11 Replies Latest reply on Jun 19, 2012 4:20 AM by jaikiran pai

    EJB Authentication fails in 7.1.2, works on 7.1.1

    Anssi Hagman Newbie

      Hi!

       

      We have problems to authenticate our standalone client ejb call against JBoss 7.1.2. Same mechanism works on JBoss 7.1.1. We are using custom login module

       

      <security-domain name="our-domain" cache-type="default">

                          <authentication>

                              <login-module code="Database" flag="required" module="deployment.Some.ear.SomeEJBs.jar">

                                  <module-option name="dsJndiName" value="java:/jdbc/databaseDS"/>

                                  <module-option name="principalsQuery" value="SELECT password FROM employee WHERE attribute = ?"/>

                                  <module-option name="ignorePasswordCase" value="true"/>

                                  <module-option name="hashAlgorithm" value="MD5"/>

                                  <module-option name="hashEncoding" value="hex"/>

                                  <module-option name="principalClass" value="com.company.auth.User"/>

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

       

       

       

      We are creating EJBClientConfiguration  from properties file

       

       

      public static void setUpEJBClientContext(String ejbHostsString, String username, String password) {
      
              List<EJBHost> ejbHosts = parseHosts(ejbHostsString);
              final Properties clientProps = 
                  buildClientProperties(username, password, ejbHosts);
              final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(clientProps);
              LOG.debug("ejbClientConfiguration done");
              final ContextSelector<EJBClientContext> ejbClientContextSelector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);
              LOG.debug("ejbClientContextSelector done");
              final ContextSelector<EJBClientContext> previousSelector = EJBClientContext.setSelector(ejbClientContextSelector);
              LOG.debug("previousSelector done");
          }
      
      private static Properties buildClientProperties(String username, String password, List<EJBHost> hosts) {
                       final Properties clientConfigProps = new Properties();
                       clientConfigProps.put("endpoint.name", "client-endpoint");
                       clientConfigProps.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");
      
                     List<String> connectionNames = new ArrayList<String>(hosts.size());
                      int counter = 0;
                       for (EJBHost ejbHost : hosts) {
                            String connectionName = CONNECTION_NAME_PREFIX + counter++; 
                            connectionNames.add(connectionName); 
                           String propertyPrefix = "remote.connection."+ connectionName; 
                           clientConfigProps.put(propertyPrefix +".host", ejbHost.getHost());
                           clientConfigProps.put(propertyPrefix +".port", ejbHost.getPort());
                           clientConfigProps.put(propertyPrefix +".connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");
                           clientConfigProps.put(propertyPrefix +".connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");
                          clientConfigProps.put(propertyPrefix +".username", username);
                          clientConfigProps.put(propertyPrefix +".password", password);              
              }
      
              clientConfigProps.put("remote.connections", StringUtils.join(connectionNames.iterator(), ",")); 
              return clientConfigProps;
      
          }
      

       

       

      There can be more than one host but this time there is only one used. I did try jboss-ejb-client.properties file I came up with same error as with dynamically created properties-file.

       

      I have set org.jboss.security to logging level TRACE but nothing comes to server log.

       

      Client log:

       

      06-01@14:37:25 DEBUG (          ?:?)    - setUpEJBClientContext

      ejbHostsString=localhost:4447

      06-01@14:37:25 DEBUG (          ?:?)    - Host: localhost, port: 4447

      06-01@14:37:25 DEBUG (          ?:?)    - Validate done

      06-01@14:37:25 DEBUG (          ?:?)    - Properties building starting

      06-01@14:37:25 DEBUG (          ?:?)    - Properties building done

      06-01@14:37:25 DEBUG (          ?:?)    - clientProps

      {remote.connection.connection_0.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false,

      endpoint.name=client-endpoint,

      remote.connection.connection_0.host=localhost,

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false,

      remote.connection.connection_0.username=TTM,

      remote.connection.connection_0.port=4447,

      remote.connection.connection_0.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER,

      remote.connections=connection_0,

      remote.connection.connection_0.password=ttmm2keh}

      06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:230)

             - endpoint.create.options. has the following options {}

      06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:230)

             - remote.connectionprovider.create.options. has the following options

      {org.xnio.Options.SSL_ENABLED=>false}

      06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:230)

