[ https://issues.jboss.org/browse/AS7-5825?page=com.atlassian.jira.plugin.s... ] Pedro Igor updated AS7-5825: ---------------------------- Steps to Reproduce: Just followed these steps: 1) Add a new security-realm config <security-realm name="CustomSecurityRealm"> <authentication> <jaas name="custom-security-domain"/> </authentication> </security-realm> 2) Add a new security-domain to be used by the new Security Realm 3) Change the remoting-connector to use the CustomSecurityRealm <connector name="remoting-connector" socket-binding="remoting" security-realm="CustomSecurityRealm"/> Try to invoke the an EJB using a standalone client that uses the PLAIN SASL mech. Hashtable<String, Object> env = new Hashtable<String, Object>(); Security.addProvider(new Provider()); Element assertion = getAssertionFromSTS("UserA", "PassA"); env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"); env.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory"); env.put("java.naming.provider.url", "remote://localhost:4447"); env.put("jboss.naming.client.ejb.context", "true"); env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); env.put("javax.security.sasl.policy.noplaintext", "false"); env.put(Context.SECURITY_PRINCIPAL, "admin"); env.put(Context.SECURITY_CREDENTIALS, DocumentUtil.getNodeAsString(assertion)); Context context = new InitialContext(env); EchoService object = (EchoService) context.lookup("ejb-test/EchoServiceImpl!org.picketlink.test.trust.ejb.EchoService"); Assert.assertEquals("Hi UserA", object.echo("Hi ")); was: Just followed these steps: 1) Add a new security-realm config <security-realm name="CustomSecurityRealm"> <authentication> <jaas name="custom-security-domain"/> </authentication> </security-realm> 2) Add a new security-domain to be used by the new Security Realm 3) Changed the remoting-connector to use the CustomSecurityRealm <connector name="remoting-connector" socket-binding="remoting" security-realm="CustomSecurityRealm"/> Try to invoke the an EJB using a standalone client that uses the PLAIN SASL mech. Hashtable<String, Object> env = new Hashtable<String, Object>(); Security.addProvider(new Provider()); Element assertion = getAssertionFromSTS("UserA", "PassA"); env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"); env.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory"); env.put("java.naming.provider.url", "remote://localhost:4447"); env.put("jboss.naming.client.ejb.context", "true"); env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); env.put("javax.security.sasl.policy.noplaintext", "false"); env.put(Context.SECURITY_PRINCIPAL, "admin"); env.put(Context.SECURITY_CREDENTIALS, DocumentUtil.getNodeAsString(assertion)); Context context = new InitialContext(env); EchoService object = (EchoService) context.lookup("ejb-test/EchoServiceImpl!org.picketlink.test.trust.ejb.EchoService"); Assert.assertEquals("Hi UserA", object.echo("Hi ")); -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/AS7-5825?page=com.atlassian.jira.plugin.s... ] Pedro Igor updated AS7-5825: ---------------------------- Steps to Reproduce: Just followed these steps: 1) Add a new security-realm config <security-realm name="CustomSecurityRealm"> <authentication> <jaas name="custom-security-domain"/> </authentication> </security-realm> 2) Add a new security-domain to be used by the new Security Realm 3) Change the remoting-connector to use the CustomSecurityRealm <connector name="remoting-connector" socket-binding="remoting" security-realm="CustomSecurityRealm"/> Try to invoke the an EJB using a standalone client that uses the PLAIN SASL mech. Client Code: Hashtable<String, Object> env = new Hashtable<String, Object>(); Security.addProvider(new Provider()); env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"); env.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory"); env.put("java.naming.provider.url", "remote://localhost:4447"); env.put("jboss.naming.client.ejb.context", "true"); env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); env.put("javax.security.sasl.policy.noplaintext", "false"); env.put(Context.SECURITY_PRINCIPAL, "admin"); env.put(Context.SECURITY_CREDENTIALS, "password"); Context context = new InitialContext(env); EchoService object = (EchoService) context.lookup("ejb-test/EchoServiceImpl!org.picketlink.test.trust.ejb.EchoService"); Assert.assertEquals("Hi admin", object.echo("Hi ")); was: Just followed these steps: 1) Add a new security-realm config <security-realm name="CustomSecurityRealm"> <authentication> <jaas name="custom-security-domain"/> </authentication> </security-realm> 2) Add a new security-domain to be used by the new Security Realm 3) Change the remoting-connector to use the CustomSecurityRealm <connector name="remoting-connector" socket-binding="remoting" security-realm="CustomSecurityRealm"/> Try to invoke the an EJB using a standalone client that uses the PLAIN SASL mech. Hashtable<String, Object> env = new Hashtable<String, Object>(); Security.addProvider(new Provider()); Element assertion = getAssertionFromSTS("UserA", "PassA"); env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"); env.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory"); env.put("java.naming.provider.url", "remote://localhost:4447"); env.put("jboss.naming.client.ejb.context", "true"); env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); env.put("javax.security.sasl.policy.noplaintext", "false"); env.put(Context.SECURITY_PRINCIPAL, "admin"); env.put(Context.SECURITY_CREDENTIALS, DocumentUtil.getNodeAsString(assertion)); Context context = new InitialContext(env); EchoService object = (EchoService) context.lookup("ejb-test/EchoServiceImpl!org.picketlink.test.trust.ejb.EchoService"); Assert.assertEquals("Hi UserA", object.echo("Hi ")); -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/AS7-5825?page=com.atlassian.jira.plugin.s... ] Pedro Igor updated AS7-5825: ---------------------------- Description: Tried to configure a custom JAAS Security Realm for the Remoting Connector using JBoss Application Server 7.1.1.Final. These same steps work with JBoss AS 7.2.0 and 7.1.3. When debbuging the client (in my case a EJB standalone client using org.jboss.ejb.client.naming) I noticed that the PLAIN mech is not returned by the server. My client expects the PLAIN mech to authenticate users using the provided username / password when creating the InitialContext. According to the docs, when using the JAAS configuration for Security Realms, the PLAIN is automatically supported by the server. was: Tried to configure a custom JAAS Security Realm for the Remoting Connector using JBoss Application Server 7.1.1.Final. These same steps work with JBoss AS 7.2.0 and 7.1.3. When debbuging the client (in my case a EJB standalone client using org.jboss.ejb.client.naming) I noticed that the PLAIN mech is not returned by the server. My client expects the PLAIN mech to authenticate users using the provided username / password when creating the InitialContext. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira