0 Replies Latest reply on Sep 25, 2014 3:32 AM by Khanh Nguyen

    Failed to lookup JNDI/EJB with DatabaseServerLoginModule login module

    Khanh Nguyen Newbie

      Hello All,

       

      I have faced the problem when looking the JNDI/EJB with DatabaseServerLoginModule login module. I have the configuration that connects to remoting server which must be authenticated via JAAS as below. However, it is failed, but when I used the ApplicationRealm with user and password which is load from properties file. It is success.

       

      I am sure that user name and password already exist in database. The below is my configuration in standalone.xml

       

      <security-realm name="DatabaseServerLoginModule login module">

                      <authentication>

                          <jaas name="TestRemoting"/>

                      </authentication>

      </security-realm>

       

      <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                  <connector name="remoting-connector" socket-binding="remoting" security-realm="DatabaseServerLoginModule login module"/>

      </subsystem>

       

      <security-domain name="DatabaseServerLoginModule login module" cache-type="default">

                          <authentication>

                               <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required" >

                                  <module-option name="password-stacking" value="useFirstPass"/>

                                  <module-option name="hashEncoding" value="base64"/>

                                  <module-option name="hashAlgorithm" value="MD5"/>

                                  <module-option name="dsJndiName" value="java:/jdbc/testdb"/>

                                  <module-option name="principalsQuery" value="select password from User where binary name=?"/>

                                  <module-option name="rolesQuery" value="select r.name, 'Roles' from Role r right join Profile_Role pr on r.id = pr.roles_id right join Profile p on p.id = pr.Profile_id right join User_Profile up on up.profiles_id = p.id right join User u on u.id = up.User_id WHERE u.name = ? AND r.name IS NOT NULL"/>

                              </login-module>

                          </authentication>

      </security-domain>

       

      Client:

              java.util.Properties jndiProps = new java.util.Properties();

              jndiProps.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

              jndiProps.put(Context.PROVIDER_URL,"remote://172.21.233.111:4447");

              jndiProps.put(Context.SECURITY_PRINCIPAL, "test");

              jndiProps.put(Context.SECURITY_CREDENTIALS, "@test@test123456");

            

            

              Context ctx;

              try {

                  ctx = new InitialContext(jndiProps);

                  ConnectionFactory connectionFactory = (ConnectionFactory) ctx.lookup("ConnectionFactory");

                

              } catch (NamingException e) {

                  // TODO Auto-generated catch block

                  e.printStackTrace();

              }

       

       

      The exception says that

       

      2014-09-25 12:03:23,937 TRACE [Remoting "config-based-naming-client-endpoint" read-1]-[org.jboss.remoting.remote.connection] Connection error detail: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:394)

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:227)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

          at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.nio.NioHandle.run(NioHandle.java:90)

          at org.xnio.nio.WorkerThread.run(WorkerThread.java:187)

       

      2014-09-25 12:03:23,938 ERROR [Remoting "config-based-naming-client-endpoint" read-1]-[org.jboss.remoting.remote.connection] JBREM000200: Remote connection failed: javax.security.sasl.SaslExce

      7)

       

      2014-09-25 12:03:23,939 TRACE [Remoting "config-based-naming-client-endpoint" read-1]-[org.jboss.remoting.endpoint] Resource closed count 00000001 of endpoint "config-based-naming-client-endpoint" <57f911ec> (closed a failed connection (2))

      2014-09-25 12:03:23,939 DEBUG [ossams-timer-430]-[org.jboss.naming.remote.client.HaRemoteNamingStore] Failed to connect to server remote://0.0.0.0:4447: java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87)

          at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:193)

          at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:144)

          at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:125)

          at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:241)

          at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:79)

          at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:83)

          at javax.naming.InitialContext.lookup(InitialContext.java:411

          at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

          at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)

          at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)

          at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)

          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

          at java.lang.Thread.run(Thread.java:744)

      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:394)

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:227)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

          at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.nio.NioHandle.run(NioHandle.java:90)

          at org.xnio.nio.WorkerThread.run(WorkerThread.java:187)

          at ...asynchronous invocation...(Unknown Source)

          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)

          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)

          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)

          at org.jboss.naming.remote.client.EndpointCache$EndpointWrapper.connect(EndpointCache.java:105)

          at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:192)

          ... 23 more