0 Replies Latest reply on Jul 15, 2014 10:53 AM by Marco Simões

    Create a SecurityRealm for remoting JMS in domain mode - JBoss EAP 6.2.3

    Marco Simões Newbie

      Hi Guys,

       

      I have a question about create new security Realm for my remoting JMS in domain mode.

       

      I have a Domain Controller with JBoss EAP 6.2.3 without any servers, and in another machine i have a Host Controller with JBoss EAP 6.2.3 with one server in full profile.

       

      I configured a queeu in Domain Controller  with name "testQueue".

       

      When i created a JMS client Connection to send messages for queue on  Host Controller target machine, i got this error::

       

      Error

      ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

      Exception in thread "main" javax.naming.NamingException: Failed to connect to any server. Servers tried: [remote://192.168.56.81:4447]

          at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:213)

          at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:144)

          at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:125)

          at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:241)

          at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:79)

          at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:83)

          at javax.naming.InitialContext.lookup(InitialContext.java:411)

          at com.teste.jms.QueueSend.init(QueueSend.java:35)

          at com.teste.jms.QueueSend.main(QueueSend.java:65)

       

       

      In my Domain Controller i added user to ApplicationRealm correct. In my Host Controller i don't added a user, but when i add the problem is fixed.

       

      My questions is, how can i will create a security Realm to use only users of Domain Controller and not necessary create users on Host Controller ?

       

       

      I'm tryed to implements this solutions, but not works:

       

       

      Domain.xml

      <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                      <connector name="remoting-connector" socket-binding="remoting" security-realm="JMSRealm"/>

                  </subsystem>

       

      <subsystem xmlns="urn:jboss:domain:security:1.2">

         <security-domains>

             <security-domain name="jms-security-domain" cache-type="default">

                  <authentication>

                    <login-module code="Remoting" flag="optional">

                      <module-option name="password-stacking" value="useFirstPass"/>

                    </login-module>

                    <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                      <module-option name="defaultUsersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                      <module-option name="defaultRolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                      <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                      <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                      <module-option name="password-stacking" value="useFirstPass"/>

                    </login-module>

                  </authentication>

              </security-domain>

      .....

       

       

      host.xml

      <security-realm name="JMSRealm">
              <authentication>
                        <jaas name="jms-security-domain"/>
              </authentication>

      </security-realm>

       

       

      Thanks.