1 Reply Latest reply on Mar 18, 2013 11:30 AM by Mans mansm

    HA not working: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

    fernando46 Newbie

      Hi, I'm trying to test the communication between a client and a jBoss cluster, to use the HA in an EE/EJB application (i.e. the behaviour after the failure of a cluster node).

       

      But I am having problems with the client-server communication (during the topology discovery) when the server is started in HA configuration instead of in standalone configuration (that it works properly). I have read problems similar to this in other threads, but it has not helped me to solve the issue. 

       

      My client is made of POJOs, nothing special. To connect the server uses jboss-client.jar. In the server side I builded a simple EE/EJBs application containing one SFSB, qualifies as Clustered. The application is deployed in two JBoss AS 7.1.1 Final, each one in a different machine.

       

      Here is my server configuration:

      Server 1: 192.168.0.35

          OS

          --

          Linux na1 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

         

          JRE/JDK

          -------

          OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~12.04.1)

          OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)

         

      Server 2: 192.168.0.33

          OS

          --

          Linux na2 3.2.0-29-generic-pae #46-Ubuntu SMP Fri Jul 27 17:25:43 UTC 2012 i686 i686 i386 GNU/Linux

       

          JRE/JDK

          -------

          OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~12.04.1)

          OpenJDK Server VM (build 20.0-b12, mixed mode)

         

       

      The EE/EJBs application looks correctly deployed in each server. I can see in the log, the EBJs exposed to the client.

       

      Each server was started by: ./standalone.sh -server-config=standalone-ha.xml

      The config file standalone-ha.xml was modified to bind ports to external interface addresses.

      Also, peter/lois user was added to ApplicationRealm in each server.

       

      The cluster appears to be working with both servers started. In the log it can be seen:

      On 192.168.0.35

      GMS: address=na1/ejb, cluster=ejb, physical address=192.168.0.35:55200

      ...

      Received new cluster view: [na2/ejb|3] [na2/ejb, na1/ejb]

       

      And on 192.168.0.33

      GMS: address=na2/ejb, cluster=ejb, physical address=192.168.0.33:55200

      ...

      Received new cluster view: [na1/ejb|1] [na1/ejb, na2/ejb]

       

       

      The client uses jboss-client.jar to connect EJBs on server side. Initial JNDI parameters are:

              p.put(Context.INITIAL_CONTEXT_FACTORY, org.jboss.naming.remote.client.InitialContextFactory.class.getName());

              p.put(Context.PROVIDER_URL, "remote://192.168.0.35:4447");       

              p.put(Context.SECURITY_PRINCIPAL, "peter");

              p.put(Context.SECURITY_CREDENTIALS, "lois");

              p.put("jboss.naming.client.ejb.context", true);

       

      As far as the documenation specifies, the server tells to the client the cluster topology, so that's would be enough. I have also tried to define the jboss-ejb-client.properties (as it is said in other forum threads, defining

      properties such as 'remote.clusters=ejb', 'remote.cluster.ejb.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS', 'remote.cluster.ejb.connect.options.org.xnio.Options.SSL_ENABLED'), but the result is the same.

      Is really needed another property on the client side? It does not appear to solve the client-server communication problem.

       

      In this point occurs the first strange thing. The JNDI context is created, but the client side is unable to connect to the rest of elements of the cluster. I didn't get any exception, but I saw client log that says:

       

      ****************************************************************************************

      INFO: Could not create a connection for cluster node ClusterNode{clusterName='ejb', nodeName='na2', clientMappings=[ClientMapping{sourceNetworkAddress=/0:0:0:0:0:0:0:0, sourceNetworkMaskBits=0, destinationAddress='192.168.0.33', destinationPort=4447}], resolvedDestination=[Destination address=192.168.0.33, destination port=4447]} in cluster ejb

      java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

          at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:117)

          at org.jboss.ejb.client.ClusterContext$EJBReceiverAssociationTask.run(ClusterContext.java:333)

          at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

          at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)

          at java.util.concurrent.FutureTask.run(Unknown Source)

          at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

          at java.lang.Thread.run(Unknown Source)

      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

          at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.nio.NioHandle.run(NioHandle.java:90)

          at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)

          at ...asynchronous invocation...(Unknown Source)

          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)

          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)

          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)

          at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:115)

          ... 7 more

       

      nov 30, 2012 12:05:39 PM org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager getEJBReceiver

      INFO: Could not create a connection for cluster node ClusterNode{clusterName='ejb', nodeName='na1', clientMappings=[ClientMapping{sourceNetworkAddress=/0:0:0:0:0:0:0:0, sourceNetworkMaskBits=0, destinationAddress='192.168.0.35', destinationPort=4447}], resolvedDestination=[Destination address=192.168.0.35, destination port=4447]} in cluster ejb

      java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

          at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:117)

          at org.jboss.ejb.client.ClusterContext$EJBReceiverAssociationTask.run(ClusterContext.java:333)

          at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

          at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)

          at java.util.concurrent.FutureTask.run(Unknown Source)

          at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

          at java.lang.Thread.run(Unknown Source)

      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

          at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.nio.NioHandle.run(NioHandle.java:90)

          at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)

          at ...asynchronous invocation...(Unknown Source)

          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)

          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)

          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)

          at org.jboss.ejb.client.remoting.RemotingConnectionClusterNodeManager.getEJBReceiver(RemotingConnectionClusterNodeManager.java:115)

          ... 7 more

      ****************************************************************************************

       

      In that piece of log, it can be seen how the the jboss library tries to connect to each node of the cluster, and it got javax.security.sasl.SaslException. I don't know the reason and how to solve it. Is it required an specific configuration in the client or server to avoid the previous exception? With this exception, the client can not be informed about the cluster topology.

       

      The second strange thing is that the client can execute any method over the remote bean successfuly even after the previous exception (although only requesting to the server node declared in the client-side).

       

      I have already read and followed the next documentation:

      https://docs.jboss.org/author/display/AS71/Remote+EJB+invocations+via+JNDI+-+EJB+client+API+or+remote-naming+project

      https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI

       

      I suspect that my server side config needs any special security parameter. Can you help me to address this issue?

       

      Thank you in advance

        • 1. Re: HA not working: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
          Mans mansm Newbie

          try this:

           

          remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

           

          remote.connections=one

           

          # connection parameter for server one

          remote.connection.one.host=192.168.19.110

          remote.connection.one.port=4547

          remote.connection.one.connect.timeout =500

          remote.connection.one.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

          remote.connection.one.username=appuser

          remote.connection.one.password=apppassword

           

          remote.clusters=ejb

          remote.cluster.ejb.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

          remote.cluster.ejb.username=appuser

          remote.cluster.ejb.password=apppassword

           

          please note the last 2 lines! that solved my problems