4 Replies Latest reply on Feb 22, 2013 5:12 AM by amodeog

    custom login module; remote ejb; problem: Authentication failed: all available authentication mechanisms failed

    john_k

      Hi,

       

      i have some problems to set up a custom serverloginmodule for jboss as7 (tried with 7.1.0 and 7.1.1) any help would be appriciated.

      I am still new to jboss and jboss as7 so maybe i try to tackle my problem with the wrong tools or i miss just some things i need to know to do it properly.

      So maybe someone could point me to the correct direction

       

      What i want to achieve:

      • i want to access a secured remote ejb via a "normal" java client
      • before i access the bean i want to be authenticated via jaas via the jboss with a custom ServerLoginModule
        • call org.jboss.security.ClientLoginModule via LoginContext

       

       

      jboss{
                    org.jboss.security.ClientLoginModule required
                     ;
            };
      

       

       

      String contextName = "jboss"
      Subject subject = new Subject(false, new HashSet<Principal>(),
                      new HashSet<String>(), new HashSet<String>());
      LoginContext loginContext = new LoginContext(contextName,
                              subject);
      loginContext.login();
      

       

      • if the login succeeds i want to create the initial context and access the bean

      code

      Properties jndiProperties = new Properties();
      jndiProperties.put(Context.URL_PKG_PREFIXES,
                      "org.jboss.ejb.client.naming");
      jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY,
                      org.jboss.naming.remote.client.InitialContextFactory.class
                              .getName());
      jndiProperties.put(Context.PROVIDER_URL, "remote://localhost:4447");
      jndiProperties.put("jboss.naming.client.ejb.context", true);
      jndiProperties
                      .put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",
                              "false");
      jndiProperties.put(Context.SECURITY_PRINCIPAL, "user");
      jndiProperties.put(Context.SECURITY_CREDENTIALS, "pass");// pass");
      Context context =context = new InitialContext(jndiProperties);
      
      

       

      jboss-ejb-client.properties

      endpoint.name=client-endpoint
      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
      remote.connections=default
      remote.connection.default.host=localhost
      remote.connection.default.port = 4447
      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
      

       

      • on the server side a implementation of AbstractServerLoginModule should be called
        • i putted my implementation in a jar and tried to add it to a jboss module.
        • i tried two ways
        • both with the same result
      • my server config looks like this:

       

       

       

      <security-realm name="ApplicationRealm">
                      <authentication>
                          <properties relative-to="jboss.server.config.dir" path="${jboss.server.config.dir}/application-users.properties"/>
                      </authentication>
                  </security-realm>
      
                   <security-realm name="MyAppRealm">
                      <authentication>
                          <jaas name="myAppJaas"/> 
                      </authentication>
                  </security-realm>
      
           <security-domains>
                  <security-domain name="myAppJaas" cache-type="default">
                      <authentication>
                          <login-module code="sampleApp.jboss.login.AuthLoginModule"
                              flag="required">
                              <module-option name="debug" value="true" />
                          </login-module>
                      </authentication>
                  </security-domain>
               </security-domains>
      
            <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                  <connector name="remoting-connector" socket-binding="remoting" security-realm="MyAppRealm"/>
              </subsystem>
      

       

      What i get at the moment:

       

      • i removed the part where i try to login via jaas upfront figured out that it does not make any diffrence in my sample
      • it seems that my loginmodule(server) doesent get called (sampleApp.jboss.login.AuthLoginModule)

       

       

      the only output i get on server side:

       

      14:04:07,946 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "client" task-3) Begin getAppConfigurationEntry(myAppJaas), size=1
      14:04:07,952 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "client" task-3) End getAppConfigurationEntry(myAppJaas), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: sampleApp.jboss.login.AuthLoginModule
      ControlFlag: Anmeldemodul-Steuerflag: required
      Options:
      name=debug, value=true
      

      client output:

       

      Mai 22, 2012 2:04:07 PM org.xnio.Xnio <clinit>
      INFO: XNIO Version 3.0.3.GA
      Mai 22, 2012 2:04:07 PM org.xnio.nio.NioXnio <clinit>
      INFO: XNIO NIO Implementation Version 3.0.3.GA
      Mai 22, 2012 2:04:07 PM org.jboss.remoting3.EndpointImpl <clinit>
      INFO: JBoss Remoting version 3.2.2.GA
      Mai 22, 2012 2:04:07 PM org.jboss.remoting3.remote.RemoteConnection handleException
      ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
      javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
          at org.jboss.naming.remote.client.ClientUtil.namingException(ClientUtil.java:36)
          at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:117)
          at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
          at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
          at javax.naming.InitialContext.init(InitialContext.java:242)
          at javax.naming.InitialContext.<init>(InitialContext.java:216)
          at Main.main(Main.java:37)
      Caused by: java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
          at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87)
          at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:42)
          at org.jboss.naming.remote.client.InitialContextFactory.createConnection(InitialContextFactory.java:153)
          at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateConnection(InitialContextFactory.java:126)
          at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:106)
          ... 5 more
      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315)
          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)
          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
          at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
          at org.xnio.nio.NioHandle.run(NioHandle.java:90)
          at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
          at ...asynchronous invocation...(Unknown Source)
          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)
          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)
          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)
          at org.jboss.naming.remote.client.cache.EndpointCache$EndpointWrapper.connect(EndpointCache.java:110)
          at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:41)
          ... 8 more
      

      Problems:

      • the login module doesent get called --> leads to the sasl exception i assume.. (javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed)
      • how to get more useful debug/trace output from the security module

       

      Thank you for your time ... any help would be appreciated.. and sorry for my bad english i hope you could get my point anyways