Frank Ulbricht [
https://community.jboss.org/people/f.ulbricht] created the discussion
"Remote client access with database login module: user name and password are
UUIDs"
To view the discussion, visit:
https://community.jboss.org/message/719442#719442
--------------------------------------------------------------
Hello there,
I have a simple application with a secured session bean. I want to invoke this bean from a
remote client.
This is my configuration:
standalone.xml:
...
<security-realm name="TutorialRealm">
<authentication>
<jaas name="tutorial"/>
</authentication>
</security-realm>
...
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector"
socket-binding="remoting" security-realm="TutorialRealm"/>
</subsystem>
...
<security-domain name="tutorial"
cache-type="default">
<authentication>
<login-module code="Remoting"
flag="optional">
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
<login-module code="Database"
flag="required">
<module-option name="dsJndiName"
value="java:/TutorialDS"/>
<module-option name="principalsQuery"
value="SELECT PASSWORD FROM SYSTEM_USER WHERE USER_NAME = ?"/>
<module-option name="rolesQuery"
value="SELECT USER_ROLE, 'Roles' FROM SYSTEM_USER_ROLE WHERE USER_NAME =
?"/>
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
...
My bean looks like this (it just returns the current user, but this method was never
called):
@Stateless(name = "Secured")
@Remote(SecuredRemote.class)
@SecurityDomain("tutorial")
public class SecuredBean implements SecuredRemote {
@Resource
private SessionContext sessionContext;
@Override
@RolesAllowed("role1")
public String getCurrentUserName() {
Principal principal = this.sessionContext.getCallerPrincipal();
return principal.getName();
}
}
In my ear I have a jboss-app.xml like this:
<jboss-app
xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
version="7.0">
<security-domain>tutorial</security-domain>
</jboss-app>
My client code is this:
@SuppressWarnings("nls")
public class Client {
private static String applicationName = "test.ear";
private static String remoteModuleName = "remote.jar";
private static String userName = "admin";
private static String password = "test";
public static void main(final String[] args) {
final Client client = new Client();
try {
client.run();
} catch (final Exception ex) {
ex.printStackTrace();
}
}
public Client() {
// create client configuration
final EJBClientConfiguration clientConfiguration = new
PropertiesBasedEJBClientConfiguration(
createClientConfigurationProperties());
// create a context selector
final ContextSelector<EJBClientContext> contextSelector = new
ConfigBasedEJBClientContextSelector(
clientConfiguration);
// set the selector for use
EJBClientContext.setSelector(contextSelector);
}
public void run() throws Exception {
// lookup and use secured bean
final SecuredRemote secured = lookupBean("Secured", SecuredRemote.class,
false);
System.out.println(secured.getCurrentUserName());
}
private static <T> T lookupBean(final String beanName, final Class<T>
viewClass, final boolean stateful)
throws NamingException {
final String lookupName = String.format("ejb:%1$s/%2$s/%3$s!%4$s?%5$s",
applicationName, remoteModuleName,
beanName, viewClass.getName(), stateful ? "stateful" :
"stateless");
return (T) getInitialContext().lookup(lookupName);
}
private static Context context;
private static Context getInitialContext() throws NamingException {
if (context == null) {
final Hashtable<Object, Object> contextProperties = new Hashtable<>();
contextProperties.put(Context.URL_PKG_PREFIXES,
"org.jboss.ejb.client.naming");
contextProperties.put(Context.SECURITY_PRINCIPAL, userName);
contextProperties.put(Context.SECURITY_CREDENTIALS, password);
contextProperties.put("jboss.naming.client.ejb.context", true);
contextProperties.put(Context.PROVIDER_URL, "remote://localhost:4447");
//contextProperties.put(Context.INITIAL_CONTEXT_FACTORY,
"org.jboss.naming.remote.client.InitialContextFactory");
context = new InitialContext(contextProperties);
}
return context;
}
private static Properties createClientConfigurationProperties() {
final Properties properties = new Properties();
properties.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED",
"false");
properties.put("remote.connections", "default");
properties.put("remote.connection.default.host", "localhost");
properties.put("remote.connection.default.port", "4447");
properties.put("remote.connection.default.username", userName);
properties.put("remote.connection.default.password", password);
properties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS",
"true");
//
properties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS","JBOSS-LOCAL-USER");
properties.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",
"false");
return properties;
}
}
The database query from the login module is executed but using the "jdbc.spy" is
see the user name is a random UUID. So I never see the entered user name on the server
side. In the end there is of course this exception on server side:
JBAS014134: EJB Invocation failed on component Secured for method public abstract
java.lang.String com.qualitype.tutorial.remote.SecuredRemote.getCurrentUserName():
javax.ejb.EJBAccessException: JBAS013323: Invalid User
If I enable the "SASL_DISALLOWED_MECHANISMS" property the is:
java.lang.IllegalStateException: No EJB receiver available for handling [...] combination
If I enable the "INITIAL_CONTEXT_FACTORY" property the exception is:
javax.security.sasl.SaslException: Authentication failed: all available authentication
mechanisms failed
As you can see, I use a lot of different properties. This is a collection copied from
various samples from the forum. I think I tested nearly all combination of them but it
always leads me to one of the exceptions above.
In my opinion the configuration on server side should be alright. But I have a lot of
doubts concerning the client configuration...
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/719442#719442]
Start a new discussion in JBoss AS 7 Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]