Using JBoss 7 DatabaseServerLoginModule with a remote client

1
votes

we are currently porting a Java EE application from JBoss 6 to JBoss 7.1.1. The application has no web interface but only a remote client based on Eclipse RCP. To authenticate clients the remote client uses a "javax.security.auth.login.LoginContext" to provide the required credentials. The Server is using the "DatabaseServerLoginModule" to authenticate all access to the applications security domain.

To port that application to JBoss 7.1.1 I've done the following:

I've configured a security-domain in the "standalone-full.xml":

<security-domain name="myDomain" cache-type="default">
  <authentication>
    <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName" value="jdbc/myDS"/>
      <module-option name="principalsQuery" value="select u.password from users u left join authorizables a on u.id=a.id where a.name=?"/>
      <module-option name="rolesQuery" value="SELECT 'user', 'Roles' FROM authorizables WHERE name=?"/>
    </login-module>
  </authentication>
</security-domain>

Next I've configured a security-realm:

<security-realm name="MyAppRealm">
  <authentication>
    <jaas name="myDomain"/>
  </authentication>
</security-realm>

And last I've bound the remoting connector to my custom realm

<connector name="remoting-connector" socket-binding="remoting" security realm="MyAppRealm"/>

Now when trying to access the server the following exception is thrown:

ERROR connection:99 - JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
at org.jboss.naming.remote.client.ClientUtil.namingException(ClientUtil.java:36)
at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:121)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at my.SampleClient.login(SampleClient.java:110)
... 26 more
Caused by: java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87)
at org.jboss.naming.remote.client.NamingStoreCache.getRemoteNamingStore(NamingStoreCache.java:56)
at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateCachedNamingStore(InitialContextFactory.java:166)
at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateNamingStore(InitialContextFactory.java:139)
at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:104)
... 31 more
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.nio.NioHandle.run(NioHandle.java:90)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)
at org.jboss.naming.remote.client.EndpointCache$EndpointWrapper.connect(EndpointCache.java:105)
at org.jboss.naming.remote.client.NamingStoreCache.getRemoteNamingStore(NamingStoreCache.java:55)
... 34 more

Has anybody an idea what I've done wrong. Can anybody give me a hint on how to setup this scenario. I've been searching in the JBoss documentation but haven't found a solution for this problem.

1
securityjboss7.x
I`m having the same problem ... did you manage to solve yours ? - Sergiu

1 Answers

-1
votes

The part:

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

it wrong. Not use fully name class of "org.jboss.security.auth.spi.DatabaseServerLoginModule" and yes "Database", according link https://docs.jboss.org/author/display/AS71/Security+subsystem+configuration where exists the table with this "code" associated "fully name qualified class".