             - remote.connection.connection_0.connect.options. has the following

      options {org.xnio.Options.SASL_POLICY_NOANONYMOUS=>false,org.xnio.Options.SASL_DISALLOWED_MECHANISMS=>[JBOSS-LOCAL-USER]}

      06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:230)

             - remote.connection.connection_0.channel.options. has the following

      options {}

      06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:464)

             - Connection org.jboss.ejb.client.PropertiesBasedEJBClientConfiguration$RemotingConnectionConfigurationImpl@465ff916

      successfully created for connection named connection_0

      06-01@14:37:25 DEBUG (PropertiesBasedEJBClientConfiguration.java:283)

             - No clusters configured in properties

      06-01@14:37:25 DEBUG (          ?:?)    - ejbClientConfiguration done

      06-01@14:37:25 DEBUG (WorkerThread.java:88)     - Started channel thread

      'Remoting "client-endpoint" read-1', selector

      sun.nio.ch.KQueueSelectorImpl@269be2b5

      06-01@14:37:25 DEBUG (WorkerThread.java:88)     - Started channel thread

      'Remoting "client-endpoint" write-1', selector

      sun.nio.ch.KQueueSelectorImpl@d896a4c

      06-01@14:37:25 ERROR (RemoteConnection.java:99)         - JBREM000200: Remote

      connection failed: javax.security.sasl.SaslException: Authentication

      failed: all available authentication mechanisms failed

      06-01@14:37:25 WARN  (ConfigBasedEJBClientContextSelector.java:131)     -

      Could not register a EJB receiver for connection to localhost:4447

       

      java.lang.RuntimeException: javax.security.sasl.SaslException:

      Authentication failed: all available authentication mechanisms failed

             at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

             at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)

             at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:76)

             at fi.soft.util.EJBClientUtil.setUpEJBClientContext(Unknown Source)

       

      **** SNIP ***

       

      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

          at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.nio.NioHandle.run(NioHandle.java:90)

          at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)

          at ...asynchronous invocation...(Unknown Source)

          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)

          at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)

          at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)

          at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:117)

          ... 53 more

      06-01@13:24:49 DEBUG (ConfigBasedEJBClientContextSelector.java:135)     - Registered a reconnect handler in EJB client context org.jboss.ejb.client.EJBClientContext@181b7c76 for remote://localhost:4447

      06-01@13:24:49 DEBUG (ConfigBasedEJBClientContextSelector.java:140)     - Registered 0 remoting EJB receivers for EJB client context org.jboss.ejb.client.EJBClientContext@181b7c76

      06-01@13:24:49 DEBUG (WorkerThread.java:88)     - Started channel thread 'Remoting "client-endpoint" read-1', selector sun.nio.ch.KQueueSelectorImpl@317cfd38

      06-01@13:24:49 DEBUG (WorkerThread.java:88)     - Started channel thread 'Remoting "client-endpoint" write-1', selector sun.nio.ch.KQueueSelectorImpl@49aacd5f

      06-01@13:24:49 ERROR (RemoteConnection.java:99)     - JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

       

       

      However if I use jboss-ejb-client.jar from 7.1.1 with my standlone app authentication is done against security-domain domain and after that user is in cache

       

      14:18:54,650 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-3) Begin isValid, principal:USER, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@4689ad

      14:18:54,650 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-3) Begin validateCache, info=org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@4689ad;credential.class=java.lang.String@21680077

      14:18:54,650 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-3) End validateCache, isValid=true

      14:18:54,651 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-3) End isValid, true

      14:18:54,855 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-4) Begin isValid, principal:USER, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@4689ad

      14:18:54,855 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-4) Begin validateCache, info=org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@4689ad;credential.class=java.lang.String@21680077

      14:18:54,855 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-4) End validateCache, isValid=true

      14:18:54,855 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "zoo-kuo-24" task-4) End isValid, true

      14:18:55,484 DEBUG [org.jboss.jca.core.connectionmanager.pool.idle.IdleRemover] (IdleRemover) Notifying pools, interval: 30000

       

      Client still logs same error as with jboss-ejb-client.jar from 7.1.2.

       

       

      Good ideas where to start looking for a solution to the problem?