[jboss-dev-forums] [JBoss AS 7 Development] - Re: Remote client access with database login module: user name and password are UUIDs

andrei povodyrev do-not-reply at jboss.com
Thu Mar 15 16:32:06 EDT 2012 

andrei povodyrev [https://community.jboss.org/people/apovodyrev] created the discussion

"Re: Remote client access with database login module: user name and password are UUIDs"

To view the discussion, visit: https://community.jboss.org/message/724140#724140

--------------------------------------------------------------
Seems like all remote calls have to be authenticated by remoting-connector.
This is the key  <connector name="remoting-connector" socket-binding="remoting" security-realm="TutorialRealm"/> where whole jboss ejb remote access is tied to a single app realm. Seems like a mess. If you have multiple apps on the same server with own security, maintaining acces to them with remote client is going to be nightmare.


Application login module must have <module-option name="password-stacking" value="useFirstPass"/> to piggy back on cached Principal/Credentials

 If security realm (ApplicationRealm by default) is removed from remoting-connector, there is no way to authenticate ejb remote call. 

Tried multiple approaches
1)
jndiProperties.put(InitialContext.SECURITY_PRINCIPAL, "user");
 jndiProperties.put(InitialContext.SECURITY_CREDENTIALS, "pass");
2)
org.jboss.security.client.SecurityClient
3)
org.jboss.security.auth.callback.AppCallbackHandler

User credential set by above means do not get to java ee security context and random UUID values are used on server, or $local if  
setting  SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER  not used

A frequently refernced link from jboss7 docs   https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI is not sufficient to make your remote clients work because it leaves the server configuration part out of discussion.

Frustrated after fighting this for the thrid day in the row.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/724140#724140]

Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120315/9a65b94f/attachment.html

More information about the jboss-dev-forums mailing list