1 2 Previous Next 17 Replies Latest reply on Sep 21, 2017 2:35 PM by Wolfgang Knauf

    WildFly 11: Using Elytron on the client side

    Wolfgang Knauf Master

      Hi,

       

      I try to dig my way through client login using Elytron (JavaEE application client, launched through "appclient.bat").

       

      Question 1: for a programmatic login, it seems I need some JAR files on client side.

      See e.g. the code snippet at https://docs.jboss.org/author/display/WFLY/Client+Authentication+with+Elytron+Client#ClientAuthenticationwithElytronClient-TheProgrammaticApproach  => what JARs are needed? Most of the classes I found in "wildfly-11.0.0.CR1\modules\system\layers\base\org\wildfly\security\elytron-private\main\wildfly-elytron-1.1.1.Final.jar", but where are "Provider" and "WildFlyElytronProvider" from the sample?

      I use Eclipse + JBoss Tools plugin, which provides a "WildFly 11" server runtime, but I assume that it lacks some JAR references, which would be worth a JBoss Tools JIRA. But I don't know the list of necessary files.

       

      Question 2: what is the easiest way to do a login with credentials provided by the client app with minimal code?

      The configuration file "wildfly-config.xml" just seems to support a fixed user/password.

      And I don't want to do the security configuration in the client code - a config file is probably the better approach.

      Is it possible to write a "wildfly-config.xml" file which declares all security related stuff, but username/password are provided by the client app? E.g. some callback?

       

      Here is a sample file from a WildFly quickstart - I would like to avoid the "set-user-name" and "credentials" part:

      <?xml version="1.0" encoding="UTF-8"?>
      <configuration>
          <authentication-client xmlns="urn:elytron:1.0">
              <authentication-rules>
                  <rule use-configuration="default-config"/>
              </authentication-rules>
              <authentication-configurations>
                  <configuration name="default-config">
                      <set-user-name name="quickstartUser"/>
                      <credentials>
                          <clear-password password="quickstartPwd1!"/>
                      </credentials>
                      <set-mechanism-realm name="LegacyRealm"/>
                      <providers>
                          <use-service-loader />
                      </providers>
                  </configuration>
              </authentication-configurations>
          </authentication-client>
      </configuration>

      Thanks

       

      Wolfgang

        • 1. Re: WildFly 11: Using Elytron on the client side
          Wolfgang Knauf Master

          I tried to apply the programmatic login code to my application client, but it seems the "appclient.bat" environment misses a reference:

           

          12:40:42,319 ERROR [org.jboss.as.appclient] (Thread-45) WFLYAC0002: InvocationTargetException running app client main: java.lang.reflect.InvocationTargetException

                  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_144]

                  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.8.0_144]

                  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.8.0_144]

                  at java.lang.reflect.Method.invoke(Unknown Source) [rt.jar:1.8.0_144]

                  at org.jboss.as.appclient.service.ApplicationClientStartService$1.run(ApplicationClientStartService.java:99)

                  at java.lang.Thread.run(Unknown Source) [rt.jar:1.8.0_144]

          Caused by: java.lang.NoClassDefFoundError: org/wildfly/security/auth/client/AuthenticationConfiguration

                  at org.jboss.as.quickstarts.ejb_security_jaas.RemoteClient.main(RemoteClient.java:43) [ejb_security_jaasClient.jar:]

                  ... 6 more

          Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.client.AuthenticationConfiguration from [Module "deployment.ejb_security_jaas.ear.ejb_security_jaasClient.jar" from Service Module Loader]

                  at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:198) [jboss-modules.jar:1.6.0.Final]

                  at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412) [jboss-modules.jar:1.6.0.Final]

                  at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400) [jboss-modules.jar:1.6.0.Final]

                  at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) [jboss-modules.jar:1.6.0.Final]

                  ... 7 more

          • 2. Re: WildFly 11: Using Elytron on the client side
            Wolfgang Knauf Master

            OK, I managed to handle the ClassNotFoundException error by adding the line "<extension module="org.wildfly.extension.elytron"/>" to "appclient.xml" and by copying the "<subsystem xmlns="urn:wildfly:elytron:1.0">" and "<subsystem xmlns="urn:jboss:domain:security:2.0">" parts from "standalone.xml". But of course this did not work :-(.

             

            It would be great if someone could give me some initial hints on how to use a JavaEE application client in combination with programmatic login, mostly based on the "ejb_security_jaas" quickstart.

             

            Wolfgang

            • 3. Re: WildFly 11: Using Elytron on the client side
              jaikiran pai Master

              Is there any specific reason you are trying this as a (Java EE) application client instead of a standalone Java application? I have hardly seen anyone use a (Java EE) application client for anything advanced.

              • 4. Re: WildFly 11: Using Elytron on the client side
                Wolfgang Knauf Master

                Nope, there is no specific reason, it is just an old sample that I try to convert to WildFly 11. Is advanced security/programmatic login not supported in JavaEE application client?

                 

                Using a "wildfly-config.xml" file with fixed login/password works here.

                 

                Wolfgang

                • 5. Re: WildFly 11: Using Elytron on the client side
                  Tomaz Cerar Master

                  In WILDFLY_HOME/docs/examples you have enable-elytron.cli script

                  wildfly/enable-elytron.cli at master · wildfly/wildfly · GitHub

                   

                  You would need to execute against your server so it configures elytron properly.

                  This works for standalone.xml, but it should be quite similar for app client.

                  • 6. Re: WildFly 11: Using Elytron on the client side
                    David Lloyd Master

                    Wolfgang Knauf wrote:

                     

                    Nope, there is no specific reason, it is just an old sample that I try to convert to WildFly 11. Is advanced security/programmatic login not supported in JavaEE application client?

                     

                    Using a "wildfly-config.xml" file with fixed login/password works here.

                     

                    Wolfgang

                     

                    It should work by adding in the Elytron subsystem and configuring the authentication client.  That said, I'm not aware of whether or not there are tests that cover the scenario...

                    • 7. Re: WildFly 11: Using Elytron on the client side
                      David Lloyd Master

                      Wolfgang Knauf wrote:

                       

                      I tried to apply the programmatic login code to my application client, but it seems the "appclient.bat" environment misses a reference:

                       

                      12:40:42,319 ERROR [org.jboss.as.appclient] (Thread-45) WFLYAC0002: InvocationTargetException running app client main: java.lang.reflect.InvocationTargetException

                      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_144]

                      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.8.0_144]

                      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.8.0_144]

                      at java.lang.reflect.Method.invoke(Unknown Source) [rt.jar:1.8.0_144]

                      at org.jboss.as.appclient.service.ApplicationClientStartService$1.run(ApplicationClientStartService.java:99)

                      at java.lang.Thread.run(Unknown Source) [rt.jar:1.8.0_144]

                      Caused by: java.lang.NoClassDefFoundError: org/wildfly/security/auth/client/AuthenticationConfiguration

                      at org.jboss.as.quickstarts.ejb_security_jaas.RemoteClient.main(RemoteClient.java:43) [ejb_security_jaasClient.jar:]

                      ... 6 more

                      Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.client.AuthenticationConfiguration from [Module "deployment.ejb_security_jaas.ear.ejb_security_jaasClient.jar" from Service Module Loader]

                      at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:198) [jboss-modules.jar:1.6.0.Final]

                      at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412) [jboss-modules.jar:1.6.0.Final]

                      at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400) [jboss-modules.jar:1.6.0.Final]

                      at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) [jboss-modules.jar:1.6.0.Final]

                      ... 7 more

                      What if you add the org.wildfly.security.elytron module manually as a dependency in the MANIFEST, or in jboss-deployment-structure.xml?

                      • 8. Re: WildFly 11: Using Elytron on the client side
                        Wolfgang Knauf Master

                        Hi David,

                         

                        perfect, adding "Dependencies: org.wildfly.security.elytron" to the manifest file fixed the ClassNotFoundException without having to modify "appclient.xml".

