Custom Login Module: Problems with remote Non-EJB JNDI lookup
vatpet Dec 20, 2012 7:57 AMI am using JBoss AS 7.1.1.Final.
For authentication I have a custom login module placed in the JBoss static module structure.
The remote connector on port 4447 is pointing to my own security realm, pointing to my own security domain, poiting to my custom login module.
For remote EJB lookup the custom login module is called correctly and the lookup (and EJB call) works fine.
For remote Non-EJB lookup (in my case I want to look up jms/RemoteConnectionFactory) the custom login module is not called for any reason.
The remote EJB lookup and the remote Non-EJB lookup is implemented completely different.
This is also documented in https://docs.jboss.org/author/display/AS71/Remote+EJB+invocations+via+JNDI+-+EJB+client+API+or+remote-naming+project.
Unfortunately it seems that the calling of a custom login module is also implemented differently in these two cases.
For remote EJB lookup, I use the following settings for InitialContext creation / lookup / EJB-call:
java.naming.factory.url.pkgs=org.jboss.ejb.client.naming
jboss.naming.client.ejb.context=true
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=localhost
remote.connection.default.port=4447
remote.connection.default.username=myuser
remote.connection.default.password=mypass
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
The lookup works fine (no authentication). The autentication is done when the EJB method is called. The custom login module is called at this time. This works as expected. So far so good.
For remote Non-EJB lookup (looking up jms/RemoteConnectionFactory) the settings posted above does not work. Some 'java.naming.*' settings are requested. The 'remote.connection.*' settings seems to be ignored (if they are set or not does not make any difference).
Here I use the following settings for InitialContext creation and lookup:
java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory
java.naming.provider.url=remote://localhost:4447
java.naming.security.principal=myuser
java.naming.security.credentials=mypass
The authentication is done at the lookup (as expected). But the custom login module is never called and the 'javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed' exception is thrown.
When I use the default ApplicationRealm with the default authentication (Jboss application users) and I create an application user the lookup works.
Does custom login modules for remote Non-EJB lookup work at all ?
If yes, what are the differencies ? What do I have to change ?