-
15. Re: Server2Server remote ejb call: authentification issues
jaikiran Aug 14, 2013 1:52 AM (in response to philba)Phil, you seem to be missing a step in the configuration. See the server-identity part in this chapter https://docs.jboss.org/author/display/AS72/EJB+invocations+from+a+remote+server+instance (search for server-identity on that page).
-
16. Re: Server2Server remote ejb call: authentification issues
philba Aug 14, 2013 7:52 AM (in response to jaikiran)Thank you very much, that was really part of the issue. I didnt know you had to specify this special server-identity tag which is only used for outgoing connections(and is required for them).
But trying to get it running on 7.1.1 (7.1.1 is our prdoction server)yields:
13:30:59,212 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" task-2) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@1bc99696
13:30:59,214 DEBUG [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received authentication rejected for mechanism PLAIN
13:30:59,214 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client sending capabilities request
13:30:59,214 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@4fbd601a
13:30:59,214 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=14 lim=14 cap=8192] (direct)
13:30:59,215 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Flushed channel (direct)
13:30:59,215 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capabilities response
13:30:59,216 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: version 1
13:30:59,216 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: remote endpoint name "PS-JBoss"
13:30:59,216 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism JBOSS-LOCAL-USER
13:30:59,217 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism PLAIN
13:30:59,217 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Connection error detail: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315) [jboss-remoting-3.2.3.GA.jar:3.2.3.GA]
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214) [jboss-remoting-3.2.3.GA.jar:3.2.3.GA]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.3.GA.jar:3.0.3.GA]
-
17. Re: Server2Server remote ejb call: authentification issues
jaikiran Aug 14, 2013 8:05 AM (in response to philba)What does the new standalone.xml look like and what does the rest of that TRACE log look like (attach them both please)?
-
18. Re: Server2Server remote ejb call: authentification issues
philba Aug 14, 2013 9:32 AM (in response to jaikiran)Hi,
I just confirmed that the ejb call is working with 7.2 (thanks to your help)
On 7.1.1 I get the following:
Client:
:28:00,771 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received greeting
15:28:00,771 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received server name: 127.0.0.1
15:28:00,771 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client sending capabilities request
15:28:00,771 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@75af1a77
15:28:00,771 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=14 lim=14 cap=8192] (direct)
15:28:00,772 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Flushed channel (direct)
15:28:00,776 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capabilities response
15:28:00,777 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: version 1
15:28:00,777 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: remote endpoint name "PS-JBoss"
15:28:00,777 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism JBOSS-LOCAL-USER
15:28:00,777 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism PLAIN
15:28:00,778 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) SASL mechanism PLAIN added to allowed set
15:28:00,778 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client initiating authentication using mechanism PLAIN
15:28:00,779 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" task-4) Sent message java.nio.HeapByteBuffer[pos=23 lim=23 cap=8192] (direct)
15:28:00,779 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" task-4) Flushed channel (direct)
15:28:00,779 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" task-4) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@3a7eb8c9
15:28:00,794 DEBUG [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received authentication rejected for mechanism PLAIN
15:28:00,794 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client sending capabilities request
15:28:00,794 TRACE [org.jboss.remoting.remote] (Remoting "CL-JBoss" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@5595b21f
15:28:00,795 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=14 lim=14 cap=8192] (direct)
15:28:00,795 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Flushed channel (direct)
15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capabilities response
15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: version 1
15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: remote endpoint name "PS-JBoss"
15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism JBOSS-LOCAL-USER
15:28:00,796 TRACE [org.jboss.remoting.remote.client] (Remoting "CL-JBoss" read-1) Client received capability: SASL mechanism PLAIN