                         

                        But programmatic login using the (modified) code snippet from https://docs.jboss.org/author/display/WFLY/Client+Authentication+with+Elytron+Client#ClientAuthenticationwithElytronClient-TheProgrammaticApproach still fails with an error "EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for..." with the inner exception "javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported". Is the reason for this that the code sample uses a Runnable, thus creating a new thread, which is probably against the JavaEE spec?

                        And probably I misconfigured my programmatic security while trying to adopt this code snippet.

                         

                        Could someone check the code snippet in the WildFly doc? It does not compile: "AuthenticationConfiguration.EMPTY" is deprecated, and the method "allowSaslMechanisms" does not exist. Is it replaced with "useSaslProtocol"?

                         

                        But the basic question: How could I replace the "wildfly-config.xml" file from the "ejb-security-jaas" quickstart using a programmatic login, so that I could specify login/password?

                         

                        Best regards

                         

                        Wolfgang

                        • 9. Re: WildFly 11: Using Elytron on the client side
                          David Lloyd Master

                          Wolfgang Knauf wrote:

                           

                          Hi David,

                           

                          perfect, adding "Dependencies: org.wildfly.security.elytron" to the manifest file fixed the ClassNotFoundException without having to modify "appclient.xml".

                           

                          But programmatic login using the (modified) code snippet from https://docs.jboss.org/author/display/WFLY/Client+Authentication+with+Elytron+Client#ClientAuthenticationwithElytronClient-TheProgrammaticApproach still fails with an error "EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for..." with the inner exception "javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported". Is the reason for this that the code sample uses a Runnable, thus creating a new thread, which is probably against the JavaEE spec?

                          The "PLAIN" mechanism is only supported when the client is configured to log in with a user name and password.  Also creating a Runnable does not create a new thread!  Nor does the context.run(runnable) method.  It's just a block of code which is run while the authentication context is active.

                           

                          A better example might look like this:

                           

                          //create your authentication configuration
                          AuthenticationConfiguration adminConfig =
                              AuthenticationConfiguration.EMPTY
                                .useProviders(() -> new Provider[] { new WildFlyElytronProvider() })
                                .setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism("DIGEST-MD5"))
                                .useRealm("ManagementRealm")
                                .useName("administrator")
                                .usePassword("password1!");
                          
                          //create your authentication context
                          AuthenticationContext context = AuthenticationContext.empty();
                          context = context.with(MatchRule.ALL.matchHost("127.0.0.1"), adminConfig);
                          
                          // now run the action
                          context.run(() -> {
                              try {
                                  //Establish your connection and do some work
                              } catch (Exception e) {
                                  e.printStackTrace();
                              }
                          });
                          
                          

                           

                          Hopefully this makes it more apparent that the inside of the body of the Runnable (shown as a lambda here) is simply run directly.

                          • 10. Re: WildFly 11: Using Elytron on the client side
                            Farah Juma Apprentice

                            Could someone check the code snippet in the WildFly doc? It does not compile: "AuthenticationConfiguration.EMPTY" is deprecated, and the method "allowSaslMechanisms" does not exist. Is it replaced with "useSaslProtocol"?

                            Thanks for pointing this out, I've updated the code snippet in the doc. AuthenticationConfiguration.empty() should now be used instead and as in David's example, the "setSaslMechanismSelector" method should be used instead of "allowSaslMechanisms".

                            • 11. Re: WildFly 11: Using Elytron on the client side
                              Wolfgang Knauf Master

                              David,

                               

                              it still does not work, below is the full client stacktrace.

                               

                              I attach two versions of the sample, maybe you could take a look at it? Source code is included in the ear/jar files.

                              In "ejb_security_jaas.zip", there are two folders "wildflyconfigxml" (contains the working sample using wildfly-config.xml) and "programmatic" (contains my latest source code based on your suggestions).

