Uploaded image for project: 'EJB Client Library (AS7+)'
  1. EJB Client Library (AS7+)
  2. EJBCLIENT-221

Cluster-based security credentials not being accessed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 4.0.15.Final
    • 4.0.0.Beta25
    • None

      The EJBClient invocation mechanism makes use of Remoting Connections from the client to a remote node when making invocations.

      In order to obtain a connection, RemoteEJBReceiver calls getConnection(URI uri, AuthenticationConfiguration ac, SSLContext ssl) and so must pass general security credentials (AuthenticationConfiguration) and an SSLContext as well if required:

      IoFuture<ConnectionPeerIdentity> getConnection(final EJBLocator<T> locator, AuthenticationConfiguration authenticationConfiguration, SSLContext sslContext)

      The AuthenticaionConfiguartion (for example) is obtained from the AuthenticationContext, with the help of the AuthenticationContextConfigurationClient:

      if (authenticationConfiguration == null) {
    authenticationConfiguration = CLIENT.getAuthenticationConfiguration(target, AuthenticationContext.captureCurrent(), -1, "ejb", "jboss");
}

      The AuthenticationContext is a repository of RuleNodes which describe the way in which we can match invocation requirements (like sending to a specific target URI) to configured AuthenticationConfigurations that we know about.

      The default AuthenticationContext is set up by populating an AuthenticationContext with security credentials from either an Elytron configuration file or the legacy jboss-ejb-client.properties file.

      The class LegacyElytronConfiguration is used to parse a jboss-ejb-client.properties file and create RuleNodes Rule/AuthenticationConfiguration pairs based on the connections, clusters and cluster nodes defined in that file. The generated rules can be matched on these elemsnts:

      connections:
-  match on host:<host>, port:<port> 
- to yield username, realm, password, callbackHandler, mechamismProps
clusters:
- match on protocol:"cluster", urnName:<cluster name> 
- to yield username, realm, password, callbackHandler, mechamismProps
cluster nodes:
- match on protocol:"node", urnName:<node name> 
- to yield username, realm, password, callbackHandler, mechamismProps

      These rules are generated, and available in the default AuthenticationContext, but do not seem to be incorporated into the authentication mechanism for making invocations on clusters.

              Unassigned Unassigned
              rachmato@redhat.com Richard Achmatowicz
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: