

                  at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.0.0.GA.jar:2.0.0.GA]

          {code}

           

          Any ideas?

          • 2. Re: Remote EJB authentication via SecurityClient.setSimple
            Darran Lofthouse Master

            This is not currently possible, the ClientLoginModule is not compatible with the SASL mechanism used to negotiate the connection in AS7 - theoretically it could be made compatible so feel free to raise a feature request in Jira.

            • 3. Re: Remote EJB authentication via SecurityClient.setSimple
              jw Newbie

              So what's the recommended way to do remote client SASL login? Tried class org.jboss.security.client.JBossSecurityClient, but get this error on 7.1.0.CR1b:

               

               

              {code}

              java.lang.RuntimeException: PB00002: Not Yet Implemented:Not Implemented

                        at org.jboss.security.client.JBossSecurityClient.peformSASLLogin(JBossSecurityClient.java:59)

                        at org.jboss.security.client.SecurityClient.login(SecurityClient.java:72)

              {code}