[jboss-dev-forums] [JBoss AS 7 Development] - custom ServerLoginModule Problem: Authentication failed: all available authentication mechanisms failed
john_k
do-not-reply at jboss.com
Tue May 22 08:14:19 EDT 2012
john_k [https://community.jboss.org/people/john_k] created the discussion
"custom ServerLoginModule Problem: Authentication failed: all available authentication mechanisms failed"
To view the discussion, visit: https://community.jboss.org/message/737021#737021
--------------------------------------------------------------
Hi,
i have some problems to set up a custom serverloginmodule for jboss as7 any help would be appriciated.
I am still new to jboss and jboss as7 so maybe i try to tackle my problem with the wrong tools or i miss just some things i need to know to do it properly.
So maybe someone could point me to the correct direction ;)
*What i want to achieve:*
* i want to access a secured remote ejb via a "normal" java client
* before i access the bean i want to be authenticated via jaas via the jboss with a custom ServerLoginModule * call org.jboss.security.ClientLoginModule via LoginContext
jboss{
org.jboss.security.ClientLoginModule required
;
};
String contextName = "jboss"
Subject subject = new Subject(false, new HashSet<Principal>(),
new HashSet<String>(), new HashSet<String>());
LoginContext loginContext = new LoginContext(contextName,
subject);
loginContext.login();
* if the login succeeds i want to create the initial context and access the bean
code
Properties jndiProperties = new Properties();
jndiProperties.put(Context.URL_PKG_PREFIXES,
"org.jboss.ejb.client.naming");
jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY,
org.jboss.naming.remote.client.InitialContextFactory.class
.getName());
jndiProperties.put(Context.PROVIDER_URL, "remote://localhost:4447");
jndiProperties.put("jboss.naming.client.ejb.context", true);
jndiProperties
.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",
"false");
jndiProperties.put(Context.SECURITY_PRINCIPAL, "user");
jndiProperties.put(Context.SECURITY_CREDENTIALS, "pass");// pass");
Context context =context = new InitialContext(jndiProperties);
jboss-ejb-client.properties
endpoint.name=client-endpoint
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=localhost
remote.connection.default.port = 4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
* on the server side a implementation of AbstractServerLoginModule should be called* i putted my implementation in a jar and tried to add it to a jboss module.
* i tried two ways * 1) put it in a independent module
* 2) put it in the org\jboss\as\remoting\main module [after reading this (I added it on the jboss_install_dir/modules/org/jboss/as/remoting/main and modified the module.xml https://community.jboss.org/thread/195501?start=15&tstart=0 https://community.jboss.org/thread/195501?start=15&tstart=0)
* both with the same result
* my server config looks like this:
<security-realm name="ApplicationRealm">
<authentication>
<properties relative-to="jboss.server.config.dir" path="${jboss.server.config.dir}/application-users.properties"/>
</authentication>
</security-realm>
<security-realm name="MyAppRealm">
<authentication>
<jaas name="myAppJaas"/>
</authentication>
</security-realm>
<security-domains>
<security-domain name="myAppJaas" cache-type="default">
<authentication>
<login-module code="sampleApp.jboss.login.AuthLoginModule"
flag="required">
<module-option name="debug" value="true" />
</login-module>
</authentication>
</security-domain>
</security-domains>
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting" security-realm="MyAppRealm"/>
</subsystem>
*What i get at the moment:*
* i removed the part where i try to login via jaas upfront figured out that it does not make any diffrence in my sample
* it seems that my loginmodule(server) doesent get called (sampleApp.jboss.login.AuthLoginModule)
the only output i get on server side:
14:04:07,946 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "client" task-3) Begin getAppConfigurationEntry(myAppJaas), size=1
14:04:07,952 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "client" task-3) End getAppConfigurationEntry(myAppJaas), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: sampleApp.jboss.login.AuthLoginModule
ControlFlag: Anmeldemodul-Steuerflag: required
Options:
name=debug, value=true
client output:
Mai 22, 2012 2:04:07 PM org.xnio.Xnio <clinit>
INFO: XNIO Version 3.0.3.GA
Mai 22, 2012 2:04:07 PM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.0.3.GA
Mai 22, 2012 2:04:07 PM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 3.2.2.GA
Mai 22, 2012 2:04:07 PM org.jboss.remoting3.remote.RemoteConnection handleException
ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
at org.jboss.naming.remote.client.ClientUtil.namingException(ClientUtil.java:36)
at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at Main.main(Main.java:37)
Caused by: java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87)
at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:42)
at org.jboss.naming.remote.client.InitialContextFactory.createConnection(InitialContextFactory.java:153)
at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateConnection(InitialContextFactory.java:126)
at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:106)
... 5 more
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:315)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.nio.NioHandle.run(NioHandle.java:90)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)
at org.jboss.naming.remote.client.cache.EndpointCache$EndpointWrapper.connect(EndpointCache.java:110)
at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:41)
... 8 more
*Problems:*
* the login module doesent get called --> leads to the sasl exception i assume.. (javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed)
* how to get more useful debug/trace output from the security module
Thank you for your time ... any help would be appreciated.. and sorry for my bad english ;) i hope you could get my point anyways
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/737021#737021]
Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120522/022a8bd8/attachment.html
More information about the jboss-dev-forums
mailing list