12 Replies Latest reply on Mar 28, 2013 4:13 AM by mike just

    JBoss 7.1.3, custom login module and JMS

    Alexey Tomin Newbie

      I use jboss 7.1.3, custom login module, remote ejb client, remote jms client.

       

      *In standalone-full-ha.xml:*

      {code:xml}

      <security-domain name="RolesLoginModule" cache-type="default">

        <authentication>

          <login-module code="ru.start2com.common.auth.server_module.RolesLoginModule" flag="required" module="ru.start2com.Common.auth.module"/>

        </authentication>

      </security-domain>

      {code}

       

      {code:xml}

      <security-realm name="RolesLoginModuleRealm">

        <authentication> <jaas name="RolesLoginModule"/> </authentication>

      </security-realm>

      {code}

       

      {code:xml}

      <subsystem xmlns="urn:jboss:domain:remoting:1.1">

        <connector name="remoting-connector" socket-binding="remoting" security-realm="RolesLoginModuleRealm"/>

      </subsystem> (1) It is a problem code!!!

      {code} 

       

       

       

      In my EAR add jboss-app.xml

      {code:xml}

      <jboss-app>

        <security-domain>RolesLoginModule</security-domain>

      </jboss-app>

      {code}

       

      *In remote ejb client connect:*

      {code}

      Properties clientProp = new Properties();

      clientProp.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

      clientProp.put("remote.connections", "default");

      clientProp.put("remote.connection.default.host", serverHost);

      clientProp.put("remote.connection.default.port", serverPort);

      clientProp.put("remote.connection.default.username", login);

      clientProp.put("remote.connection.default.password", pwd);

      clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");

      clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");

      EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(clientProp);

      ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);

      EJBClientContext.setSelector(selector);

      params = new Hashtable<String, Object>();

      params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

      params.put(Context.PROVIDER_URL, serverUrl);

      params.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

      context = new InitialContext(params);

      {code}

      It work ONLY if (1) used. Else- principal in login module correct, by credentials - random UUID (used LocalCallbackHandlerService wich not setted "org.jboss.as.domain.management.subject_callback_supported")

       

      *In remote jms client connect:*

      {code}

      params = new Hashtable<String, Object>();

      params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

      params.put(Context.PROVIDER_URL, serverUrl);

      params.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

      params.put(Context.SECURITY_PRINCIPAL, login);

      params.put(Context.SECURITY_CREDENTIALS, pwd);

      context = new InitialContext(params);

      {code}

      It work ONLY if (1) NOT used (used default value). Else - error

          "Remoting "config-based-naming-client-endpoint" read-1:ERROR:org.jboss.remoting.remote.connection::JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed"

      In PlainSaslServer.SaslState.evaluateMessage in byte[] message not contained password...

       

      How to make configuration for use remote ejb and jms client in one server?

        • 2. Re: JBoss 7.1.3, custom login module and JMS
          jaikiran pai Master

          Alexey, I don't fully understand what the problem is. Could you please leave out the JMS part from it for now and explain what problem you are running into with the EJB invocations? The EJB code and relevant exception stacktraces too would help.

          • 3. Re: JBoss 7.1.3, custom login module and JMS
            Alexey Tomin Newbie

            If I not set socket-binding="remoting" security-realm="RolesLoginModuleRealm"

             

            client code:

             

                final String LOGIN = "jmsUser";

                final String PASSWORD = "123";

                Properties clientProp = new Properties();

                clientProp.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

                clientProp.put("remote.connections", "default");

                clientProp.put("remote.connection.default.host", "localhost");

                clientProp.put("remote.connection.default.port", "4447");

                clientProp.put("remote.connection.default.username", EJB_LOGIN);

                clientProp.put("remote.connection.default.password", PASSWORD);

                EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(clientProp);

                ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);

                EJBClientContext.setSelector(selector);

                Hashtable<String, Object> params = new Hashtable<String, Object>();

                params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

                params.put(Context.PROVIDER_URL, "remote://localhost:4447");

                params.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                Context context = new InitialContext(params);

                String name = "ejb:StartNg.twf-N2.S2.1/Common.auth.ejb-N2.1//AdmContextBL!ru.infosfera.common.auth.bl.AdmContextRemote";

                AdmContextRemote admContext = (AdmContextRemote) context.lookup(name);

                String userName = admContext.login("localhost", "alxt"); <-- real login in UserName login module and exception

             

            client exception:

             

            11:04:03.418:Remoting "config-based-ejb-client-endpoint" task-1:INFO :org.jboss.ejb.client.remoting       ::EJBCLIENT000011: Discarding result for invocation id 0 since no waiting context found

            javax.ejb.EJBAccessException: JBAS013323: Invalid User

                      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54)

                      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45)

                      at java.security.AccessController.doPrivileged(Native Method)

                      at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74)

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                      at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:42)

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                      at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                      at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                      at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:43)

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                      at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)

                      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)

                      at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)

                      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:321)

                      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:69)

                      at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:202)

                      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

                      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)

                      at java.util.concurrent.FutureTask.run(FutureTask.java:166)

                      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

                      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

                      at java.lang.Thread.run(Thread.java:722)

                      at org.jboss.threads.JBossThread.run(JBossThread.java:122)

                      at ...asynchronous invocation...(Unknown Source)

                      at org.jboss.ejb.client.remoting.InvocationExceptionResponseHandler$MethodInvocationExceptionResultProducer.getResult(InvocationExceptionResponseHandler.java:99)

                      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:272)

                      at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:46)

                      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:274)

                      at org.jboss.ejb.client.ReceiverInterceptor.handleInvocationResult(ReceiverInterceptor.java:129)

                      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:262)

                      at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:437)

                      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:140)

                      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121)

                      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104)

                      at com.sun.proxy.$Proxy0.login(Unknown Source)

                      at ru.infosfera.common.auth.for_client.RolesLoginContext.login(RolesLoginContext.java:97)

             

            sever exception: my login module can not use password from client and throw exception.

