1 2 Previous Next 15 Replies Latest reply on Oct 2, 2012 10:09 AM by Darran Lofthouse

    EAP 6 - EJB Remote Authentication with custom realm not working

    Bob Smith Newbie

      Hi, I am porting an app from 4.2 to EAP 6.  I am having trouble with remote ejb authentication.  When authentication is not used, the app works fine.  I have followed the examples in the links below and encountering the below errors.  All relavent code is below.  Please help!

       

      https://community.jboss.org/wiki/JBossAS7RemoteEJBAuthenticationHowto

      https://community.jboss.org/thread/195501?start=0&tstart=0

       

      Client error log:

       

      DEBUG [InitialContextFactory] Looking for jboss-naming-client.properties using classloader SystemClassLoader[112 modules]

      DEBUG [InitialContextFactory] jboss.naming.client.endpoint.create.options. has the following options {}

      DEBUG [InitialContextFactory] jboss.naming.client.remote.connectionprovider.create.options. has the following options {}

      INFO  [xnio] XNIO Version 3.0.4.GA-redhat-1

      INFO  [nio] XNIO NIO Implementation Version 3.0.4.GA-redhat-1

      INFO  [remoting] JBoss Remoting version 3.2.8.GA-redhat-1

      DEBUG [nio] Started channel thread 'Remoting "config-based-naming-client-endpoint" read-1', selector sun.nio.ch.WindowsSelectorImpl@748ede42

      DEBUG [nio] Started channel thread 'Remoting "config-based-naming-client-endpoint" write-1', selector sun.nio.ch.WindowsSelectorImpl@271d4c95

      DEBUG [InitialContextFactory] jboss.naming.client.connect.options. has the following options {}

      DEBUG [EJBClientPropertiesLoader] Looking for jboss-ejb-client.properties using classloader SystemClassLoader[112 modules]

      DEBUG [EJBClientPropertiesLoader] Found jboss-ejb-client.properties using classloader SystemClassLoader[112 modules]

      DEBUG [PropertiesBasedEJBClientConfiguration] endpoint.create.options. has the following options {}

      DEBUG [PropertiesBasedEJBClientConfiguration] remote.connectionprovider.create.options. has the following options {org.xnio.Options.SSL_ENABLED=>false}

      DEBUG [PropertiesBasedEJBClientConfiguration] remote.connection.default.connect.options. has the following options {org.xnio.Options.SASL_DISALLOWED_MECHANISMS=>[JBOSS-LOCAL-USER],org.xnio.Options.SASL_POLICY_NOPLAINTEXT=>false,org.xnio.Options.SASL_POLICY_NOANONYMOUS=>true}

      DEBUG [PropertiesBasedEJBClientConfiguration] remote.connection.default.channel.options. has the following options {}

      DEBUG [PropertiesBasedEJBClientConfiguration] Connection org.jboss.ejb.client.PropertiesBasedEJBClientConfiguration$RemotingConnectionConfigurationImpl@729bd2fb successfully created for connection named default

      DEBUG [PropertiesBasedEJBClientConfiguration] No clusters configured in properties

      DEBUG [nio] Started channel thread 'Remoting "client-endpoint" write-1', selector sun.nio.ch.WindowsSelectorImpl@7fef53b6

      DEBUG [nio] Started channel thread 'Remoting "client-endpoint" read-1', selector sun.nio.ch.WindowsSelectorImpl@7fef53b6

      ERROR [connection] JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

      WARN  [ConfigBasedEJBClientContextSelector] Could not register a EJB receiver for connection to localhost:4447

      java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

          at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)

          at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:76)

          at org.jboss.ejb.client.EJBClientContext.<clinit>(EJBClientContext.java:77)

          at org.jboss.naming.remote.client.ejb.RemoteNamingEjbClientContextSelector.setupSelector(RemoteNamingEjbClientContextSelector.java:28)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:601)

          at org.jboss.naming.remote.client.InitialContextFactory.setupEjbContext(InitialContextFactory.java:448)

          at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:145)

          at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

          at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)

          at javax.naming.InitialContext.init(InitialContext.java:242)

          at javax.naming.InitialContext.<init>(InitialContext.java:216)

          ....

      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315)

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

          at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.nio.NioHandle.run(NioHandle.java:90)

          at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)

          at ...asynchronous invocation...(Unknown Source)

          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)

          at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)

          at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)

          at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:117)

          ... 43 more

      DEBUG [ConfigBasedEJBClientContextSelector] Registered a reconnect handler in EJB client context org.jboss.ejb.client.EJBClientContext@7ca25509 for remote://localhost:4447

      DEBUG [ConfigBasedEJBClientContextSelector] Registered 0 remoting EJB receivers for EJB client context org.jboss.ejb.client.EJBClientContext@7ca25509

      DEBUG [RemotingConnectionEJBReceiver] Channel Channel ID dd5d308c (outbound) of Remoting connection 2125ac0e to localhost/127.0.0.1:4447 opened for context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]} Waiting for version handshake message from server

      INFO  [remoting] EJBCLIENT000017: Received server version 1 and marshalling strategies [river]

      INFO  [remoting] EJBCLIENT000013: Successful version handshake completed for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]} on channel Channel ID dd5d308c (outbound) of Remoting connection 2125ac0e to localhost/127.0.0.1:4447

      DEBUG [RemotingConnectionEJBReceiver] Received module availability report for 10 modules

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='', moduleName='sqljdbc4', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='MyApplicationEAR', moduleName='My-web-TravelPlanners', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='MyApplicationEAR', moduleName='My-web-ShortUrl', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='MyApplicationEAR', moduleName='MyApplication-ejb', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='MyApplicationEAR', moduleName='My-web', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='MyApplicationEAR', moduleName='MyApplicationEAR', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='jsr-77', moduleName='jsr-77', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='MyApplicationEAR', moduleName='MyMy-web', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='MyApplicationEAR', moduleName='SDR-web-Tracking', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      DEBUG [RemotingConnectionEJBReceiver] Registering module EJBModuleIdentifier{appName='MyApplicationEAR', moduleName='SDR-web-Mobile', distinctName=''} availability for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@76aa5058, receiver=Remoting connection EJB receiver [connection=Remoting connection <6c1e5086>,channel=jboss.ejb,nodename=mxl1111p2c]}

      WARN  [ChannelAssociation] Unsupported message received with header 0xffffffff

      DEBUG [EJBClientContext] org.jboss.ejb.client.RandomDeploymentNodeSelector@5e856a7a deployment node selector selected mxl1111p2c node for appname=MyApplicationEAR,modulename=MyApplication-ejb,distinctname=

       

      jboss-ejb-client.properties:

       

      remote.connection.default.callback.handler.class=net.My.client.util.jndi.EjbRemoteCallBackHandler

      remote.connections=default

      endpoint.name=client-endpoint

      remote.connection.default.port = 4447

      remote.connection.default.host=localhost

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true

      remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

       

      standalone-full-ha.xml:

       

                <security-realm name="MyRealm">

                      <authentication>

                          <jaas name="MyDomain" />

                      </authentication>

                  </security-realm>

       

                <security-domain name="MyDomain" cache-type="default">

                          <authentication>

                              <login-module code="Remoting" flag="optional">

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                  <module-option name="defaultUsersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                                  <module-option name="defaultRolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      MyEAR/META-INF/jboss-app.xml:

       

      <jboss-app>

          <security-domain>MyDomain</security-domain>

      </jboss-app>

       

      ServiceLocator.java

       

      private void createInitialContext(String username, char[] password)

                  throws IOException, LoginException, NamingException {

       

              EjbRemoteCallBackHandler.setCredential("web.rep", "12345");

             

              Hashtable jndiProps = new Hashtable<String, Object>();

              jndiProps.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

              jndiProps.put("java.naming.factory.initial","org.jboss.naming.remote.client.InitialContextFactory");

              jndiProps.put(InitialContext.PROVIDER_URL, "remote://localhost:4447");

       

               // This is an important property to set if you want to do EJB invocations via the remote-naming project

              jndiProps.put("jboss.naming.client.ejb.context", true);

             

              // needed for remote access

              jndiProps.put(Context.SECURITY_PRINCIPAL, "web.rep");

              jndiProps.put(Context.SECURITY_CREDENTIALS, "12345");

             

              ic = new InitialContext(jndiProps);

          }

        • 1. Re: EAP 6 - EJB Remote Authentication with custom realm not working
          Bob Smith Newbie

          Edit: this is the subsystem definition for the standalone-full-ha.xml above:

           

                    <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                      <connector name="remoting-connector" socket-binding="remoting" security-realm="MyRealm"/>

                    </subsystem>

          • 2. Re: EAP 6 - EJB Remote Authentication with custom realm not working
            Wolf-Dieter Fink Master

            Hi Bob,

             

            as you use EAP6 you should open a case in the customer portal.

