0 Replies Latest reply on May 5, 2012 2:38 AM by Vadim Rank

    JBoss AS 7 remote standalone client auth

    Vadim Rank Newbie

      Hi, I have a some problem with JAAS Auth on JBoss 7.

       

      I have a some ear deployed on JBoss AS7 with jboss-app.xml

       

       

      <jboss-app xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             version="7.0" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee ">
      <security-domain>FooDomain</security-domain>

       

       

      In standalone.xml I have

       

       

      <security-realm name="ApplicationRealm">
         <authentication>
             <jaas name="FooDomain"/>
         </authentication>
      </security-realm>
      ...
      <security-domain name="FooDomain" cache-type="default">
      <authentication>
          <login-module code="Remoting" flag="optional">
              <module-option name="password-stacking" value="useFirstPass"/>
          </login-module>
          <login-module code="Database" flag="required">
              <module-option name="dsJndiName" value="java:/MyDS"/>
              <module-option name="principalsQuery" value="select password from users where user_id=?"/>
              <module-option name="rolesQuery" value="select role, 'Roles' from roles where user_id=?"/>
              <module-option name="password-stacking" value="useFirstPass"/>
          </login-module>
      </authentication>
      </security-domain>

       

       

      I can  lookup some ejb from standalone client and authentication is successful when I use code like this:

       

       

      final Hashtable<Object, Object> p = new Hashtable<Object, Object>();
      p.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
      p.put(Context.SECURITY_PRINCIPAL, username);
      p.put(Context.SECURITY_CREDENTIALS, password);
      p.put("jboss.naming.client.ejb.context", true);
      p.put(Context.PROVIDER_URL, "remote://10.10.1.18:4447");
      p.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
      p.put(Context.INITIAL_CONTEXT_FACTORY, org.jboss.naming.remote.client.InitialContextFactory.class.getName());
      context = new InitialContext(p);

       

       

      The problem is that if I provide wrong credentials, I see in debug console

       

       

      javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

       

       

      but I can't catch it.

      Server logs (not important parts cutted):

       

       

      TRACE [DatabaseServerLoginModule] initialize
      TRACE [DatabaseServerLoginModule] Security domain: FooDomain
      TRACE [DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/MyDS
      TRACE [DatabaseServerLoginModule] principalsQuery=select password from users where user_id=?
      TRACE [DatabaseServerLoginModule] rolesQuery=select role, 'Roles' from roles where user_id=?
      TRACE [DatabaseServerLoginModule] suspendResume=true
      TRACE [DatabaseServerLoginModule] login
      TRACE [DatabaseServerLoginModule] suspendAnyTransaction
      TRACE [DatabaseServerLoginModule] Excuting query: select password from users where user_id=?, with username: test
      TRACE [DatabaseServerLoginModule] Obtained user password
      TRACE [DatabaseServerLoginModule] resumeAnyTransaction
      DEBUG [DatabaseServerLoginModule] Bad password for username=test
      TRACE [DatabaseServerLoginModule] abort

       

       

      When I try to use LoginContext just nothing happens on server. Configuration

       

       

      public class DefaultJassConfiguration extends Configuration {
      @Override
      public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
          Map options = new HashMap();
          options.put("debug", true);
          AppConfigurationEntry[] entries = {
                  new AppConfigurationEntry("org.jboss.security.ClientLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)
          };
          return entries;
      }

       

       

      Test

       

      Configuration.setConfiguration(new DefaultJassConfiguration());
      try {
              LoginContext lc = new LoginContext("FooDomain", new UsernamePasswordHandler("test", "test".toCharArray()));
              lc.login();
              System.out.println(lc.getSubject());
          } catch (LoginException e) {
              e.printStackTrace();
          }
      }
      


      Perhaps LoginContext don't know server address? I try to add

       

       

      System.setProperty("java.naming.provider.url", "remote://10.10.1.18:4447");

       

      but with no effect.

       

      How to make LoginContext work? Or how to catch SaslException? I consider to make some dummy bean with method always returned true and call it after login, but it looks ugly.

      P.S. I'm sorry for my English (It makes me a bit shy)