                               

                              To run it, you first have to modify "standalone.xml" with exactly the same "configure-elytron-jaas.cli" file taken from the "ejb-security-jaas" quickstart: https://github.com/wildfly/quickstart/tree/11.x/ejb-security-jaas

                              Then copy to deploy directory and run the client:

                              c:\Temp\wildfly-11.0.0.CR1\bin\appclient.bat ejb_security_jaas.ear#ejb_security_jaasClient.jar

                              And here is the stacktrace:

                              2017-09-20 19:40:05,022 ERROR [stderr] (Thread-45) javax.ejb.NoSuchEJBException: EJBCLIENT000079: Unable to discover destination for request for EJB StatelessEJBLocator for "ejb_security_jaas/ejb_security_jaasEJB/SecuredEJB", view is interface org.jboss.as.quickstarts.ejb_security_jaas.SecuredEJBRemote, affinity is None

                              2017-09-20 19:40:05,023 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)

                              2017-09-20 19:40:05,023 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)

                              2017-09-20 19:40:05,023 ERROR [stderr] (Thread-45)     at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56)

                              2017-09-20 19:40:05,024 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:572)

                              2017-09-20 19:40:05,024 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)

                              2017-09-20 19:40:05,024 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:98)

                              2017-09-20 19:40:05,025 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:572)

                              2017-09-20 19:40:05,025 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)

                              2017-09-20 19:40:05,025 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:49)

                              2017-09-20 19:40:05,026 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:572)

                              2017-09-20 19:40:05,026 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)

                              2017-09-20 19:40:05,026 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:86)

                              2017-09-20 19:40:05,027 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:572)

                              2017-09-20 19:40:05,027 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:507)

                              2017-09-20 19:40:05,028 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:929)

                              2017-09-20 19:40:05,028 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:174)

                              2017-09-20 19:40:05,028 ERROR [stderr] (Thread-45)     at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:107)

                              2017-09-20 19:40:05,029 ERROR [stderr] (Thread-45)     at com.sun.proxy.$Proxy13.getSecurityInformation(Unknown Source)

                              2017-09-20 19:40:05,029 ERROR [stderr] (Thread-45)     at org.jboss.as.quickstarts.ejb_security_jaas.RemoteClient$1.run(RemoteClient.java:67)

                              2017-09-20 19:40:05,029 ERROR [stderr] (Thread-45)     at org.wildfly.common.context.Contextual.run(Contextual.java:73)

                              2017-09-20 19:40:05,029 ERROR [stderr] (Thread-45)     at org.jboss.as.quickstarts.ejb_security_jaas.RemoteClient.main(RemoteClient.java:83)

                              2017-09-20 19:40:05,030 ERROR [stderr] (Thread-45)     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                              2017-09-20 19:40:05,030 ERROR [stderr] (Thread-45)     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

                              2017-09-20 19:40:05,030 ERROR [stderr] (Thread-45)     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                              2017-09-20 19:40:05,031 ERROR [stderr] (Thread-45)     at java.lang.reflect.Method.invoke(Unknown Source)

                              2017-09-20 19:40:05,031 ERROR [stderr] (Thread-45)     at org.jboss.as.appclient.service.ApplicationClientStartService$1.run(ApplicationClientStartService.java:99)

                              2017-09-20 19:40:05,031 ERROR [stderr] (Thread-45)     at java.lang.Thread.run(Unknown Source)

                              2017-09-20 19:40:05,032 ERROR [stderr] (Thread-45)     Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported

                              2017-09-20 19:40:05,032 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:440)

                              2017-09-20 19:40:05,032 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)

                              2017-09-20 19:40:05,032 ERROR [stderr] (Thread-45)         at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                              2017-09-20 19:40:05,033 ERROR [stderr] (Thread-45)         at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

                              2017-09-20 19:40:05,033 ERROR [stderr] (Thread-45)         at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)

                              2017-09-20 19:40:05,034 ERROR [stderr] (Thread-45)         at org.xnio.nio.WorkerThread.run(WorkerThread.java:571)

