9 p.m.
Ganesh Saithala [https://community.jboss.org/people/ganeshment] created the discussion
"remote ejb client username is encrypted at the server(JBOSS7.1 CR1)"
To view the discussion, visit: https://community.jboss.org/message/646881#646881
--------------------------------------------------------------
we are using remote EJB JNDI based units tests to test the code and we are evaluating
JBOSS7.1 CR1. With JBOSS7.1 CR1, username sent from the remote ejb client is encrypted at
the server, database query using the encrypted username is returning no passwords and
login is failing. We are stuck with this problem to continue evaluation of JBOSS7.1 CR1
release. Can you please suggest how to fix this issue.
I have referred the following links to get the relevant information but unsuccessful
https://issues.jboss.org/browse/AS7-2942
https://issues.jboss.org/browse/AS7-2999?page=com.atlassian.jira.plugin.s...
https://issues.jboss.org/browse/AS7-3002?page=com.atlassian.jira.plugin.s...
Server Exception :
18:54:39,652 ERROR [org.jboss.remoting.remote] (Remoting "machine1" read-1)
JBREM000200: Remote connection failed: java.io.IOException: An existing connection was
forcibly closed by the remote host
18:57:45,423 DEBUG [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login]
(pool-9-thread-2) CallbackHandler:
mailto:org.jboss.security.auth.callback.JBossCallbackHandler@10d0fc9
org.jboss.security.auth.callback.JBossCallbackHandler@10d0fc9
18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login]
(pool-9-thread-2) Begin isValid, principal:a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login]
(pool-9-thread-2) defaultLogin, principal=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (pool-9-thread-2)
Begin getAppConfigurationEntry(iS3Login), size=4
18:57:45,423 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (pool-9-thread-2)
End getAppConfigurationEntry(iS3Login), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: sufficient
Options:
name=hashAlgorithm, value=SHA-256
name=principalsQuery, value=select password from sessionuser where name=?
name=hashEncoding, value=base64
name=dsJndiName, value=java:/jdbc/exampleds
name=rolesQuery, value=select role, 'Roles' from sessionrole where name=?
[1]
LoginModule Class: org.jboss.security.auth.spi.LdapLoginModule
ControlFlag: LoginModuleControlFlag: sufficient
Options:
name=java.naming.provider.url, value=ldap://ldap.xxx.xxx.com:123/
name=principalDNSuffix, value=,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com
name=principalDNPrefix, value=CN=
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) initialize
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) Security domain: iS3Login
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) Password hashing activated: algorithm = SHA-256, encoding = base64,
charset = {default}, callback = null, storeCallback = null
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) DatabaseServerLoginModule, dsJndiName=java:/jdbc/exampleds
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) principalsQuery=select password from sessionuser where name=?
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) rolesQuery=select role, 'Roles' from sessionrole where name=?
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) suspendResume=true
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) login
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) suspendAnyTransaction
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) Excuting query: select password from sessionuser where name=?, with
username: a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) Query returned no matches from db
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) resumeAnyTransaction
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2)
initialize
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2)
Security domain: iS3Login
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) login
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Logging
into LDAP server, env={java.naming.provider.url=ldap://ldap.xxx.xxx.com:123/,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
jboss.security.security_domain=iS3Login, principalDNPrefix=CN=,
principalDNSuffix=,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com,
java.naming.security.authentication=simple,
java.naming.security.principal=CN=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5,OU=xxx,OU=Americas,DC=xxx,DC=xxx,DC=com,
java.naming.security.credentials=***}
18:57:45,423 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) Bad
password for username=a82aa6a4-cf24-4ab0-ab3e-54037d8db4d5
18:57:45,423 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(pool-9-thread-2) abort
18:57:45,423 TRACE [org.jboss.security.auth.spi.LdapLoginModule] (pool-9-thread-2) abort
18:57:45,423 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login]
(pool-9-thread-2) Login failure: javax.security.auth.login.FailedLoginException: PB00019:
Processing Failed:No matching username found in Principals
at
org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:186)
[picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at
org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:248)
[picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source) [:1.6.0_29]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[:1.6.0_29]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_29]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [:1.6.0_29]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_29]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_29]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_29]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_29]
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:402)
[picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.proceedWithJaasLogin(JaasSecurityManagerBase.java:341)
[picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:329)
[picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:207)
[picketbox-4.0.6.Beta2.jar:4.0.6.Beta2]
at
org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:267)
[jboss-as-security-7.1.0.CR1.jar:7.1.0.CR1]
at
org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:234)
[jboss-as-security-7.1.0.CR1.jar:7.1.0.CR1]
at
org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49)
[jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at
org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45)
[jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at
org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74)
[jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57)
[jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
[jboss-as-ee-7.1.0.CR1.jar:7.1.0.CR1]
at
org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:283)
[jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at
org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:61)
[jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at
org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:191)
[jboss-as-ejb3-7.1.0.CR1.jar:7.1.0.CR1]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_29]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_29]
at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
[:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
[:1.6.0_29]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_29]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
18:57:45,439 TRACE [org.jboss.security.plugins.JBossAuthenticationManager.iS3Login]
(pool-9-thread-2) End isValid, false
18:57:45,439 ERROR [org.jboss.ejb3.invocation] (pool-9-thread-2) JBAS014134: EJB
Invocation failed on component SessionBean for method public abstract
java.security.Principal demo.SessionBeanInterface.getPrincipal():
javax.ejb.EJBAccessException: Invalid User
at
org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54)
at
org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45)
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at
org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
at
org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:283)
at
org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:61)
at
org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:191)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_29]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_29]
at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
[:1.6.0_29]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
[:1.6.0_29]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_29]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
[jboss-threads-2.0.0.GA.jar:2.0.0.GA]
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/646881#646881]
Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
11:41 p.m.
New subject: [JBoss AS 7 Development] - Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)
Ganesh Saithala [https://community.jboss.org/people/ganeshment] created the discussion
"Re: remote ejb client username is encrypted at the server(JBOSS7.1 CR1)"
To view the discussion, visit: https://community.jboss.org/message/717606#717606
--------------------------------------------------------------
With JBOSS7.1 Fianl version also Iam getting encrypted username at the server and database
login is failing.
standalone.xml file contents :
<security-realm name="ApplicationRealm">
<authentication>
<properties path="application-users.properties"
relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector"
socket-binding="remoting" security-realm="ApplicationRealm">
<sasl>
<policy>
<no-anonymous value="true"/>
<no-plain-text value="false"/>
<pass-credentials value="true"/>
</policy>
</sasl>
</connector>
</subsystem>
<security-domain name="MYLogin" cache-type="default">
<authentication>
<login-module code="Remoting"
flag="optional">
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="sufficient">
<module-option name="dsJndiName"
value="java:/jdbc/example"/>
<module-option name="principalsQuery"
value="select password from sessionuser where name=?"/>
<module-option name="rolesQuery"
value="select role, 'Roles' from sessionrole where name=?"/>
<module-option name="hashAlgorithm"
value="SHA-256"/>
<module-option name="hashEncoding"
value="base64"/>
</login-module>
</authentication>
</security-domain>
...
EJB is using Security Domain annotation@SecurityDomain
(value = "MYLogin")
Can you please suggest how to configure standalone.xml for remote ejb authentication to
work properly using database login module.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/717606#717606]
Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
4460
days inactive
4493
days old
jboss-dev-forums@lists.jboss.org
1 comments
1 participants
participants (1)
-
Ganesh Saithala