[jboss-dev-forums] [JBoss AS 7 Development] - Re: Remote client access with database login module: user name and password are UUIDs
andrei povodyrev
do-not-reply at jboss.com
Thu Mar 15 16:32:06 EDT 2012
andrei povodyrev [https://community.jboss.org/people/apovodyrev] created the discussion
"Re: Remote client access with database login module: user name and password are UUIDs"
To view the discussion, visit: https://community.jboss.org/message/724140#724140
--------------------------------------------------------------
Seems like all remote calls have to be authenticated by remoting-connector.
This is the key <connector name="remoting-connector" socket-binding="remoting" security-realm="TutorialRealm"/> where whole jboss ejb remote access is tied to a single app realm. Seems like a mess. If you have multiple apps on the same server with own security, maintaining acces to them with remote client is going to be nightmare.
Application login module must have <module-option name="password-stacking" value="useFirstPass"/> to piggy back on cached Principal/Credentials
If security realm (ApplicationRealm by default) is removed from remoting-connector, there is no way to authenticate ejb remote call.
Tried multiple approaches
1)
jndiProperties.put(InitialContext.SECURITY_PRINCIPAL, "user");
jndiProperties.put(InitialContext.SECURITY_CREDENTIALS, "pass");
2)
org.jboss.security.client.SecurityClient
3)
org.jboss.security.auth.callback.AppCallbackHandler
User credential set by above means do not get to java ee security context and random UUID values are used on server, or $local if
setting SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER not used
A frequently refernced link from jboss7 docs https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI is not sufficient to make your remote clients work because it leaves the server configuration part out of discussion.
Frustrated after fighting this for the thrid day in the row.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/724140#724140]
Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120315/9a65b94f/attachment.html
More information about the jboss-dev-forums
mailing list