            This is a known issue (JBPAPP-9506) and we provide a patch for it, if you have a subsription you are able to download it.

             

            regards

            Wolf

            • 3. Re: EAP 6 - EJB Remote Authentication with custom realm not working
              rodakr Novice

              ... you have to be carefull using comercial version name EAP 6  :-) on community forum :-)

              some peoples  will  strongly advice you to call redhat support,  even if they know the solution.

               

              You need this patch from redhat support portal ( EAP 6.0.0 ):

               

              [EAP6] UnsupportedCallbackException where security realm delegates to JAAS realm.

               

               

              https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=14083

               

              You need commercial subscription to get this.

              • 4. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                Bob Smith Newbie

                Thanks, I have applied the patch and still get the same error as listed above.  In the server log I have not seen an UnsupportedCallbackException, or any exceptions:

                 

                 

                12:21:42,677 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Accepted connection from /127.0.0.1:53928 to 127.0.0.1/127.0.0.1:4447

                12:21:42,677 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Accepted connection from /127.0.0.1:53928 to 127.0.0.1/127.0.0.1:4447

                12:21:42,677 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@d77e6dc

                12:21:42,677 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@d77e6dc

                12:21:42,677 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=12 lim=12 cap=8192] (direct)

                12:21:42,677 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=12 lim=12 cap=8192] (direct)

                12:21:42,677 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                12:21:42,677 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                12:21:42,689 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capabilities request

                12:21:42,689 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capabilities request

                12:21:42,689 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: version 1

                12:21:42,689 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: version 1

                12:21:42,689 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: remote endpoint name "config-based-naming-client-endpoint"

                12:21:42,689 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: remote endpoint name "config-based-naming-client-endpoint"

                12:21:42,690 TRACE [org.jboss.modules] (Remoting "mxl1111p2c" read-1) Attempting to find all resources META-INF/services/javax.security.sasl.SaslServerFactory in Module "org.jboss.remoting3:main" from local module loader @5562fb33 (roots: C:\Java\jboss-eap-6.0\modules)

                12:21:42,690 TRACE [org.jboss.modules] (Remoting "mxl1111p2c" read-1) Attempting to find all resources META-INF/services/javax.security.sasl.SaslServerFactory in Module "org.jboss.remoting3:main" from local module loader @5562fb33 (roots: C:\Java\jboss-eap-6.0\modules)

                12:21:42,690 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) No EXTERNAL mechanism due to explicit exclusion

                12:21:42,690 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) No EXTERNAL mechanism due to explicit exclusion

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.localuser.LocalUserServerFactory@79d60776

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.localuser.LocalUserServerFactory@79d60776

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism JBOSS-LOCAL-USER because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism JBOSS-LOCAL-USER because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.digest.DigestMD5ServerFactory@52841277

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.digest.DigestMD5ServerFactory@52841277

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.plain.PlainServerFactory@5cd86cf3

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.plain.PlainServerFactory@5cd86cf3

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Added mechanism PLAIN

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Added mechanism PLAIN

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.anonymous.AnonymousServerFactory@4d8f524

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.anonymous.AnonymousServerFactory@4d8f524

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.ntlm.FactoryImpl@3fc610f8

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.ntlm.FactoryImpl@3fc610f8

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism NTLM because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism NTLM because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.digest.FactoryImpl@64842a7d

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.digest.FactoryImpl@64842a7d

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.ServerFactoryImpl@2101a819

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.ServerFactoryImpl@2101a819

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism CRAM-MD5 because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism CRAM-MD5 because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.gsskerb.FactoryImpl@73c3123c

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.gsskerb.FactoryImpl@73c3123c

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism GSSAPI because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism GSSAPI because it is not in the allowed list

                12:21:42,691 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=23 lim=23 cap=8192] (direct)

                12:21:42,691 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=23 lim=23 cap=8192] (direct)

                12:21:42,691 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                12:21:42,691 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                12:21:42,748 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Received connection end-of-stream

                12:21:42,748 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Received connection end-of-stream

                • 5. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                  rodakr Novice

                  you are mixing a little bit different solution together...

                   

                  comment out this line:

                   

                  //remote.connection.default.callback.handler.class=net.My.client.util.jndi.EjbRemoteCallBackHandler

                   

                  and it should work.

                  • 6. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                    Bob Smith Newbie

                    I commented out the indicated line, rebuilt and still can't connect.  I'm really at my wits end here, are there any other files I should be looking at?

                     

                    jboss-ejb-client.properties:

                     

                    #remote.connection.default.callback.handler.class=net.silpada.client.util.jndi.EjbRemoteCallBackHandler

                    remote.connections=default

                    endpoint.name=client-endpoint

                    remote.connection.default.port = 4447

                    remote.connection.default.host=localhost

                    remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true

                    remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

                    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

                     

                    Client:

                     

                    DEBUG [InitialContextFactory] Looking for jboss-naming-client.properties using classloader SystemClassLoader[112 modules]

                    DEBUG [InitialContextFactory] jboss.naming.client.endpoint.create.options. has the following options {}

                    DEBUG [InitialContextFactory] jboss.naming.client.remote.connectionprovider.create.options. has the following options {}

                    INFO  [xnio] XNIO Version 3.0.4.GA-redhat-1

                    INFO  [nio] XNIO NIO Implementation Version 3.0.4.GA-redhat-1

                    INFO  [remoting] JBoss Remoting version 3.2.8.GA-redhat-1

                    DEBUG [nio] Started channel thread 'Remoting "config-based-naming-client-endpoint" read-1', selector sun.nio.ch.WindowsSelectorImpl@58206cab

                    DEBUG [nio] Started channel thread 'Remoting "config-based-naming-client-endpoint" write-1', selector sun.nio.ch.WindowsSelectorImpl@55d3e052

                    DEBUG [InitialContextFactory] jboss.naming.client.connect.options. has the following options {}

                    ERROR [connection] JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                    ERROR [BeanManager] cannot connect

                    net.my.client.util.jndi.ServiceLocatorException: cannot connect

                        at net.my.client.util.jndi.ServiceLocator.<init>(ServiceLocator.java:41)

                        at net.my.client.util.jndi.ServiceLocator.getInstance(ServiceLocator.java:49)

                        at net.my.client.util.facade.BeanManager.getCompanyBean(BeanManager.java:274)

                        at net.my.client.util.company.CompanyController.findAllCompanies(CompanyController.java:35)

                        at net.my.client.util.company.CompanyComboBox.<init>(CompanyComboBox.java:49)

                        at net.my.client.util.company.CompanyComboBox.<init>(CompanyComboBox.java:38)

                        at net.my.client.security.login.LoginPanel.<init>(LoginPanel.java:37)

                        at net.my.client.security.login.Installer.authenticate(Installer.java:61)

                        at net.my.client.security.login.Installer.restored(Installer.java:35)

                        at org.netbeans.core.startup.NbInstaller.loadCode(NbInstaller.java:469)

                        at org.netbeans.core.startup.NbInstaller.loadImpl(NbInstaller.java:392)

                        at org.netbeans.core.startup.NbInstaller.access$000(NbInstaller.java:103)

                        at org.netbeans.core.startup.NbInstaller$1.run(NbInstaller.java:344)

                        at org.openide.filesystems.FileUtil$2.run(FileUtil.java:619)

                        at org.openide.filesystems.EventControl.runAtomicAction(EventControl.java:127)

                        at org.openide.filesystems.FileSystem.runAtomicAction(FileSystem.java:607)

                        at org.openide.filesystems.FileUtil.runAtomicAction(FileUtil.java:603)

                        at org.openide.filesystems.FileUtil.runAtomicAction(FileUtil.java:623)