                              2017-09-20 19:40:05,034 ERROR [stderr] (Thread-45)         at ...asynchronous invocation...(Unknown Source)

                              2017-09-20 19:40:05,034 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570)

                              2017-09-20 19:40:05,034 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:536)

                              2017-09-20 19:40:05,035 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83)

                              2017-09-20 19:40:05,035 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56)

                              2017-09-20 19:40:05,035 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:487)

                              2017-09-20 19:40:05,035 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433)

                              2017-09-20 19:40:05,036 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51)

                              2017-09-20 19:40:05,036 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122)

                              2017-09-20 19:40:05,036 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.lambda$connectAndDiscover$0(RemotingEJBDiscoveryProvider.java:340)

                              2017-09-20 19:40:05,037 ERROR [stderr] (Thread-45)         at java.security.AccessController.doPrivileged(Native Method)

                              2017-09-20 19:40:05,037 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.connectAndDiscover(RemotingEJBDiscoveryProvider.java:340)

                              2017-09-20 19:40:05,037 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:135)

                              2017-09-20 19:40:05,037 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemoteEJBDiscoveryConfigurator.lambda$configure$0(RemoteEJBDiscoveryConfigurator.java:42)

                              2017-09-20 19:40:05,038 ERROR [stderr] (Thread-45)         at org.wildfly.discovery.Discovery.discover(Discovery.java:100)

                              2017-09-20 19:40:05,038 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.discover(DiscoveryEJBClientInterceptor.java:188)

                              2017-09-20 19:40:05,039 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.doAnyDiscovery(DiscoveryEJBClientInterceptor.java:317)

                              2017-09-20 19:40:05,039 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.executeDiscovery(DiscoveryEJBClientInterceptor.java:256)

                              2017-09-20 19:40:05,039 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:82)

                              2017-09-20 19:40:05,039 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:470)

                              2017-09-20 19:40:05,040 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:45)

                              2017-09-20 19:40:05,040 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:470)

                              2017-09-20 19:40:05,040 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:81)

                              2017-09-20 19:40:05,040 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:470)

                              2017-09-20 19:40:05,041 ERROR [stderr] (Thread-45)         at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203)

                              2017-09-20 19:40:05,041 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:306)

                              2017-09-20 19:40:05,041 ERROR [stderr] (Thread-45)         at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:170)

                              2017-09-20 19:40:05,041 ERROR [stderr] (Thread-45)         ... 11 more

                              2017-09-20 19:40:05,042 ERROR [stderr] (Thread-45)     Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported

                              2017-09-20 19:40:05,043 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:440)

                              2017-09-20 19:40:05,043 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)

                              2017-09-20 19:40:05,043 ERROR [stderr] (Thread-45)         at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

                              2017-09-20 19:40:05,044 ERROR [stderr] (Thread-45)         at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

                              2017-09-20 19:40:05,044 ERROR [stderr] (Thread-45)         at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)

                              2017-09-20 19:40:05,044 ERROR [stderr] (Thread-45)         at org.xnio.nio.WorkerThread.run(WorkerThread.java:571)

                              2017-09-20 19:40:05,044 ERROR [stderr] (Thread-45)         at ...asynchronous invocation...(Unknown Source)

                              2017-09-20 19:40:05,045 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570)

                              2017-09-20 19:40:05,045 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:536)

                              2017-09-20 19:40:05,045 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83)

                              2017-09-20 19:40:05,046 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56)

                              2017-09-20 19:40:05,046 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:487)

                              2017-09-20 19:40:05,046 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433)

                              2017-09-20 19:40:05,047 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51)

                              2017-09-20 19:40:05,047 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122)

                              2017-09-20 19:40:05,047 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.lambda$connectAndDiscover$0(RemotingEJBDiscoveryProvider.java:340)

                              2017-09-20 19:40:05,047 ERROR [stderr] (Thread-45)         at java.security.AccessController.doPrivileged(Native Method)