15:28:00,797 TRACE [org.jboss.remoting.remote.connection] (Remoting "CL-JBoss" read-1) Connection error detail: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315) [jboss-remoting-3.2.3.GA.jar:3.2.3.GA]
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214) [jboss-remoting-3.2.3.GA.jar:3.2.3.GA]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.3.GA.jar:3.0.3.GA]
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189) [xnio-api-3.0.3.GA.jar:3.0.3.GA]
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103) [xnio-api-3.0.3.GA.jar:3.0.3.GA]
Host
15:31:39,989 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capabilities request
15:31:39,990 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capability: version 1
15:31:39,990 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capability: remote endpoint name "CL-JBoss"
15:31:39,991 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) No EXTERNAL mechanism due to explicit exclusion
15:31:39,991 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory org.jboss.sasl.localuser.LocalUserServerFactory@e621b0d
15:31:39,991 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Added mechanism JBOSS-LOCAL-USER
15:31:39,991 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory org.jboss.sasl.digest.DigestMD5ServerFactory@4addf9db
15:31:39,992 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list
15:31:39,992 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory org.jboss.sasl.plain.PlainServerFactory@333ebf43
15:31:39,992 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Added mechanism PLAIN
15:31:39,992 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory org.jboss.sasl.anonymous.AnonymousServerFactory@5c7ee1fd
15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory com.sun.security.sasl.ntlm.FactoryImpl@e26d87c
15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism NTLM because it is not in the allowed list
15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory com.sun.security.sasl.digest.FactoryImpl@184ebc26
15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list
15:31:39,993 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory com.sun.security.sasl.ServerFactoryImpl@59226f41
15:31:39,994 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism CRAM-MD5 because it is not in the allowed list
15:31:39,994 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Trying SASL server factory com.sun.security.sasl.gsskerb.FactoryImpl@63b6421e
15:31:39,994 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Excluding mechanism GSSAPI because it is not in the allowed list
15:31:39,994 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=39 lim=39 cap=8192] (direct)
15:31:39,995 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" read-1) Flushed channel (direct)
15:31:39,997 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received authentication request
15:31:39,998 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "PS-JBoss" task-2) Begin getAppConfigurationEntry(ps-tmp-auth), size=4
15:31:39,998 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "PS-JBoss" task-2) End getAppConfigurationEntry(ps-tmp-auth), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: xxx.MyLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=password-stacking, value=useFirstPass
15:31:39,998 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" task-2) Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)
15:31:39,999 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" task-2) Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)
15:31:39,999 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" task-2) Flushed channel (direct)
15:31:40,000 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capabilities request
15:31:40,000 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capability: version 1
15:31:40,000 TRACE [org.jboss.remoting.remote.server] (Remoting "PS-JBoss" read-1) Server received capability: remote endpoint name "CL-JBoss"
15:31:40,000 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" read-1) Sent message java.nio.HeapByteBuffer[pos=39 lim=39 cap=8192] (direct)
15:31:40,001 TRACE [org.jboss.remoting.remote.connection] (Remoting "PS-JBoss" read-1) Flushed channel (direct)
15:31:40,005 TRACE [org.jboss.remoting.remote] (Remoting "PS-JBoss" read-1) Received connection end-of-stream
-
19. Re: Server2Server remote ejb call: authentification issues
philba Aug 15, 2013 5:17 AM (in response to philba)Ok, I found the problem(s):
- My login module used a SecurityAssociationCallback, which apperently isnt supported in 7.1.1 ?
- I had to add my login module as dependency to the jboss remoting module on the host side.
Tahnk you very much for your help jaikiran
-
20. Re: Server2Server remote ejb call: authentification issues
jaikiran Aug 16, 2013 9:33 AM (in response to philba)Phil Ba wrote:
- My login module used a SecurityAssociationCallback, which apperently isnt supported in 7.1.1 ?
I'm not much aware of that part. But glad to know you got it working.
-
21. Re: Server2Server remote ejb call: authentification issues
philba Aug 16, 2013 9:45 AM (in response to jaikiran)Yeah, both of my points seem to be 7.1.1 specific.
On 7.2 it worked with SecurityAssociationCallback and without adding the module dependency.