                        at org.netbeans.core.startup.NbInstaller.load(NbInstaller.java:341)

                        at org.netbeans.ModuleManager.enable(ModuleManager.java:1177)

                        at org.netbeans.ModuleManager.enable(ModuleManager.java:1000)

                        at org.netbeans.core.startup.ModuleList.installNew(ModuleList.java:340)

                        at org.netbeans.core.startup.ModuleList.trigger(ModuleList.java:276)

                        at org.netbeans.core.startup.ModuleSystem.restore(ModuleSystem.java:296)

                        at org.netbeans.core.startup.Main.getModuleSystem(Main.java:169)

                        at org.netbeans.core.startup.Main.start(Main.java:305)

                        at org.netbeans.core.startup.TopThreadGroup.run(TopThreadGroup.java:123)

                        at java.lang.Thread.run(Thread.java:722)

                     

                    Server log:

                     

                    14:30:41,959 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Accepted connection from /127.0.0.1:51777 to 127.0.0.1/127.0.0.1:4447

                    14:30:41,959 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Accepted connection from /127.0.0.1:51777 to 127.0.0.1/127.0.0.1:4447

                    14:30:41,959 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@67eca180

                    14:30:41,959 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@67eca180

                    14:30:41,959 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=12 lim=12 cap=8192] (direct)

                    14:30:41,959 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=12 lim=12 cap=8192] (direct)

                    14:30:41,960 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                    14:30:41,960 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                    14:30:41,960 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capabilities request

                    14:30:41,960 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capabilities request

                    14:30:41,960 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: version 1

                    14:30:41,960 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: version 1

                    14:30:41,960 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: remote endpoint name "config-based-naming-client-endpoint"

                    14:30:41,960 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: remote endpoint name "config-based-naming-client-endpoint"

                    14:30:41,960 TRACE [org.jboss.modules] (Remoting "mxl1111p2c" read-1) Attempting to find all resources META-INF/services/javax.security.sasl.SaslServerFactory in Module "org.jboss.remoting3:main" from local module loader @18a91155 (roots: C:\Java\jboss-eap-6.0\modules)

                    14:30:41,960 TRACE [org.jboss.modules] (Remoting "mxl1111p2c" read-1) Attempting to find all resources META-INF/services/javax.security.sasl.SaslServerFactory in Module "org.jboss.remoting3:main" from local module loader @18a91155 (roots: C:\Java\jboss-eap-6.0\modules)

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) No EXTERNAL mechanism due to explicit exclusion

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) No EXTERNAL mechanism due to explicit exclusion

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.localuser.LocalUserServerFactory@38eb6ab

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.localuser.LocalUserServerFactory@38eb6ab

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism JBOSS-LOCAL-USER because it is not in the allowed list

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism JBOSS-LOCAL-USER because it is not in the allowed list

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.digest.DigestMD5ServerFactory@e7a9660

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.digest.DigestMD5ServerFactory@e7a9660

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.plain.PlainServerFactory@1226800d

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.plain.PlainServerFactory@1226800d

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Added mechanism PLAIN

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Added mechanism PLAIN

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.anonymous.AnonymousServerFactory@1da0deca

                    14:30:41,961 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory org.jboss.sasl.anonymous.AnonymousServerFactory@1da0deca

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.ntlm.FactoryImpl@2c82aef8

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.ntlm.FactoryImpl@2c82aef8

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism NTLM because it is not in the allowed list

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism NTLM because it is not in the allowed list

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.digest.FactoryImpl@37ad329c

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.digest.FactoryImpl@37ad329c

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.ServerFactoryImpl@4bd5bc52

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.ServerFactoryImpl@4bd5bc52

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism CRAM-MD5 because it is not in the allowed list

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism CRAM-MD5 because it is not in the allowed list

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.gsskerb.FactoryImpl@3d3ed263

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Trying SASL server factory com.sun.security.sasl.gsskerb.FactoryImpl@3d3ed263

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism GSSAPI because it is not in the allowed list

                    14:30:41,962 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Excluding mechanism GSSAPI because it is not in the allowed list

                    14:30:41,962 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=23 lim=23 cap=8192] (direct)