                              2017-09-20 19:40:05,048 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.connectAndDiscover(RemotingEJBDiscoveryProvider.java:340)

                              2017-09-20 19:40:05,048 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.countDown(RemotingEJBDiscoveryProvider.java:417)

                              2017-09-20 19:40:05,048 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt$1.handleFailed(RemotingEJBDiscoveryProvider.java:306)

                              2017-09-20 19:40:05,049 ERROR [stderr] (Thread-45)         at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt$1.handleFailed(RemotingEJBDiscoveryProvider.java:298)

                              2017-09-20 19:40:05,049 ERROR [stderr] (Thread-45)         at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215)

                              2017-09-20 19:40:05,049 ERROR [stderr] (Thread-45)         at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720)

                              2017-09-20 19:40:05,050 ERROR [stderr] (Thread-45)         at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)

                              2017-09-20 19:40:05,050 ERROR [stderr] (Thread-45)         at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

                              2017-09-20 19:40:05,050 ERROR [stderr] (Thread-45)         at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

                              2017-09-20 19:40:05,050 ERROR [stderr] (Thread-45)         ... 1 more

                               

                              Thanks

                               

                              Wolfgang

                              • 12. Re: WildFly 11: Using Elytron on the client side
                                David Lloyd Master

                                Wolfgang Knauf wrote:

                                 

                                David,

                                 

                                it still does not work, below is the full client stacktrace.

                                 

                                I attach two versions of the sample, maybe you could take a look at it? Source code is included in the ear/jar files.

                                In "ejb_security_jaas.zip", there are two folders "wildflyconfigxml" (contains the working sample using wildfly-config.xml) and "programmatic" (contains my latest source code based on your suggestions).

                                 

                                To run it, you first have to modify "standalone.xml" with exactly the same "configure-elytron-jaas.cli" file taken from the "ejb-security-jaas" quickstart: https://github.com/wildfly/quickstart/tree/11.x/ejb-security-jaas

                                Then copy to deploy directory and run the client:

                                c:\Temp\wildfly-11.0.0.CR1\bin\appclient.bat ejb_security_jaas.ear#ejb_security_jaasClient.jar

                                And here is the stacktrace:

                                2017-09-20 19:40:05,042 ERROR [stderr] (Thread-45) Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported

                                 

                                Thanks

                                 

                                Wolfgang

                                This error occurs because your client configuration does not have a password configured; PLAIN requires a password so therefore it is not supported.  You can choose to configure a password on your client ("usePassword" is the method on AuthenticationConfiguration), or you can enable a mechanism which does not require a password (there are not many though: JBOSS-LOCAL-USER is the only likely candidate and it only works if the client is on the same host as the server).

                                • 13. Re: WildFly 11: Using Elytron on the client side
                                  Farah Juma Apprentice

                                  One thing to note is that it looks like there's one difference between your working wildfly-config.xml file and your programmatic set up - the rule used for deciding which authentication configuration to use when establishing a connection is slightly different. The <rule use-configuration="default-config"/> line in your wildfly-config.xml file indicates that the "default-config" authentication configuration should always be used. However, in your programmatic set up, context.with(MatchRule.ALL.matchHost("127.0.0.1"), adminConfig) indicates that the authentication configuration you specified should only be used if the name of the host that the client is attempting to connect to matches "127.0.0.1". If your client is attempting to connect to a host other than "127.0.0.1", the rule won't match so your authentication configuration won't get used. One thing you could try to do is change the rule in your programmatic set up to context.with(MatchRule.ALL, adminConfig) to see if that makes a difference.

                                  • 14. Re: WildFly 11: Using Elytron on the client side
                                    Wolfgang Knauf Master

                                    Hi David,

                                     

                                    "usePassword" is already part of my code ;-).

                                     

                                    The change to

                                    context = context.with(MatchRule.ALL, adminConfig);

                                    did not make any change. The client connects to localhost.

                                    1 2 Previous Next