[jboss-jira] [JBoss JIRA] (WFLY-3738) Secured JavaEE appclient hangs on invalid login

Wolfgang Knauf (JIRA) issues at jboss.org
Fri Aug 15 15:04:29 EDT 2014 

Wolfgang Knauf created WFLY-3738:
------------------------------------

             Summary: Secured JavaEE appclient hangs on invalid login
                 Key: WFLY-3738
                 URL: https://issues.jboss.org/browse/WFLY-3738
             Project: WildFly
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Application Client
    Affects Versions: 8.1.0.Final
            Reporter: Wolfgang Knauf
            Assignee: Stuart Douglas
            Priority: Minor


See attached sample EAR file: it contains a secured EJB and a JavaEE application client. When running the JavaEE application client, you are prompted to enter a user/password, which causes an authentication against a security domain (the prompt to enter login/password does not work correctly, so enter username when nothing more happens, press enter, enter password when nothing more happens and press enter ;-)). 

If you enter valid credentials (e.g. "admin/admin" or "kunde/kunde"), everything is fine. But if you enter e.g. an invalid password, the app client container does not exit. It hangs at the step 
"20:39:28,649 INFO  [org.jboss.as] (MSC service thread 1-2) JBAS015950: WildFly 8.1.0.Final "Kenny" stopped in 339ms"

To reproduce:
a) modify "standalone.xml":
a.1) I need a custom realm:
            <security-realm name="KnaufRealm">
                <authentication>
                    <jaas name="knaufsecurity"/>
                </authentication>
            </security-realm>
a.2) add this security domain:
                <security-domain name="knaufsecurity" cache-type="default">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:jboss/datasources/ExampleDS"/>
                            <module-option name="principalsQuery" value="SELECT PASSWORT FROM BENUTZER WHERE LOGIN=?"/>
                            <module-option name="rolesQuery" value="SELECT R.ROLLE, 'Roles' FROM ROLLE AS R, BENUTZER_ROLLE AS BR, BENUTZER AS B WHERE B.LOGIN=? AND BR.ROLLEN_ID = R.ID AND BR.BENUTZER_ID = B.ID"/>
                            <module-option name="unauthenticatedIdentity" value="gast"/>
                        </login-module>
                    </authentication>
                </security-domain>
a.3) point the remoting connector to my own security realm:
        <subsystem xmlns="urn:jboss:domain:remoting:2.0">
            <endpoint worker="default"/>
            <http-connector name="http-remoting-connector" connector-ref="default" security-realm="KnaufRealm"/>
        </subsystem>

b) deploy attached EAR file to the server
c) run JavaEE application client: %WILDFLY_HOME%\bin\appclient.bat c:\path_to\Security.ear#SecurityClient.jar



--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

More information about the jboss-jira mailing list