1 2 Previous Next 16 Replies Latest reply on Apr 22, 2015 7:25 AM by valsaraj viswanathan

    Remote login in WildFly-8.2

    valsaraj viswanathan Master

      Hi,

       

      I tried to remote login to WildFly-8.2 from client java class. The login seems to be worked but unable to get caller principal name in EJB method. It shows caller principal as $local always. Can anybody share how this can be solved?

       

      Thanks!

        • 1. Re: Remote login in WildFly-8.2
          Darran Lofthouse Master

          Local authentication is kicking in as you are running the client locally, either run your client from a truly remote machine or remove local authentication from the ApplicationRealm definition.

          • 2. Re: Remote login in WildFly-8.2
            Michael Pritt Newbie

            I'm having the same issue and I've removed the local authentication from the ApplicationRealm definition, and that still doesn't work for me (i.e. I've commented out the line

             

            <local default-user="$local" allowed-users="*" skip-group-loading="true"/>

             

            in the standalone.xml file).  I've also been trying to use the ClientLoginModule and LoginContext and I still don't see the principal created in the client passed to the server.

            1 of 1 people found this helpful
            • 3. Re: Remote login in WildFly-8.2
              valsaraj viswanathan Master

              Hi dlofthouse,

              I don't understand properly. Can you share some sample of what need to be changed? Which model you suggest for remote login, remote EJB? I logged in and accessed EJB using remote EJB model but since the principal is $local, it didn't work as expected.

               

              Thanks!

              • 4. Re: Remote login in WildFly-8.2
                valsaraj viswanathan Master

                Hi mpritt,

                 

                What was the principal shown instead of $local after commenting this line?

                 

                Thanks!

                • 5. Re: Remote login in WildFly-8.2
                  Michael Pritt Newbie

                  No, I wouldn't get that far at all with the server...it threw the following exception on the client: 

                  java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms

                    at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)

                    at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:77)

                    at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)

                    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:155)

                    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:115)

                    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:47)

                    at org.jboss.ejb.client.EJBClientContext.getCurrent(EJBClientContext.java:271)

                    at org.jboss.ejb.client.EJBClientContext.requireCurrent(EJBClientContext.java:281)

                    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:176)

                    at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:144)

                    at com.sun.proxy.$Proxy0.add(Unknown Source)

                    at org.jboss.as.quickstarts.ejb.remote.client.RemoteEJBClient.invokeStatelessBean(RemoteEJBClient.java:162)

                    at org.jboss.as.quickstarts.ejb.remote.client.RemoteEJBClient.main(RemoteEJBClient.java:142)

                  Caused by: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms

                    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:388)

                    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)

                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                    at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:199)

                    at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:113)

                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                    at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)

                    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                    at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

                    at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)

                    at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)

                    at ...asynchronous invocation...(Unknown Source)

                    at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:272)

                    at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:388)

                    at org.jboss.ejb.client.remoting.EndpointPool$PooledEndpoint.connect(EndpointPool.java:187)

                    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:153)

                    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:133)

                    at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:75)

                    ... 11 more

                  • 6. Re: Remote login in WildFly-8.2
                    valsaraj viswanathan Master

                    Hi Michael,

                     

                    Can you share the content of jboss-ejb-client.properties in your classpath?

                     

                    Thanks!

                    • 7. Re: Remote login in WildFly-8.2
                      valsaraj viswanathan Master

                      Hi Darran,

                       

                      Here is the content of jboss-ejb-client.properties in my class path:

                       

                      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                      remote.connections=default

                      remote.connection.default.host=localhost

                      remote.connection.default.port = 8080

                      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                       

                      In my client class:

                      public InitialContext getCtx() {

                              if (ctx == null) {

                                  try {

                                  final Hashtable<String, String> jndiProperties = new Hashtable<>();

                                      jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                                      ctx = new InitialContext(jndiProperties);

                                  } catch (NamingException ex) {

                                      throw new RuntimeException("Could not create initial context using supplied context properties", ex);

                                  }

                              }

                            

                              return ctx;

                          }

                       

                      public AppUser login(String uid, String password) {

                              // Login now

                              logger.info("Attempting to log in");

                            

                              System.setProperty(JAAS_LOGIN_CONFIG_PROPERTY, "app.auth");

                              UsernamePasswordHandler handler = new UsernamePasswordHandler(uid, password.toCharArray());

                              try {

                                  lc = new LoginContext("appLDAP", handler);

                                  lc.login();

                                  AppUser user = getAppBean().loginUser(uid, new Date());

                                  logger.info("User logged in as:" + lc.getSubject().getPrincipals());

                                  this.uid = uid;

                                  return user;

                              } catch (Exception ex) {

                                  throw new RuntimeException("Failed to login: " + uid, ex);

                              }

                          }

                       

                      In the EJB:

                      public AppUser loginUser( String principal, Date now) {

                                   // Verify that we have a subject to work with

                                   if (!principal.equals(ejbContext.getCallerPrincipal().getName())) {

                                      throw new IllegalStateException("[EJB]Principal not propagated to EJB");

                                  }

                               .............................

                               ...........................

                               return user;

                           }

                       

                      This code worked fine in JBoss 4.2.2.GA but in WildFly 8.2.0 it is throwing exception from EJB: throw new IllegalStateException("[EJB]Principal not propagated to EJB");

                       

                      It would be great if you can point out what's wrong or any suggestion or sample to make it working in WildFly.

                       

                      Thanks!

                      • 8. Re: Remote login in WildFly-8.2
                        valsaraj viswanathan Master

                        Hi Darran,

                         

                        I referred your solution here: https://developer.jboss.org/message/719442#719442

                        When I added this property, I got EJB Receiver not available error.

                         

                        remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                        remote.connections=default

                        remote.connection.default.host=localhost

                        remote.connection.default.port = 8080

                        remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                        remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

                        remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

                         

                        <subsystem xmlns="urn:jboss:domain:remoting:2.0">

                                        <endpoint worker="default"/>

                                        <http-connector name="http-remoting-connector" connector-ref="default" security-realm="SSLRealm"/>

                                    </subsystem>

                         

                        What is the cause this error?

                         

                        Thanks!

                        • 9. Re: Remote login in WildFly-8.2
                          Michael Pritt Newbie

                          valsaraj,

                           

                          Here are my jboss-ejb-client.properties file.

                           

                          remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

                          remote.connections=default

                          remote.connection.default.host=localhost

                          remote.connection.default.port = 8080

                          remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

                          • 10. Re: Remote login in WildFly-8.2
                            Michael Pritt Newbie

                            Hi Valsaraj,

                             

                            I got the principal passed using the following article: http://blog.jonasbandi.net/2013/08/jboss-remote-ejb-invocation-unexpected.html

                             

                            I believe the key is using the PropertiesBasedEJBClientConfiguration and setting a new ConfigBasedEJBClientContextSelector  for the EJBClientContext.  I'm still learning about why this all works, so read that article and give it a shot.

                             

                            Mike

                            1 of 1 people found this helpful
                            • 11. Re: Remote login in WildFly-8.2
                              valsaraj viswanathan Master

                              Thanks Micheal! Let me go through it.

                               

                              So you have used above jboss-ejb-client.properties file and the following code?

                              /////////////////////////////////////////////

                                 // Using the proprietary JBoss EJB Client API

                                 final Properties ejbProperties = new Properties();

                                ejbProperties.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

                                ejbProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                                ejbProperties.put("remote.connections", "1");

                                ejbProperties.put("remote.connection.1.host", "localhost");

                                ejbProperties.put("remote.connection.1.port", "4447");

                                 //ejbProperties.put("remote.connection.1.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER"); // needed for forcing authentication over remoting (i.e. if you have a custom login module)

                                 //ejbProperties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); // needed for a login module that requires the password in plaintext

                                ejbProperties.put("remote.connection.1.username", "ejbuser");

                                ejbProperties.put("remote.connection.1.password", "ejbuser123!");

                                 //ejbProperties.put("org.jboss.ejb.client.scoped.context", "true"); // Not needed when EJBClientContext.setSelector is called programatically. ATTENTION: Client-Interceptor registration below does not work with this property! BUG?

                               

                                 final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(ejbProperties);

                                 final ConfigBasedEJBClientContextSelector selector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);

                                 EJBClientContext.setSelector(selector);

                                 EJBClientContext.getCurrent().registerInterceptor(0, new ClientInterceptor());

                               

                                 final Context ejbContext = new InitialContext(ejbProperties);

                                 final HelloWorld ejbHelloWorld = (HelloWorld) ejbContext.lookup("ejb:ejbremote-ear/ejbremote-ejb/HelloWorldBean!"+ HelloWorld.class.getName());

                                 System.out.println(ejbHelloWorld.sayHello());

                              • 12. Re: Remote login in WildFly-8.2
                                valsaraj viswanathan Master

                                Hi Michael,

                                 

                                I have removed jboss-ejb-client.properties file and used programmatic login method as suggested in the link.

                                final Properties ejbProperties = new Properties();

                                                ejbProperties.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

                                                ejbProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                                                ejbProperties.put("remote.connections", "default");

                                                ejbProperties.put("remote.connection.default.host", "localhost");

                                                ejbProperties.put("remote.connection.default.port", "8080");

                                                ejbProperties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER"); // needed for forcing authentication over remoting (i.e. if you have a custom login module)

                                                ejbProperties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); // needed for a login module that requires the password in plaintext

                                                ejbProperties.put("remote.connection.default.username", "appUser");

                                                ejbProperties.put("remote.connection.default.password", "plain-password");

                                                //ejbProperties.put("org.jboss.ejb.client.scoped.context", "true"); // Not needed when EJBClientContext.setSelector is called programatically. ATTENTION: Client-Interceptor registration below does not work with this property! BUG?

                                                ctx = new InitialContext(ejbProperties);

                                             

                                                final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(ejbProperties);

                                                final ConfigBasedEJBClientContextSelector selector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);

                                                EJBClientContext.setSelector(selector);

                                                EJBClientContext.getCurrent().registerInterceptor(0, new ClientInterceptor());

                                 

                                But I got this error when I tried login.

                                ERROR [connection] JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms

                                WARN  [ConfigBasedEJBClientContextSelector] Could not register a EJB receiver for connection to localhost:8080

                                 

                                Do you have any idea how to resolve this?

                                 

                                Thanks!

                                • 13. Re: Remote login in WildFly-8.2
                                  Michael Pritt Newbie

                                  Valsaraj,

                                   

                                  I took your properties and got the same error as you did.  However when I commented out the following line it worked and saw the principal passed to the server:

                                   

                                  ejbProperties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER"); // needed for forcing authentication over remoting (i.e. if you have a custom login module)


                                  Not sure why but when I did that it works.


                                  Mike

                                  1 of 1 people found this helpful
                                  • 14. Re: Remote login in WildFly-8.2
                                    valsaraj viswanathan Master

                                    Hi Michael,

                                    That's correct, when that property is removed it will work. Also, it is working even without the following code:

                                                    final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(ejbProperties);

                                                    final ConfigBasedEJBClientContextSelector selector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);

                                                    EJBClientContext.setSelector(selector);

                                                    EJBClientContext.getCurrent().registerInterceptor(0, new ClientInterceptor());

                                     

                                    Another issue that I faced is with my custom module. Even if I removed this property it didn't work because I am using custom login module which checks permission to access EJBs. When I login from client using LoginContext, password is not reached in plain form. It is coming as character array of an object.

                                     

                                    Thanks!

                                    1 2 Previous Next