Hello there,
I have a simple application with a secured session bean. I want to invoke this bean from a remote client.
This is my configuration:
standalone.xml:
...
<security-realm name="TutorialRealm">
<authentication>
<jaas name="tutorial"/>
</authentication>
</security-realm>
...
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting" security-realm="TutorialRealm"/>
</subsystem>
...
<security-domain name="tutorial" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/TutorialDS"/>
<module-option name="principalsQuery" value="SELECT PASSWORD FROM SYSTEM_USER WHERE USER_NAME = ?"/>
<module-option name="rolesQuery" value="SELECT USER_ROLE, 'Roles' FROM SYSTEM_USER_ROLE WHERE USER_NAME = ?"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
...
My bean looks like this (it just returns the current user, but this method was never called):
@Stateless(name = "Secured")
@Remote(SecuredRemote.class)
@SecurityDomain("tutorial")
public class SecuredBean implements SecuredRemote {
@Resource
private SessionContext sessionContext;
@Override
@RolesAllowed("role1")
public String getCurrentUserName() {
Principal principal = this.sessionContext.getCallerPrincipal();
return principal.getName();
}
}
In my ear I have a jboss-app.xml like this:
<jboss-app xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="7.0">
<security-domain>tutorial</security-domain>
</jboss-app>
My client code is this:
@SuppressWarnings("nls")
public class Client {
private static String applicationName = "test.ear";
private static String remoteModuleName = "remote.jar";
private static String userName = "admin";
private static String password = "test";
public static void main(final String[] args) {
final Client client = new Client();
try {
client.run();
} catch (final Exception ex) {
ex.printStackTrace();
}
}
public Client() {
// create client configuration
final EJBClientConfiguration clientConfiguration = new PropertiesBasedEJBClientConfiguration(
createClientConfigurationProperties());
// create a context selector
final ContextSelector<EJBClientContext> contextSelector = new ConfigBasedEJBClientContextSelector(
clientConfiguration);
// set the selector for use
EJBClientContext.setSelector(contextSelector);
}
public void run() throws Exception {
// lookup and use secured bean
final SecuredRemote secured = lookupBean("Secured", SecuredRemote.class, false);
System.out.println(secured.getCurrentUserName());
}
private static <T> T lookupBean(final String beanName, final Class<T> viewClass, final boolean stateful)
throws NamingException {
final String lookupName = String.format("ejb:%1$s/%2$s/%3$s!%4$s?%5$s", applicationName, remoteModuleName,
beanName, viewClass.getName(), stateful ? "stateful" : "stateless");
return (T) getInitialContext().lookup(lookupName);
}
private static Context context;
private static Context getInitialContext() throws NamingException {
if (context == null) {
final Hashtable<Object, Object> contextProperties = new Hashtable<>();
contextProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
contextProperties.put(Context.SECURITY_PRINCIPAL, userName);
contextProperties.put(Context.SECURITY_CREDENTIALS, password);
contextProperties.put("jboss.naming.client.ejb.context", true);
contextProperties.put(Context.PROVIDER_URL, "remote://localhost:4447");
//contextProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
context = new InitialContext(contextProperties);
}
return context;
}
private static Properties createClientConfigurationProperties() {
final Properties properties = new Properties();
properties.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");
properties.put("remote.connections", "default");
properties.put("remote.connection.default.host", "localhost");
properties.put("remote.connection.default.port", "4447");
properties.put("remote.connection.default.username", userName);
properties.put("remote.connection.default.password", password);
properties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "true");
// properties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS","JBOSS-LOCAL-USER");
properties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
return properties;
}
}
The database query from the login module is executed but using the "jdbc.spy" is see the user name is a random UUID. So I never see the entered user name on the server side. In the end there is of course this exception on server side:
JBAS014134: EJB Invocation failed on component Secured for method public abstract java.lang.String com.qualitype.tutorial.remote.SecuredRemote.getCurrentUserName(): javax.ejb.EJBAccessException: JBAS013323: Invalid User
If I enable the "SASL_DISALLOWED_MECHANISMS" property the is: java.lang.IllegalStateException: No EJB receiver available for handling [...] combination
If I enable the "INITIAL_CONTEXT_FACTORY" property the exception is: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
As you can see, I use a lot of different properties. This is a collection copied from various samples from the forum. I think I tested nearly all combination of them but it always leads me to one of the exceptions above.
In my opinion the configuration on server side should be alright. But I have a lot of doubts concerning the client configuration...