             

            Today I change login module code- it NOT check password and create principal without any role.

            Method admContext.login now accept password, check it and add roles to principal.

            • 4. Re: JBoss 7.1.3, custom login module and JMS
              Alexey Tomin Newbie

              If I set socket-binding="remoting" security-realm="RolesLoginModuleRealm"

              ejb client work correct, by jms client...

               

                  final String LOGIN = "jmsUser";

                  final String PASSWORD = "123";

                  Hashtable<String, Object> params = new Hashtable<String, Object>();

                  params.put(Context.PROVIDER_URL, "remote://localhost:4447");

                  params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

                  params.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                  Context context = new InitialContext(params);

                  QueueConnectionFactory qcf = (QueueConnectionFactory) context.lookup("/jms/RemoteConnectionFactory");

                  QueueConnection queueConnection = qcf.createQueueConnection(LOGIN, PASSWORD);

               

              client exception:

               

              12:04:28.022 [main] DEBUG o.j.n.r.client.InitialContextFactory - jboss.naming.client.connect.options. has the following options {}

              12:04:28.256 [Remoting "config-based-naming-client-endpoint" read-1] ERROR org.jboss.remoting.remote.connection - JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

              12:04:28.272 [main] DEBUG o.j.n.r.client.HaRemoteNamingStore - Failed to connect to server remote://localhost:4447

              java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                        at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                        at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:180) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                        at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:131) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                        at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:112) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                        at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:223) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                        at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:79) [jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                        at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:83) [jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                        at javax.naming.InitialContext.lookup(InitialContext.java:411) [na:1.7.0_15]

                        at ru.infosfera.starttk.adapter.test.JmsClientTest.main(JmsClientTest.java:79) [classes/:na]

              Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                        at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:377) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                        at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:226) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                        at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) ~[xnio-api-3.0.6.GA.jar:3.0.6.GA]

                        at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189) ~[xnio-api-3.0.6.GA.jar:3.0.6.GA]

                        at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103) ~[xnio-api-3.0.6.GA.jar:3.0.6.GA]

                        at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) ~[xnio-api-3.0.6.GA.jar:3.0.6.GA]

                        at org.xnio.nio.NioHandle.run(NioHandle.java:90) ~[xnio-nio-3.0.6.GA.jar:3.0.6.GA]

                        at org.xnio.nio.WorkerThread.run(WorkerThread.java:187) ~[xnio-nio-3.0.6.GA.jar:3.0.6.GA]

                        at ...asynchronous invocation...(Unknown Source) ~[na:na]

                        at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                        at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                        at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                        at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333) ~[jboss-remoting-3.2.8.SP1.jar:3.2.8.SP1]

                        at org.jboss.naming.remote.client.EndpointCache$EndpointWrapper.connect(EndpointCache.java:105) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                        at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:179) ~[jboss-remote-naming-1.0.4.Final.jar:1.0.4.Final]

                        ... 7 common frames omitted

               

              in server - no any message

              • 5. Re: JBoss 7.1.3, custom login module and JMS
                Alexey Tomin Newbie

                for use JMS client with custom login module need add to initial context params:

                 

                    params.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); <-- for allow plain text password from client to server

                • 6. Re: JBoss 7.1.3, custom login module and JMS
                  mike just Master

                  Hi Alexey, can you please suggest how to build out a 7.1.3 version?

                  • 7. Re: JBoss 7.1.3, custom login module and JMS
                    Alexey Tomin Newbie

                    1. Download source https://github.com/jbossas/jboss-as/tree/7.1.3.Final (by zip - https://github.com/jbossas/jboss-as/archive/7.1.3.Final.zip)

                    2. Build by "mvn -Dmaven.test.skip=true clean install" (some test not passed- not work with proxy?).

                    3. Result in build/target/jboss-as-7.1.3.Final/

                    • 8. Re: JBoss 7.1.3, custom login module and JMS
                      mike just Master

                      Thanks Alexey. One question: Is 7.1.3 the latest version that can be used now?

                      • 9. Re: JBoss 7.1.3, custom login module and JMS
                        mike just Master

                        And how about checking out https://github.com/jbossas/jboss-as.git directly without any tag?

                        • 10. Re: JBoss 7.1.3, custom login module and JMS
                          Alexey Tomin Newbie

                          > Thanks Alexey.

                           

                          Use "Like" button

                           

                          > Is 7.1.3 the latest version that can be used now?

                           

                          Now - latest.

                          https://github.com/jbossas/jboss-as/tree/7.2.0.Final mark as "Prepare 7.2.0.Final for pre-releases" and no more tags.

                          But in https://issues.jboss.org/browse/AS7?selectedTab=com.atlassian.jira.plugin.system.project%3Aroadmap-panel 7.1.4 has ONE not resolved issue. 7.1.4 coming soon?

                           

                          > And how about checking out https://github.com/jbossas/jboss-as.git directly without any tag?

                           

                          This is a 8.0 (or 9.0?) pre-alfa version. For jboss-as developers only.

                          For users - only tags.

                          • 11. Re: JBoss 7.1.3, custom login module and JMS
                            mike just Master

                            Thanks, Alexey. So 7.1.3 is the latest version that we can use for our application? How about 7.2.0.Final?

                             

                             

                            And since I am a bit new to GIT is there any way for us to check all the available tags? Can we do this?