Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8430

EJB call through remote-outbound-connection doesn't authenticate with Elytron

XMLWordPrintable

    • Hide

      AS TS has a regression test:

      cd testsuite/integration/basic
mvn clean test -Delytron -Dwildfly.tmp.enable.elytron.profile.tests=true -Dwildfly.tmp.enable.invocation.tests=true -Dtest=EJBClientDescriptorTestCase

      It fails with root cause:

      Caused by: java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB matching "StatelessEJBLocator for "/ejb-client-descriptor-test/DelegateEchoBean", view is interface org.jboss.as.test.integration.ejb.client.descriptor.RemoteEcho, affinity is None"
	at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:704)
	at org.jboss.ejb.client.EJBClientContext.performLocatedAction(EJBClientContext.java:686)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:96)
	at com.sun.proxy.$Proxy53.echo(Unknown Source)
	at org.jboss.as.test.integration.ejb.client.descriptor.EchoBean.echo(EchoBean.java:44)
	... 69 more
	Suppressed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   JBOSS-LOCAL-USER: javax.security.sasl.SaslException: Server rejected authentication
		at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:108)
		at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:428)
		at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:241)
		at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
		at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
		at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
		at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
		at ...asynchronous invocation...(Unknown Source)
		at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:465)
		at org.jboss.remoting3.FutureConnection.getConnection(FutureConnection.java:117)
		at org.jboss.remoting3.FutureConnection.init(FutureConnection.java:77)
		at org.jboss.remoting3.FutureConnection.get(FutureConnection.java:152)
		at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:407)
		at org.jboss.remoting3.EndpointImpl.getConnection(EndpointImpl.java:341)
		at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:135)
		at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:112)
		at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.lambda$discover$0(RemotingEJBDiscoveryProvider.java:101)
		at java.security.AccessController.doPrivileged(Native Method)
		at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:101)
		at org.wildfly.discovery.impl.AggregateDiscoveryProvider.discover(AggregateDiscoveryProvider.java:58)
		at org.wildfly.discovery.Discovery.discover(Discovery.java:94)
		at org.jboss.ejb.client.EJBClientContext.discover(EJBClientContext.java:440)
		at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:699)
		... 74 more
		Suppressed: javax.security.sasl.SaslException: Server rejected authentication
			at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:716)
			at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:560)
			at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
			at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
			at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
			at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
      Show
      AS TS has a regression test: cd testsuite/integration/basic mvn clean test -Delytron -Dwildfly.tmp.enable.elytron.profile.tests= true -Dwildfly.tmp.enable.invocation.tests= true -Dtest=EJBClientDescriptorTestCase It fails with root cause: Caused by: java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB matching "StatelessEJBLocator for "/ejb-client-descriptor-test/DelegateEchoBean", view is interface org.jboss.as.test.integration.ejb.client.descriptor.RemoteEcho, affinity is None" at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:704) at org.jboss.ejb.client.EJBClientContext.performLocatedAction(EJBClientContext.java:686) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:96) at com.sun.proxy.$Proxy53.echo(Unknown Source) at org.jboss.as.test.integration.ejb.client.descriptor.EchoBean.echo(EchoBean.java:44) ... 69 more Suppressed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: JBOSS-LOCAL-USER: javax.security.sasl.SaslException: Server rejected authentication at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:108) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:428) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:241) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) at ...asynchronous invocation...(Unknown Source) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:465) at org.jboss.remoting3.FutureConnection.getConnection(FutureConnection.java:117) at org.jboss.remoting3.FutureConnection.init(FutureConnection.java:77) at org.jboss.remoting3.FutureConnection.get(FutureConnection.java:152) at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:407) at org.jboss.remoting3.EndpointImpl.getConnection(EndpointImpl.java:341) at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:135) at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:112) at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.lambda$discover$0(RemotingEJBDiscoveryProvider.java:101) at java.security.AccessController.doPrivileged(Native Method) at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:101) at org.wildfly.discovery.impl.AggregateDiscoveryProvider.discover(AggregateDiscoveryProvider.java:58) at org.wildfly.discovery.Discovery.discover(Discovery.java:94) at org.jboss.ejb.client.EJBClientContext.discover(EJBClientContext.java:440) at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:699) ... 74 more Suppressed: javax.security.sasl.SaslException: Server rejected authentication at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:716) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:560) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)

      The remote-outbound-connection with user authentication configured, doesn't work with Elytron because the SASL authentication fails.

      Scenario:

      • from a deployment is made a remote EJB call through defined remote-outbound-connection (which specifies valid username and legacy security realm with valid password)

      Current behavior:

      • The call fails with authentication exception (for Elytron configuration).

      Expected behavior:

      • The remote EJB call is allowed with Elytron configured as the default security provider

              darran.lofthouse@redhat.com Darran Lofthouse
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: