4 Replies Latest reply on Feb 9, 2017 6:21 AM by andey

java.lang.SecurityException: EJBCLIENT000021: EJB client context selector may not be changed

mrudulav Feb 5, 2017 2:52 AM

Hi ,

I am facing the below exception on my new application server, which is JBOSS EAP 6.4

[Server:calogi-web1] 11:43:39,785 ERROR [stderr] (http-/0.0.0.0:8080-1) at org.jboss.ejb.client.EJBClientContext.setSelector(EJBClientContext.java:218)

[Server:calogi-web1] 11:43:39,785 ERROR [stderr] (http-/0.0.0.0:8080-1) at com.emirates.jfoundation.client.servicelocator.JFClientServiceLocator.setEJBClientContextForSubsystem(JFClientServiceLocator.java:912)

[Server:calogi-web1] 11:43:39,785 ERROR [stderr] (http-/0.0.0.0:8080-1) at com.emirates.jfoundation.security.jboss.JBossLoginModule.serverLogin(JBossLoginModule.java:68)

[Server:calogi-web1] 11:43:39,785 ERROR [stderr] (http-/0.0.0.0:8080-1) at com.emirates.jfoundation.security.login.client.JFoundationClientLoginModule.login(JFoundationClientLoginModule.java:99)

[Server:calogi-web1] 11:43:39,785 ERROR [stderr] (http-/0.0.0.0:8080-1) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

[Server:calogi-web1] 11:43:39,785 ERROR [stderr] (http-/0.0.0.0:8080-1) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

[Server:calogi-web1] 11:43:39,786 ERROR [stderr] (http-/0.0.0.0:8080-1) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[Server:calogi-web1] 11:43:39,786 ERROR [stderr] (http-/0.0.0.0:8080-1) at java.lang.reflect.Method.invoke(Method.java:606)

[Server:calogi-web1] 11:43:39,786 ERROR [stderr] (http-/0.0.0.0:8080-1) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)

[Server:calogi-web1] 11:43:39,786 ERROR [stderr] (http-/0.0.0.0:8080-1) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)

[Server:calogi-web1] 11:43:39,786 ERROR [stderr] (http-/0.0.0.0:8080-1) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)

[Server:calogi-web1] 11:43:39,786 ERROR [stderr] (http-/0.0.0.0:8080-1) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)

[Server:calogi-web1] 11:43:39,787 ERROR [stderr] (http-/0.0.0.0:8080-1) at java.security.AccessController.doPrivileged(Native Method)

[Server:calogi-web1] 11:43:39,787 ERROR [stderr] (http-/0.0.0.0:8080-1) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)

[Server:calogi-web1] 11:43:39,787 ERROR [stderr] (http-/0.0.0.0:8080-1) at javax.security.auth.login.LoginContext.login(LoginContext.java:595)

Am attaching the code below which throws the exception.

Properties p = new Properties();

p.put("java.naming.factory.url.pkgs", "org.jboss.ejb.client.naming");

EJBClientConfiguration ejbClientConfig = new PropertiesBasedEJBClientConfiguration(p);

ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(ejbClientConfig);

EJBClientContext.setSelector(selector);

1. Re: java.lang.SecurityException: EJBCLIENT000021: EJB client context selector may not be changed

pjhavariotis Feb 6, 2017 12:54 AM (in response to mrudulav)

You are getting this error because the EJB client context selector is already created for the JBoss EAP 6 instance.
In JBoss EAP 6.4 you can use the scoped-context feature which allows you to configure your properties via the InitialContext properties.
For more info, have a look on the official documentation:
7.5.4. Using Scoped EJB Client Contexts
1 of 1 people found this helpful
Actions
2. Re: java.lang.SecurityException: EJBCLIENT000021: EJB client context selector may not be changed

andey Feb 9, 2017 4:48 AM (in response to mrudulav)

Hi,

From https://community.jboss.org/message/741598
"The reason remote-naming introduced that "jboss.naming.client.ejb.context" was to avoid forcing users to add a jboss-ejb-client.properties in their classpath for setting up nodes for EJB invocations. When that property is present, the remote-naming implementation will internally create a client context and add the connection created for the PROVIDER_URL, to the EJB client context."

Setting jboss.naming.client.ejb.context = true tries to create an EJB client context selector but it is already created for the JBoss EAP 6 instance.

See the link: https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance for more information

It is not possible to change the ejbSelector if the client run inside the server.

You need to use the 'scoped context'.
See documentation [2] or example [3].

Don't hesitate to ask if you still have questions.

[2] https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6-Beta/html/Development_Guide/Using_Scoped_EJB_Client_Contexts.html
[3] https://github.com/wfink/jboss-as-quickstart/blob/ejb-multi-server/ejb-multi-server/app-main/ejb/src/main/java/org/jboss/as/quickstarts/ejb/multi/server/app/MainEjbClient34AppBean.java

You shouldn't be trying to set the Selector when running in EAP 6, as it is global. This is only done when running in a standalone client.

        // create and set the selector
        ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);
        EJBClientContext.setSelector(selector);

https://docs.jboss.org/author/display/AS72/Scoped+EJB+client+contexts

Change the code to : https://issues.jboss.org/browse/EJBCLIENT-34

    Properties props = new Properties();
        props.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");
        props.put("remote.connections", "default");
        props.put("remote.connection.default.port", loginprops.get(PROVIDER_PORT) == null ? "4447" : loginprops.get(
                PROVIDER_PORT));
        props.put("remote.connection.default.host", loginprops.get(PROVIDER_HOST));
        props.put("remote.connection.default.username", dcpCallbackHandler.getEncodedUsername());
        props.put("remote.connection.default.password", stringedPassword);
        props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
        props.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
     Context context = new InitialContext(props);
Actions
3. Re: java.lang.SecurityException: EJBCLIENT000021: EJB client context selector may not be changed

mrudulav Feb 9, 2017 5:56 AM (in response to andey)

Hi Andey,

Still the issue is not resolved. Listing the logs here after changing the code snippet as what you have suggested.

[Server:calogi-web1] 14:54:53,410 ERROR [stderr] (http-/0.0.0.0:8080-1) java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:cls-calogi-app-1.3.2.6, moduleName:jf-security-implementation-4.1.0, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@77898115
[Server:calogi-web1] 14:54:53,410 ERROR [stderr] (http-/0.0.0.0:8080-1)         at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:747)
[Server:calogi-web1] 14:54:53,410 ERROR [stderr] (http-/0.0.0.0:8080-1)         at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:116)
[Server:calogi-web1] 14:54:53,411 ERROR [stderr] (http-/0.0.0.0:8080-1)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)
[Server:calogi-web1] 14:54:53,411 ERROR [stderr] (http-/0.0.0.0:8080-1)         at com.emirates.jfoundation.security.jboss.JBossLoginClientInterceptor.handleInvocation(JBossLoginClientInterceptor.java:30)
[Server:calogi-web1] 14:54:53,412 ERROR [stderr] (http-/0.0.0.0:8080-1)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)
[Server:calogi-web1] 14:54:53,412 ERROR [stderr] (http-/0.0.0.0:8080-1)         at com.emirates.jfoundation.security.jboss.JBossLoginClientInterceptor.handleInvocation(JBossLoginClientInterceptor.java:30)
[Server:calogi-web1] 14:54:53,412 ERROR [stderr] (http-/0.0.0.0:8080-1)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)
[Server:calogi-web1] 14:54:53,413 ERROR [stderr] (http-/0.0.0.0:8080-1)         at com.emirates.jfoundation.security.jboss.JBossLoginClientInterceptor.handleInvocation(JBossLoginClientInterceptor.java:30)
Actions
4. Re: java.lang.SecurityException: EJBCLIENT000021: EJB client context selector may not be changed

andey Feb 9, 2017 6:21 AM (in response to mrudulav)

Hi,

Refer below links to configure an EJB client in JBoss EAP

[1] https://docs.jboss.org/author/display/AS72/EJB+invocations+from+a+remote+client+using+JNDI
[2] https://docs.jboss.org/author/display/AS72/Remote+EJB+invocations+via+JNDI+-+EJB+client+API+or+remote-naming+project
[3] https://github.com/wfink/jboss-as-quickstart/tree/ejb-clients/ejb-clients
[4]https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+server+instance
[5]How to configure an EJB client in JBoss EAP 6 - Red Hat Customer Portal
Actions

Go to original post