Hi,
i have some problems to set up a custom serverloginmodule for jboss as7 any help would be appriciated.
I am still new to jboss and jboss as7 so maybe i try to tackle my problem with the wrong tools or i miss just some things i need to know to do it properly.
So maybe someone could point me to the correct direction ;)
What i want to achieve:
- i want to access a secured remote ejb via a "normal" java client
- before i access the bean i want to be authenticated via jaas via the jboss with a custom ServerLoginModule
- call org.jboss.security.ClientLoginModule via LoginContext
jboss{
org.jboss.security.ClientLoginModule required
;
};
String contextName = "jboss"
Subject subject = new Subject(false, new HashSet<Principal>(),
new HashSet<String>(), new HashSet<String>());
LoginContext loginContext = new LoginContext(contextName,
subject);
loginContext.login();
- if the login succeeds i want to create the initial context and access the bean
code
Properties jndiProperties = new Properties();
jndiProperties.put(Context.URL_PKG_PREFIXES,
"org.jboss.ejb.client.naming");
jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY,
org.jboss.naming.remote.client.InitialContextFactory.class
.getName());
jndiProperties.put(Context.PROVIDER_URL, "remote://localhost:4447");
jndiProperties.put("jboss.naming.client.ejb.context", true);
jndiProperties
.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",
"false");
jndiProperties.put(Context.SECURITY_PRINCIPAL, "user");
jndiProperties.put(Context.SECURITY_CREDENTIALS, "pass");// pass");
Context context =context = new InitialContext(jndiProperties);
jboss-ejb-client.properties
endpoint.name=client-endpoint
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=localhost
remote.connection.default.port = 4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
- on the server side a implementation of AbstractServerLoginModule should be called
- i putted my implementation in a jar and tried to add it to a jboss module.
- i tried two ways
- both with the same result
- my server config looks like this:
<security-realm name="ApplicationRealm">
<authentication>
<properties relative-to="jboss.server.config.dir" path="${jboss.server.config.dir}/application-users.properties"/>
</authentication>
</security-realm>
<security-realm name="MyAppRealm">
<authentication>
<jaas name="myAppJaas"/>
</authentication>
</security-realm>
<security-domains>
<security-domain name="myAppJaas" cache-type="default">
<authentication>
<login-module code="sampleApp.jboss.login.AuthLoginModule"
flag="required">
<module-option name="debug" value="true" />
</login-module>
</authentication>
</security-domain>
</security-domains>
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting" security-realm="MyAppRealm"/>
</subsystem>
What i get at the moment:
- i removed the part where i try to login via jaas upfront figured out that it does not make any diffrence in my sample
- it seems that my loginmodule(server) doesent get called (sampleApp.jboss.login.AuthLoginModule)
the only output i get on server side:
14:04:07,946 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "client" task-3) Begin getAppConfigurationEntry(myAppJaas), size=1
14:04:07,952 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "client" task-3) End getAppConfigurationEntry(myAppJaas), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: sampleApp.jboss.login.AuthLoginModule
ControlFlag: Anmeldemodul-Steuerflag: required
Options:
name=debug, value=true
client output:
Mai 22, 2012 2:04:07 PM org.xnio.Xnio <clinit>
INFO: XNIO Version 3.0.3.GA
Mai 22, 2012 2:04:07 PM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.0.3.GA
Mai 22, 2012 2:04:07 PM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 3.2.2.GA
Mai 22, 2012 2:04:07 PM org.jboss.remoting3.remote.RemoteConnection handleException
ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
at org.jboss.naming.remote.client.ClientUtil.namingException(ClientUtil.java:36)
at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at Main.main(Main.java:37)
Caused by: java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87)
at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:42)
at org.jboss.naming.remote.client.InitialContextFactory.createConnection(InitialContextFactory.java:153)
at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateConnection(InitialContextFactory.java:126)
at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:106)
... 5 more
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.nio.NioHandle.run(NioHandle.java:90)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)
at org.jboss.naming.remote.client.cache.EndpointCache$EndpointWrapper.connect(EndpointCache.java:110)
at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:41)
... 8 more
Problems:
- the login module doesent get called --> leads to the sasl exception i assume.. (javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed)
- how to get more useful debug/trace output from the security module
Thank you for your time ... any help would be appreciated.. and sorry for my bad english ;) i hope you could get my point anyways