4 Replies Latest reply on Sep 26, 2013 10:10 AM by Michael Seeberger

    EJB invocations from a remote server instance not working when using DataBaseLoginModule with hashAlgorithm

    Michael Seeberger Newbie

      Hi There,

       

      i'm trying to make an outboundconnection from one JBoss to another. So I followed the Steps in https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance and got it working.

      The remoting-connector is secured by a DatabaseLoginModule. When i don't set the option 'hashAlgorithm=SHA-256' everything works fine and i can call the destination-jboss, but if i set this option i always get the Message

      "ERROR [org.jboss.remoting.remote.connection] (Remoting "vs-fok" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed" on Server-Startup (Client-JBoss).

      I don't know why the security-realm for the remote-outbound-connection depends on the loginModule for the remoting-connector but there seems to be an dependency. Do i have to somehow hash the password in the application-user.properties or how can i get this to work?

       

      My Configuration is as follows:

       

      <management>

              <security-realms>

                  .........

                  <security-realm name="MyRealm">

                      <authentication>

                          <jaas name="dbDomain"/>

                      </authentication>

                  </security-realm>

                  <security-realm name="ejb-security-realm">

                      <server-identities>

                          <secret value="ZWpicGFzc3dvcmQ="/>

                      </server-identities>

                  </security-realm>

              </security-realms>

              ......

          </management>

      ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

              <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                  <connector name="remoting-connector" socket-binding="remoting" security-realm="MyRealm"/>

                  <outbound-connections>

                      <remote-outbound-connection name="remote-ejb-connection" outbound-socket-binding-ref="remote-ejb" username="ejb" security-realm="ejb-security-realm">

                          <properties>

                              <property name="SASL_POLICY_NOANONYMOUS" value="false"/>

                              <property name="SSL_ENABLED" value="false"/>

                              <property name="SASL_DISALLOWED_MECHANISMS" value="JBOSS-LOCAL-USER"/>

                          </properties>

                      </remote-outbound-connection>

                  </outbound-connections>

              </subsystem>

      ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                <security-domain name="dbDomain" cache-type="default">

                   <authentication>

                       <login-module code="Database" flag="required">

                           <module-option name="dsJndiName" value="java:jboss/datasources/AuthenticationDataSource"/>

                           <module-option name="principalsQuery" value="select pw from user where login =?"/>

                           <module-option name="hashAlgorithm" value="SHA-256"/>

                           <module-option name="hashEncoding" value="BASE64"/>

                           <module-option name="hashStorePassword" value="true"/>

                       </login-module>

                    </authentication>

                 </security-domain>

      ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

              <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>

              <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

              <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>

              <socket-binding name="ajp" port="8009"/>

              <socket-binding name="http" port="8080"/>

              <socket-binding name="https" port="8443"/>

              <socket-binding name="osgi-http" interface="management" port="8090"/>

              <socket-binding name="remoting" port="1099"/>

              <socket-binding name="txn-recovery-environment" port="4712"/>

              <socket-binding name="txn-status-manager" port="4713"/>

              <outbound-socket-binding name="mail-smtp">

                  <remote-destination host="localhost" port="25"/>

              </outbound-socket-binding>

              <outbound-socket-binding name="remote-ejb">

                  <remote-destination host="localhost" port="1199"/>

              </outbound-socket-binding>

          </socket-binding-group>