JBoss Community

Re: ClientLoginModule support

created by Tarek Hammoud in JBoss AS 7 Development - View the full discussion

Excuse me for misstating the real issue. We do not care about the JNDI lookup not being hardcoded with security details. We want the freedom to invoke the EJB using the ClientLoginModule. It looks like Sasl Client setup does not take the credentials as set by ClientLoginModule into account. Is this supported? This worked just fine in 4.x and 6.x. I saw remote.connection.default.callback.handler.class property but could not find a CallBackHandler to simply read what was setup by ClientLoginModule. I must be missing something.

public class TestRemoteReference {
 
    public static void main(String[] args) {
        try {
           Properties jndiProps = new Properties();
           jndiProps.put(Context.PROVIDER_URL,"remote://localhost:4447");
 
           jndiProps.put(Context.SECURITY_PRINCIPAL,   "username");
           jndiProps.put(Context.SECURITY_CREDENTIALS, "password");                      
           jndiProps.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
 
           Context ctx = new InitialContext(jndiProps);
 
           Properties clientProp = new Properties();
           clientProp.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");
           clientProp.put("remote.connections", "default");
           clientProp.put("remote.connection.default.port", "4447");
           clientProp.put("remote.connection.default.host", "localhost");
//           clientProp.put("remote.connection.default.username", "username");
//           clientProp.put("remote.connection.default.password", "password");
           clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");
           clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");
           clientProp.put("remote.connection.default.callback.handler.class", "org.jboss.security.auth.callback.JASPICallbackHandler");
 
 
           EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(clientProp);
           ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);
           EJBClientContext.setSelector(selector);                                 
 
           Service service = (Service) ctx.lookup("XXX"); // No issues here
 
 
           // Local login as another user. Hoping that SASL will somehow pick these
           // credentials up before invocation
 
           // Client login module gets called and sets up the 
           // the correct principal in SecurityAssociationActions.
 
 
           LoginContext c = SecurityUtils.login("client-login", "username2", "password2");
 
           // Fails witht he dreaded "No EJB receiver available" but the real exception is a security 
           // Exception. If we uncomment the security info in the remote connection properties, it works fine
 
 
           Object result = service.doSomething()
        }
        catch(Throwable ex) {
            ex.printStackTrace();            
        }
    }
}
 
 
login.conf
client-login {
   org.jboss.security.ClientLoginModule  required
          ;
};

Reply to this message by going to Community

Start a new discussion in JBoss AS 7 Development at Community