0 Replies Latest reply on Dec 2, 2013 6:25 AM by Tomas Vajrauch

    remote EJB invoke - problem with database authorization

    Tomas Vajrauch Newbie

      Hi!

      i need to call stateless EJB methods remotely from client console application .. i suceeded in doing this with authorization via propeties files (application-roles.properties, application-users.properties), but when i tried to do authorization with database tables, i always get error:

       

      ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
      Exception in thread "main" java.lang.IllegalStateException: No EJB receiver available for handling [appName:MegaEA,modulename:ReplyEJB,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@5f55b990

       

      i searched many discussions and tutorials, still did not find solution .. can anybody give me a hint?

      i am using 7.1.1 final jboss as

       

      tables are in postgre database, created this way:

      CREATE TABLE Users(username VARCHAR(64) PRIMARY KEY, passwd VARCHAR(64))
      CREATE TABLE UserRoles(username VARCHAR(64), userRoles VARCHAR(32))

       

      in standalone.xml there is:

               <security-realm name="konosRealm">
                      <authentication>
                          <jaas name="konosDomain"/>
                      </authentication>
                  </security-realm>
               <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                  <connector name="remoting-connector" socket-binding="remoting" security-realm="konosRealm"/>
              </subsystem>
                      <security-domain name="konosDomain" cache-type="default">
                          <authentication>
                              <login-module code="Remoting" flag="optional">
                                  <module-option name="password-stacking" value="useFirstPass"/>
                              </login-module>
                              <login-module code="Database" flag="required">
                                  <module-option name="dsJndiName" value="java:jboss/postgresDS"/>
                                  <module-option name="principalsQuery" value="select passwd from users where username=?"/>
                                  <module-option name="rolesQuery" value="SELECT userroles, 'Roles' FROM userroles WHERE username=?"/>
                                  <module-option name="password-stacking" value="useFirstPass"/>
                                  <module-option name="hashAlgorithm" value="MD5"/>
                                  <module-option name="hashEncoding" value="base64"/>
                                  <module-option name="unauthenticatedIdentity" value="guest"/>
                              </login-module>
                          </authentication>
                      </security-domain>

       

       

      my client is quite simple (and as i said it was working with file-based authorization) ..

      jboss-ejb-client.properties:

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
      remote.connections=default
      remote.connection.default.host=localhost
      remote.connection.default.port=4447
      remote.connection.default.username=huhu
      remote.connection.default.password=huhu0
      remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

       

       

      when i tried to set TRACE log level on jboss, the only exception there was javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler .. this is log block from server.log file

       

       

      10:44:20,206 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) initialize

      10:44:20,214 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) Security domain: konosDomain

      10:44:20,222 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) Saw unauthenticatedIdentity=guest

      10:44:20,231 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) Password hashing activated: algorithm = MD5, encoding = base64, charset = {default}, callback = null, storeCallback = null

      10:44:20,245 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) DatabaseServerLoginModule, dsJndiName=java:jboss/postgresDS

      10:44:20,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) principalsQuery=select passwd from users where username=?

      10:44:20,257 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) rolesQuery=SELECT userroles, 'Roles' FROM userroles WHERE username=?

      10:44:20,264 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) suspendResume=true

      10:44:20,269 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) login

      10:44:20,273 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) suspendAnyTransaction

      10:44:20,280 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) Excuting query: select passwd from users where username=?, with username: huhu

      10:44:20,292 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) resumeAnyTransaction

      10:44:20,297 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (Remoting "tomino-pc" task-2) abort

      10:44:20,302 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" task-2) Server sending authentication rejected (javax.security.sasl.SaslException: PLAIN password not verified by CallbackHandler)

      10:44:20,310 TRACE [org.jboss.remoting.remote.connection] (Remoting "tomino-pc" task-2) Sent message java.nio.HeapByteBuffer[pos=1 lim=1 cap=8192] (direct)

       

       

      any help appreciated, thanks