0 Replies Latest reply on Apr 17, 2015 10:13 AM by Michael Pritt

    Cannot propagate client principal/credentials to server

    Michael Pritt Newbie

      This should be really simple and straightforward from all the searching I've done for the task of setting up EJB security.  In a nutshell, I've simply taken the ejb-remote quickstart application and attempted to add security to the ejb's.  This was done by simply creating an jboss-ejb3.xml file specifying the domain the ejb's were to be secured.  Anonymous users were not to be granted access by setting the missing-method-permissions-deny-access option to true.  I have used the basic standalone.xml without any additional modifications.  In the RemoteEJBClient, which connects to the server and attempts to access the EJB's, I've attempted to connect securely using some arbitrary username/password.  This is done using the ClientLoginModule and LoginContext as specified in many other posts.  No matter what, I don't see the principal/credentials passed to the server for authentication.

       

       

      I've also tried to create a new realm/domain as other posts have indicated specifying JAAS authentication but that doesn't work for me. (i.e. I added this to the standalone.xml file and modified the jboss-ejb3.xml to point to this domain rather than the "other", and in the client specify that domain as well)

       

                 <security-realm name="myrealm">

                    <authentication>

                        <jaas name="myjaas"/>

                    </authentication>

                  </security-realm>

       

                  <http-connector name="http-remoting-connector" connector-ref="default" security-realm="myrealm"/>

       

                      <security-domain name="myjaas">

                        <authentication>

                              <login-module code="Client" flag="sufficient">

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                              <login-module code="Remoting" flag="optional">

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                              <login-module code="RealmDirect" flag="required">

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                        </authentication>

                      </security-domain>

       

       

      Can someone help me resolve this issue?  I would appreciate it very much.

       

      I have provided this attempt in a .zip file which contains the entire ejb-remote project with the security modifications I added (minus the attempt that I made above to use the new realm "myrealm").