Tarek Hammoud [
https://community.jboss.org/people/thammoud] created the discussion
"Re: ClientLoginModule support"
To view the discussion, visit:
https://community.jboss.org/message/753027#753027
--------------------------------------------------------------
Excuse me for misstating the real issue. We do not care about the JNDI lookup not being
hardcoded with security details. We want the freedom to invoke the EJB using the
ClientLoginModule. It looks like Sasl Client setup does not take the credentials as set by
ClientLoginModule into account. Is this supported? This worked just fine in 4.x and 6.x. I
saw remote.connection.default.callback.handler.class property but could not find a
CallBackHandler to simply read what was setup by ClientLoginModule. I must be missing
something.
public class TestRemoteReference {
public static void main(String[] args) {
try {
Properties jndiProps = new Properties();
jndiProps.put(Context.PROVIDER_URL,"remote://localhost:4447");
jndiProps.put(Context.SECURITY_PRINCIPAL, "username");
jndiProps.put(Context.SECURITY_CREDENTIALS,
"password");
jndiProps.put(Context.URL_PKG_PREFIXES,
"org.jboss.ejb.client.naming");
Context ctx = new InitialContext(jndiProps);
Properties clientProp = new Properties();
clientProp.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED",
"false");
clientProp.put("remote.connections", "default");
clientProp.put("remote.connection.default.port", "4447");
clientProp.put("remote.connection.default.host",
"localhost");
// clientProp.put("remote.connection.default.username",
"username");
// clientProp.put("remote.connection.default.password",
"password");
clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS",
"false");
clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS",
"JBOSS-LOCAL-USER");
clientProp.put("remote.connection.default.callback.handler.class",
"org.jboss.security.auth.callback.JASPICallbackHandler");
EJBClientConfiguration cc = new
PropertiesBasedEJBClientConfiguration(clientProp);
ContextSelector<EJBClientContext> selector = new
ConfigBasedEJBClientContextSelector(cc);
EJBClientContext.setSelector(selector);
Service service = (Service) ctx.lookup("XXX"); // No issues here
// Local login as another user. Hoping that SASL will somehow pick these
// credentials up before invocation
// Client login module gets called and sets up the
// the correct principal in SecurityAssociationActions.
LoginContext c = SecurityUtils.login("client-login",
"username2", "password2");
// Fails witht he dreaded "No EJB receiver available" but the real
exception is a security
// Exception. If we uncomment the security info in the remote connection
properties, it works fine
Object result = service.doSomething()
}
catch(Throwable ex) {
ex.printStackTrace();
}
}
}
login.conf
client-login {
org.jboss.security.ClientLoginModule required
;
};
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/753027#753027]
Start a new discussion in JBoss AS 7 Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]