1 2 Previous Next 21 Replies Latest reply on Aug 16, 2013 9:45 AM by philba Go to original post
      • 15. Re: Server2Server remote ejb call: authentification issues
        jaikiran

        Phil, you seem to be missing a step in the configuration. See the server-identity part in this chapter https://docs.jboss.org/author/display/AS72/EJB+invocations+from+a+remote+server+instance (search for server-identity on that page).

        • 16. Re: Server2Server remote ejb call: authentification issues
          philba

          Thank you very much, that was really part of the issue. I didnt know you had to specify this special server-identity tag which is only used for outgoing connections(and is required for them).

           

          But trying to get it running on 7.1.1 (7.1.1 is our prdoction server)yields:

           

          13:30:59,212 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" task-2) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@1bc99696

          13:30:59,214 DEBUG [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received authentication rejected for mechanism PLAIN

          13:30:59,214 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client sending capabilities request

          13:30:59,214 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@4fbd601a

          13:30:59,214 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=14 lim=14 cap=8192] (direct)

          13:30:59,215 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Flushed channel (direct)

          13:30:59,215 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capabilities response

          13:30:59,216 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: version 1

          13:30:59,216 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: remote endpoint name "PS-JBoss"

          13:30:59,216 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism JBOSS-LOCAL-USER

          13:30:59,217 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism PLAIN

          13:30:59,217 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Connection error detail: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

              at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315) [jboss-remoting-3.2.3.GA.jar:3.2.3.GA]

              at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214) [jboss-remoting-3.2.3.GA.jar:3.2.3.GA]

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.3.GA.jar:3.0.3.GA]

          • 17. Re: Server2Server remote ejb call: authentification issues
            jaikiran

            What does the new standalone.xml look like and what does the rest of that TRACE log look like (attach them both please)?

            • 18. Re: Server2Server remote ejb call: authentification issues
              philba

              Hi,

              I just confirmed that the ejb call is working with 7.2 (thanks to your help)

              On 7.1.1 I get the following:

              Client:

               

              :28:00,771 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received greeting

              15:28:00,771 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received server name: 127.0.0.1

              15:28:00,771 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client sending capabilities request

              15:28:00,771 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@75af1a77

              15:28:00,771 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=14 lim=14 cap=8192] (direct)

              15:28:00,772 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Flushed channel (direct)

              15:28:00,776 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capabilities response

              15:28:00,777 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: version 1

              15:28:00,777 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: remote endpoint name "PS-JBoss"

              15:28:00,777 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism JBOSS-LOCAL-USER

              15:28:00,777 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism PLAIN

              15:28:00,778 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) SASL mechanism PLAIN added to allowed set

              15:28:00,778 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client initiating authentication using mechanism PLAIN

              15:28:00,779 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" task-4) Sent message java.nio.HeapByteBuffer[pos=23 lim=23 cap=8192] (direct)

              15:28:00,779 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" task-4) Flushed channel (direct)

              15:28:00,779 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" task-4) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@3a7eb8c9

              15:28:00,794 DEBUG [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received authentication rejected for mechanism PLAIN

              15:28:00,794 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client sending capabilities request

              15:28:00,794 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@5595b21f

              15:28:00,795 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=14 lim=14 cap=8192] (direct)

              15:28:00,795 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Flushed channel (direct)

              15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capabilities response

              15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: version 1

              15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: remote endpoint name "PS-JBoss"

              15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism JBOSS-LOCAL-USER

              15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism PLAIN

              15:28:00,797 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Connection error detail: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

                  at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315) [jboss-remoting-3.2.3.GA.jar:3.2.3.GA]

                  at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214) [jboss-remoting-3.2.3.GA.jar:3.2.3.GA]

                  at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.3.GA.jar:3.0.3.GA]

                  at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189) [xnio-api-3.0.3.GA.jar:3.0.3.GA]

                  at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103) [xnio-api-3.0.3.GA.jar:3.0.3.GA]

              Host

               

              15:31:39,989 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capabilities request

              15:31:39,990 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capability: version 1

              15:31:39,990 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capability: remote endpoint name "CL-JBoss"

              15:31:39,991 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) No EXTERNAL mechanism due to explicit exclusion

              15:31:39,991 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory org.jboss.sasl.localuser.LocalUserServerFactory@e621b0d

              15:31:39,991 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Added mechanism JBOSS-LOCAL-USER

              15:31:39,991 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory org.jboss.sasl.digest.DigestMD5ServerFactory@4addf9db

              15:31:39,992 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

              15:31:39,992 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory org.jboss.sasl.plain.PlainServerFactory@333ebf43

              15:31:39,992 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Added mechanism PLAIN

              15:31:39,992 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory org.jboss.sasl.anonymous.AnonymousServerFactory@5c7ee1fd

              15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory com.sun.security.sasl.ntlm.FactoryImpl@e26d87c

              15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism NTLM because it is not in the allowed list

              15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory com.sun.security.sasl.digest.FactoryImpl@184ebc26

              15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

              15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory com.sun.security.sasl.ServerFactoryImpl@59226f41

              15:31:39,994 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism CRAM-MD5 because it is not in the allowed list

              15:31:39,994 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory com.sun.security.sasl.gsskerb.FactoryImpl@63b6421e

              15:31:39,994 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism GSSAPI because it is not in the allowed list

              15:31:39,994 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=39 lim=39 cap=8192] (direct)

              15:31:39,995 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" read-1) Flushed channel (direct)

              15:31:39,997 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received authentication request

              15:31:39,998 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "PS-JBoss" task-2) Begin getAppConfigurationEntry(ps-tmp-auth), size=4

              15:31:39,998 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "PS-JBoss" task-2) End getAppConfigurationEntry(ps-tmp-auth), authInfo=AppConfigurationEntry[]:

              [0]

              LoginModule Class: xxx.MyLoginModule

              ControlFlag: LoginModuleControlFlag: required

              Options:

              name=password-stacking, value=useFirstPass

               

              15:31:39,998 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" task-2) Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

              15:31:39,999 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" task-2) Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)

              15:31:39,999 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" task-2) Flushed channel (direct)

              15:31:40,000 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capabilities request

              15:31:40,000 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capability: version 1

              15:31:40,000 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capability: remote endpoint name "CL-JBoss"

              15:31:40,000 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=39 lim=39 cap=8192] (direct)

              15:31:40,001 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" read-1) Flushed channel (direct)

              15:31:40,005 TRACE [org.jboss.remoting.remote] (Remoting "PS-JBoss" read-1) Received connection end-of-stream

              • 19. Re: Server2Server remote ejb call: authentification issues
                philba

                Ok, I found the problem(s):

                1. My login module used a SecurityAssociationCallback, which apperently isnt supported in 7.1.1 ?
                2. I had to add my login module as dependency to the jboss remoting module on the host side.

                 

                Tahnk you very much for your help jaikiran

                • 20. Re: Server2Server remote ejb call: authentification issues
                  jaikiran

                  Phil Ba wrote:

                   

                   

                  1. My login module used a SecurityAssociationCallback, which apperently isnt supported in 7.1.1 ?

                  I'm  not much aware of that part. But glad to know you got it working.

                  • 21. Re: Server2Server remote ejb call: authentification issues
                    philba

                    Yeah, both of my points seem to be 7.1.1 specific.

                    On 7.2 it worked with SecurityAssociationCallback and without adding the module dependency.

                    1 2 Previous Next