The Remote JMS (destination, connection factory) lookup against Wildfly concerning security does only work with SecurityRealm using properties mechanism.

The Remote EJB Client Lookup also works with SecurityRealm using jaas mechanism, which allows delegating authentification and authorisation of remote ejb calls to custom logon modules like Ldap, database etc. (this is essential for our application). But the jaas method does not work for the JMS lookup (an Sasl authetication error occures during lookup of destination or connectionFfactory) - but the error only occurs, when the server and client run on different computers.

Both cannot be used together!

I found no way to configure different mechanisms for both kinds of remote lookup, which would workaround the Problem.

The SecurityRealm is fixed with the remoting configuration for both:

        <subsystem xmlns="urn:jboss:domain:remoting:2.0">
            <endpoint worker="default"/>
            <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
        </subsystem>

            <security-realm name="ApplicationRealm">
                <authentication>
                    <local default-user="someUser" allowed-users="*" skip-group-loading="true"/>

                    either of

                        <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>

                   or

                        <jaas name="SomeDomain"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
   

Is this is a Wildfly shortcomming or configuration error? Any help is very welcome. See also following post, which describes a identical configuration http://stackoverflow.com/questions/28849596/wildfly-jms-configuration-failure

Thank you in advance

Stefan Heckler, PSI AG Aschaffenburg