[jboss-user] [EJB3] - Remote context / security
Scott Wallace
do-not-reply at jboss.com
Mon Jan 7 10:32:52 EST 2013
Scott Wallace [https://community.jboss.org/people/sdwallace] created the discussion
"Remote context / security"
To view the discussion, visit: https://community.jboss.org/message/788795#788795
--------------------------------------------------------------
Hello.
I would like to understand if it is possible to have a web tier be the remote EJB client and not have any jboss-ejb-client.properites that expose security. I have this code:
private static Calculator lookupRemoteEJB() throws NamingException {
Properties jndiProps = new Properties();
jndiProps.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
jndiProps.put(Context.PROVIDER_URL,"remote://localhost:4447");
jndiProps.put(Context.SECURITY_PRINCIPAL, "webTier");
jndiProps.put(Context.SECURITY_CREDENTIALS, "secretpassword");
//create a context passing these properties
Context context = new InitialContext(jndiProps);
final String appName = "";
final String moduleName = "EJBSandbox";
final String distinctName = "";
final String beanName = CalculatorBean.class.getSimpleName();
final String viewClassName = Calculator.class.getName();
System.out.println("Looking EJB via JNDI ");
System.out.println(moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);
return (Calculator) context.lookup(moduleName + "/" + beanName + "!" + viewClassName);
}
It works provided I have this jboss-ejb-client.properties in my classpath:
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=127.0.0.1
remote.connection.default.port = 4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
remote.connection.default.username=webTier
remote.connection.default.password=secretpassword
remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
However, if I remove the user name and password from the properties file, I get this exception:
ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
No EJB receiver available for handling [appName:,modulename:EJBSandbox,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext at 1a3a9bba
java.lang.IllegalStateException: No EJB receiver available for handling [appName:,modulename:EJBSandbox,distinctname:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext at 1a3a9bba
Is there a way to remove security information from the property file (or encrypt it minimally) so that this is not in clear text on a web server in the DMZ? Any concrete examples?
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/788795#788795]
Start a new discussion in EJB3 at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20130107/5f1fbed9/attachment.html
More information about the jboss-user
mailing list