                    14:30:41,962 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=23 lim=23 cap=8192] (direct)

                    14:30:41,962 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                    14:30:41,962 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                    14:30:41,968 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Received connection end-of-stream

                    14:30:41,968 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Received connection end-of-stream

                    • 7. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                      Wolf-Dieter Fink Master

                      I don't see that you add the credentials at client side.

                      remote.connection.default.username=

                      remote.connection.default.password=

                      • 8. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                        Bob Smith Newbie

                        Hi,  The login is set in the ServiceLocator.java in my first message above:

                         

                        jndiProps.put(Context.SECURITY_PRINCIPAL, "web.rep");

                        jndiProps.put(Context.SECURITY_CREDENTIALS, "12345");

                        • 9. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                          Wolf-Dieter Fink Master

                          That is only possible if you use the remote-naming, see here.

                           

                          If you use jboss-ejb-client.properties you have to add it to this property file, see here

                           

                          Do not mix them, it will be confusing

                          • 10. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                            Bob Smith Newbie

                            Thanks, I've read both those links 10 times each. They are not much help. I need to programmitcally set the login.  How do I do that?  I would think programmatically setting the login credentials would be the use case for 95% of remote ejb clients.  Can you clearly define how to do that? I will ultimately be using an LdapLoginModule if that makes any difference.

                             

                            Edit; to clarify, as stated above, I was following the example here:  https://community.jboss.org/wiki/JBossAS7RemoteEJBAuthenticationHowto and had the original problem.

                             

                            Edit 2: I guess my question is, I am trying to use remote-naming, should I have the jboss-ejb-client.properties at all?  When you say I'm mixing the two, what is remote-naming and what is jndi and how am I mixing them?

                            • 11. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                              Bob Smith Newbie

                              Ok so according to this https://docs.jboss.org/author/display/AS71/Deployment+Descriptors+used+In+AS7.1 jboss-ejb-client.xml is only for server to server remote ejb invocation.  BUT these two links both have it, and it's wrong:

                               

                              http://middlewaremagic.com/jboss/?p=2176

                              https://community.jboss.org/wiki/JBossAS7RemoteEJBAuthenticationHowto

                               

                              Now I have this configuration and the same error:

                               

                              standalone-full-ha.xml:

                               

                                        <security-realm name="MyRealm">

                                              <authentication>

                                                  <jaas name="MyDomain" />

                                              </authentication>

                                        </security-realm>

                               

                                        <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                                          <connector name="remoting-connector" socket-binding="remoting" security-realm="MyRealm"/>

                                        </subsystem>

                               

                                        <security-domain name="MyDomain" cache-type="default">

                                                  <authentication>

                                                      <login-module code="Remoting" flag="optional">

                                                          <module-option name="password-stacking" value="useFirstPass"/>

                                                      </login-module>

                                                      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                                                          <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                                          <module-option name="defaultUsersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                                                          <module-option name="defaultRolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                                          <module-option name="password-stacking" value="useFirstPass"/>

                                                      </login-module>

                                                  </authentication>

                                              </security-domain>

                               

                               

                              MyEAR/META-INF/jboss-app.xml:

                               

                              <jboss-app>

                                  <security-domain>MyDomain</security-domain>

                              </jboss-app>

                               

                               

                              ServiceLocator.java

                               

                               

                              private void createInitialContext(String username, char[] password)

                                          throws IOException, LoginException, NamingException {

                               

                                      EjbRemoteCallBackHandler.setCredential("web.rep", "12345");

                                    

                                      Hashtable jndiProps = new Hashtable<String, Object>();

                                      jndiProps.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                                      jndiProps.put("java.naming.factory.initial","org.jboss.naming.remote.client.InitialContextFactory");

                                      jndiProps.put(InitialContext.PROVIDER_URL, "remote://localhost:4447");

                               

                                       // This is an important property to set if you want to do EJB invocations via the remote-naming project

                                      jndiProps.put("jboss.naming.client.ejb.context", true);

                                

                                      // needed for remote access

                                      jndiProps.put(Context.SECURITY_PRINCIPAL, "web.rep");

                                      jndiProps.put(Context.SECURITY_CREDENTIALS, "12345");

                                    

                                      ic = new InitialContext(jndiProps);

                              }

                              • 12. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                                Bob Smith Newbie

                                I added:

                                 

                                private void createInitialContext(String username, char[] password)

                                            throws IOException, LoginException, NamingException {

                                 

                                        EjbRemoteCallBackHandler.setCredential("web.rep", "12345");

                                      

                                        Hashtable jndiProps = new Hashtable<String, Object>();

                                        jndiProps.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                                        jndiProps.put("java.naming.factory.initial","org.jboss.naming.remote.client.InitialContextFactory");

                                        jndiProps.put(InitialContext.PROVIDER_URL, "remote://localhost:4447");

                                 

                                         // This is an important property to set if you want to do EJB invocations via the remote-naming project

                                        jndiProps.put("jboss.naming.client.ejb.context", true);

                                       jndiProps.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");

                                 

                                        // needed for remote access

                                        jndiProps.put(Context.SECURITY_PRINCIPAL, "web.rep");

                                        jndiProps.put(Context.SECURITY_CREDENTIALS, "12345");

                                      

                                        ic = new InitialContext(jndiProps);

                                }

                                 

                                 

                                and now I get this on the server:

                                 

                                09:42:57,803 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" task-1) Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

                                09:42:57,803 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" task-1) Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

                                09:42:57,805 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" task-1) Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)

                                09:42:57,805 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" task-1) Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)

                                09:42:57,805 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" task-1) Flushed channel (direct)

                                09:42:57,805 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" task-1) Flushed channel (direct)

                                09:42:57,805 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capabilities request

                                09:42:57,805 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capabilities request

                                09:42:57,805 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: version 1

                                09:42:57,805 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: version 1

                                09:42:57,805 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: remote endpoint name "config-based-naming-client-endpoint"

                                09:42:57,805 TRACE [org.jboss.remoting.remote.server] (Remoting "mxl1111p2c" read-1) Server received capability: remote endpoint name "config-based-naming-client-endpoint"

                                09:42:57,806 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=23 lim=23 cap=8192] (direct)

                                09:42:57,806 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Sent message java.nio.HeapByteBuffer[pos=23 lim=23 cap=8192] (direct)

                                09:42:57,806 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                                09:42:57,806 TRACE [org.jboss.remoting.remote.connection] (Remoting "mxl1111p2c" read-1) Flushed channel (direct)

                                09:42:57,806 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Received connection end-of-stream

                                09:42:57,806 TRACE [org.jboss.remoting.remote] (Remoting "mxl1111p2c" read-1) Received connection end-of-stream

                                 

                                So where do I add the call back handler?

                                • 13. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                                  rodakr Novice

                                  you say programatically, so let say use only "remote naming" variant:

                                   

                                  https://docs.jboss.org/author/display/AS71/Remote+EJB+invocations+via+JNDI+-+EJB+client+API+or+remote-naming+project

                                   

                                          Hashtable jndiProps = new Hashtable<String, Object>();

                                         jndiProps.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                                     jndiProps.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

                                        jndiProps.put(InitialContext.PROVIDER_URL, "remote://localhost:4447");

                                         jndiProps.put("jboss.naming.client.ejb.context", true);

                                      jndiProps.put(Context.SECURITY_CREDENTIALS, "12345");      
                                       jndiProps.put(Context.SECURITY_PRINCIPAL, "web.rep");

                                   

                                  remove  jboss-ejb-client.properties

                                   

                                  Make shure username password  is correct.

                                   

                                  If you want to use JAAS CallbackHandler , this is not yet suporrted with eap 6.0.0

                                  • 14. Re: EAP 6 - EJB Remote Authentication with custom realm not working
                                    Bob Smith Newbie

                                    Thanks all, the ultimate issue was:

                                     

                                    In my security domain, org.jboss.security.auth.spi.UsersRolesLoginModule expects passwords in application-users.properties to be in plaintext.  When I replaced the hashed password with unhashed, things started working.

                                     

                                    I imagine everyone gets tired of seeing these threads all the time.  There really needs to be better documentatin for Authentication of Remote EJB calls, all the docs and exampse are not authenticated.

                                    1 2 Previous Next