Scott Wallace
2013-01-07 15:32:52 UTC
Scott Wallace [https://community.jboss.org/people/sdwallace] created the discussion
"Remote context / security"
To view the discussion, visit: https://community.jboss.org/message/788795#788795
--------------------------------------------------------------
Hello.
I would like to understand if it is possible to have a web tier be the remote EJB client and not have any jboss-ejb-client.properites that expose security. I have this code:
   private static Calculator lookupRemoteEJB() throws NamingException {
             Properties jndiProps = new Properties();
             jndiProps.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
             jndiProps.put(Context.PROVIDER_URL,"remote://localhost:4447");
             jndiProps.put(Context.SECURITY_PRINCIPAL, "webTier");
             jndiProps.put(Context.SECURITY_CREDENTIALS, "secretpassword");
             //create a context passing these properties
             Context context = new InitialContext(jndiProps);
       final String appName = "";
       final String moduleName = "EJBSandbox";
       final String distinctName = "";
       final String beanName = CalculatorBean.class.getSimpleName();
       final String viewClassName = Calculator.class.getName();
       System.out.println("Looking EJB via JNDI ");
       System.out.println(moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);
       return (Calculator) context.lookup(moduleName + "/" + beanName + "!" + viewClassName);
 }
It works provided I have this jboss-ejb-client.properties in my classpath:
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=127.0.0.1
remote.connection.default.port = 4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
remote.connection.default.username=webTier
remote.connection.default.password=secretpassword
remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
However, if I remove the user name and password from the properties file, I get this exception:
ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
No EJB receiver available for handling [appName:,modulename:EJBSandbox,distinctname:] combination for invocation context ***@1a3a9bba
java.lang.IllegalStateException: No EJB receiver available for handling [appName:,modulename:EJBSandbox,distinctname:] combination for invocation context ***@1a3a9bba
Is there a way to remove security information from the property file (or encrypt it minimally) so that this is not in clear text on a web server in the DMZ? Any concrete examples?
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/788795#788795]
Start a new discussion in EJB3 at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]
"Remote context / security"
To view the discussion, visit: https://community.jboss.org/message/788795#788795
--------------------------------------------------------------
Hello.
I would like to understand if it is possible to have a web tier be the remote EJB client and not have any jboss-ejb-client.properites that expose security. I have this code:
   private static Calculator lookupRemoteEJB() throws NamingException {
             Properties jndiProps = new Properties();
             jndiProps.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
             jndiProps.put(Context.PROVIDER_URL,"remote://localhost:4447");
             jndiProps.put(Context.SECURITY_PRINCIPAL, "webTier");
             jndiProps.put(Context.SECURITY_CREDENTIALS, "secretpassword");
             //create a context passing these properties
             Context context = new InitialContext(jndiProps);
       final String appName = "";
       final String moduleName = "EJBSandbox";
       final String distinctName = "";
       final String beanName = CalculatorBean.class.getSimpleName();
       final String viewClassName = Calculator.class.getName();
       System.out.println("Looking EJB via JNDI ");
       System.out.println(moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);
       return (Calculator) context.lookup(moduleName + "/" + beanName + "!" + viewClassName);
 }
It works provided I have this jboss-ejb-client.properties in my classpath:
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=127.0.0.1
remote.connection.default.port = 4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
remote.connection.default.username=webTier
remote.connection.default.password=secretpassword
remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
However, if I remove the user name and password from the properties file, I get this exception:
ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
No EJB receiver available for handling [appName:,modulename:EJBSandbox,distinctname:] combination for invocation context ***@1a3a9bba
java.lang.IllegalStateException: No EJB receiver available for handling [appName:,modulename:EJBSandbox,distinctname:] combination for invocation context ***@1a3a9bba
Is there a way to remove security information from the property file (or encrypt it minimally) so that this is not in clear text on a web server in the DMZ? Any concrete examples?
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/788795#788795]
Start a new discussion in EJB3 at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]