4 Replies Latest reply on Nov 30, 2012 3:05 PM by brunothebear

    Remote EJB/JMS JBoss AS 7.1.1 problem

    brunothebear Newbie

      Hello,

      Past couple of weeks ive been trying to migrate project from JBoss 4.2.2GA to JBoss 7 AS. Everything went pretty much fine till i hit the remoting part on which I've stuck for a quite time now.

       

      In JBoss 4.2.2 project uses custom login module to authenticate remote calls.

      The promblem is that i have trouble to get the username/password to the server so the user can eb authenticated.

      Ive somewhat sorted otu the EJB invocation and i do it like this.

       

      standalone.xml

       <security-realms>
               ...
                  <security-realm name="TESTRealm">
                      <authentication>
                          <jaas name="testdomain"/>
                      </authentication>
                  </security-realm>
              </security-realms>
      
      ....
              <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                  <connector name="remoting-connector" socket-binding="remoting" security-realm="TESTRealm"/>
              </subsystem>
      
       <subsystem xmlns="urn:jboss:domain:security:1.1">
                  <security-domains>
                      <security-domain name="other">
                          <authentication>
                              <login-module code="UsersRoles" flag="required"/>
                          </authentication>
                      </security-domain>
                      <security-domain name="jboss-web-policy">
                          <authorization>
                              <policy-module code="Delegating" flag="required"/>
                          </authorization>
                      </security-domain>
                      <security-domain name="jboss-ejb-policy">
                          <authorization>
                              <policy-module code="Delegating" flag="required"/>
                          </authorization>
                      </security-domain>
                      <security-domain name="testdomain">
                          <authentication>
                              <login-module code="com.test.proj.CustomLoginModule" flag="required">
                                  <module-option name="password-stacking" value="useFirstPass"/>
                                  <module-option name="hashAlgorithm" value="MD5"/>
                                  <module-option name="hashEncoding" value="hex"/>
                                  <module-option name="ignorePasswordCase" value="true"/>
                              </login-module>
                          </authentication>
                      </security-domain>
                  </security-domains>
              </subsystem>
      

       

      Client part:

       

                      Hashtable< String, Object>props = new Hashtable< String, Object>();
                      props.put("jboss.naming.client.ejb.context", true);
                      props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
                      final String firstPassword = new String(password);
                      org.jboss.as.naming.InitialContext  ctx = new org.jboss.as.naming.InitialContext(); 
                      Properties jbossProperties = new Properties();
                      jbossProperties.load(EjbSupportImpl.class.getResourceAsStream("/jboss-ejb-client.properties"));
                      jbossProperties.put("remote.connection.default.username", name);
                      jbossProperties.put("remote.connection.default.password", firstPassword);
      
      
                      final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(jbossProperties);
                      final ContextSelector<EJBClientContext> ejbClientContextSelector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);
                      EJBClientContext.setSelector(ejbClientContextSelector);
                      final String jndiName = "ejb:ear/ejb-module/TestBean!com.test.proj.TestBean?stateful";
                      final Object o = ctx.lookup(jndiName);
                     TestBean test= (TestBean) o;
                      test.testMethod();
      
      

       

      jboss-ejb-client-properties:

       

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
      remote.connections=default
      remote.connection.default.host=localhost
      remote.connection.default.port=4447
      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
      remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
      

       

      With all the above everything works fine, the part that bothers me is this

       

                      org.jboss.as.naming.InitialContext  ctx = new org.jboss.as.naming.InitialContext(); 
      

      if i use javax.naming.InitialContext instead of JBoss

      i get

       

      javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
                at org.jboss.naming.remote.client.ClientUtil.namingException(ClientUtil.java:36)
                at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:121)
                at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
                at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
                at javax.naming.InitialContext.init(InitialContext.java:223)
                at javax.naming.InitialContext.<init>(InitialContext.java:197)
                at com.test.proj.communication.LoginClass.newInitialContext(LoginClass.java:162)
                at com.test.proj.communication.LoginClass.authenticate(LoginClass.java:243)
                at com.test.proj.communication.LoginClass.login(LoginClass.java:179)
                at com.test.proj.communication.LoginClass.getInstance(EjbSupportImpl.java:64)
                at com.test.proj.Application.<init>(Application.java:35)
                at com.test.proj.Application.getInstance(Application.java:59)
                at com.test.proj.TESTClient.main(TESTClient.java:51)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:597)
                at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
      Caused by: java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
                at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87)
                at org.jboss.naming.remote.client.NamingStoreCache.getRemoteNamingStore(NamingStoreCache.java:56)
                at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateCachedNamingStore(InitialContextFactory.java:166)
                at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateNamingStore(InitialContextFactory.java:139)
                at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:104)
                ... 16 more
      
      

      no errors on serverside.

       

      Anyways im ok with using method above for EJBs but then the problem comes with remote JMS where i cant acquire the connection factory i require from server via JNDI

       

      Connection factory in standalone.xml

       

                          <connection-factory name="RemoteConnectionFactory">
                              <connectors>
                                  <connector-ref connector-name="netty"/>
                              </connectors>
                              <entries>
                                  <entry name="RemoteConnectionFactory"/>
                                  <entry name="java:jboss/exported/jms/RemoteConnectionFactory"/>
                              </entries>
                          </connection-factory>
      
      

       

      and the way i trie to look it up

       

                      Hashtable<String, Object> env = new Hashtable<String, Object>();
                  env.put(Context.INITIAL_CONTEXT_FACTORY,"org.jboss.naming.remote.client.InitialContextFactory");
                  env.put(Context.PROVIDER_URL, System.getProperty(Context.PROVIDER_URL,"remote://localhost:4447"));
                  env.put(Context.SECURITY_PRINCIPAL, "test");
                  env.put(Context.SECURITY_CREDENTIALS, "123456");
                  InitialContext ctx = new InitialContext(env);
                  String connectionFactoryString = "jms/RemoteConnectionFactory";
                  ConnectionFactoryconnectionFactory = (ConnectionFactory) ctx.lookup(connectionFactoryString);
      

       

      In which case im getting exception like the one above

       

      javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
      

       

      Can anyone help me figure out how to properly get the ConnectionFactories/queues etc.. via remote JDNI?

        • 1. Re: Remote EJB/JMS JBoss AS 7.1.1 problem
          Nicklas Karlsson Master

          Never done a lookup like that but I've seen port 5445 mentioned in the context of a netty connector(?)

          • 2. Re: Remote EJB/JMS JBoss AS 7.1.1 problem
            brunothebear Newbie

            Nicklas Karlsson wrote:

             

            Never done a lookup like that but I've seen port 5445 mentioned in the context of a netty connector(?)

            I dont think thats possible, when using this port im getting exception on serverside

             

            Failed to decode: java.lang.IllegalArgumentException: Invalid type: -1
             at org.hornetq.core.protocol.core.impl.PacketDecoder.decode(PacketDecoder.java:550) [hornetq-core-2.2.13.Final.jar:]
             at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:479) [hornetq-core-2.2.13.Final.jar:]
             at org.hornetq.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:533) [hornetq-core-2
            ...
            
            

             

             

            Anyways it appears when changing security realm to jaas authentication so i can use the database authentication for EJBs it breaks the JMS part.

            So its possible to acquire remote connection with using jboss-ejb-client.properties but not this way

             

             

                    props.put(Context.INITIAL_CONTEXT_FACTORY,org.jboss.naming.remote.client.InitialContextFactory.class.getName());
                    props.put(InitialContext.SECURITY_PRINCIPAL, "test");
                    props.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", false);
                    props.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");
                    props.put(InitialContext.PROVIDER_URL, "remote://localhost:4447");
                    props.put(InitialContext.SECURITY_CREDENTIALS, "123456");
                    InitialContext context = new InitialContext(props);
            

             

            So is it possible to use jaas auth for ejbs and jms? Since using property files for users is not an option.

             

            Ive tried to disable security on the hornet-server without any luck.

            • 3. Re: Remote EJB/JMS JBoss AS 7.1.1 problem
              Justin Bertram Master

              You definitely can't do a JNDI lookup on port 5445 since that is a HornetQ managed by HornetQ.  So the error you're getting there is not surprising.

               

              As for the other issue, I don't believe it has anything to do with HornetQ.  Keep in mind that JNDI and JMS are 100% independent.  You doing a JNDI lookup here, nothing to do with JMS - yet.  All the security related to the JNDI lookup is completely separate from any HornetQ security.  That being the case, I'll have to defer to someone more familiar with JNDI security.

              • 4. Re: Remote EJB/JMS JBoss AS 7.1.1 problem
                brunothebear Newbie

                Yep the issue i have is with remote jndi with security. It works if remote-connector in standalone.xml has no security realm specified i.e no username, password is required. Then i can look up remote ConnectionFactory but when i do specify security realm since i need it for the EJBs the lookup fails with no-auth methods exception.

                I found some sort of work around for getting remote connection factories/queues but it still feels like hacking as it does for setting static EJB context.