EJB remote lookup without authentication

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

EJB remote lookup without authentication

Wolf-Dieter Fink
Hi,
if I lookup a SLSB in as 7.1.0.Final or 7.1.1 the JNDI call
'my.ear/my.jar...' will not work without having a (application) user and
set the credential.
If I use native 'ejb:my.ear...' it will work nevertheless whether I set
username/password in jboss-ejb-client.properties or not.

For standalone.xml the security looks enabled:
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting"
security-realm="ApplicationRealm"/>
</subsystem>


I use 7.1.0.FINAL and 7.1.1 upstream (~noon)

Is this a BUG? Or is something changed between 7.1.0.SNAPSHOT and later?

Wolf
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: EJB remote lookup without authentication

Darran Lofthouse
It is the communication with the server that is secured - if you switch
to an approach that doesn't have a round trip with the server then there
will be no need for authentication.

Regards,
Darran Lofthouse.


On 03/06/2012 03:58 PM, Wolf-Dieter Fink wrote:

> Hi,
> if I lookup a SLSB in as 7.1.0.Final or 7.1.1 the JNDI call
> 'my.ear/my.jar...' will not work without having a (application) user and
> set the credential.
> If I use native 'ejb:my.ear...' it will work nevertheless whether I set
> username/password in jboss-ejb-client.properties or not.
>
> For standalone.xml the security looks enabled:
> <subsystem xmlns="urn:jboss:domain:remoting:1.1">
> <connector name="remoting-connector" socket-binding="remoting"
> security-realm="ApplicationRealm"/>
> </subsystem>
>
>
> I use 7.1.0.FINAL and 7.1.1 upstream (~noon)
>
> Is this a BUG? Or is something changed between 7.1.0.SNAPSHOT and later?
>
> Wolf
> _______________________________________________
> jboss-as7-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: EJB remote lookup without authentication

Wolf-Dieter Fink
sorry unclear,
I lookup with the name and try to call a method of the SLSB.
If I use JNDI it won't work (unless I add the user) if I use native ejb:
the method of the SLSB is executed.

Wolf

On 03/06/2012 05:13 PM, Darran Lofthouse wrote:

> It is the communication with the server that is secured - if you switch
> to an approach that doesn't have a round trip with the server then there
> will be no need for authentication.
>
> Regards,
> Darran Lofthouse.
>
>
> On 03/06/2012 03:58 PM, Wolf-Dieter Fink wrote:
>> Hi,
>> if I lookup a SLSB in as 7.1.0.Final or 7.1.1 the JNDI call
>> 'my.ear/my.jar...' will not work without having a (application) user and
>> set the credential.
>> If I use native 'ejb:my.ear...' it will work nevertheless whether I set
>> username/password in jboss-ejb-client.properties or not.
>>
>> For standalone.xml the security looks enabled:
>> <subsystem xmlns="urn:jboss:domain:remoting:1.1">
>> <connector name="remoting-connector" socket-binding="remoting"
>> security-realm="ApplicationRealm"/>
>> </subsystem>
>>
>>
>> I use 7.1.0.FINAL and 7.1.1 upstream (~noon)
>>
>> Is this a BUG? Or is something changed between 7.1.0.SNAPSHOT and later?
>>
>> Wolf
>> _______________________________________________
>> jboss-as7-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
> _______________________________________________
> jboss-as7-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev


--
Red Hat GmbH
Technopark II, Building 1
Werner-von-Siemens-Ring 11-15
85630 Grasbrunn
Germany

Email: [hidden email]
________________________________________________________________________
Handelsregister: Amtsgericht Muenchen HRB 153243
Geschaeftsfuehrer: Mark Hegarty, Charlie Peters, Michael Cunningham, Charles Cachera

_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: EJB remote lookup without authentication

Darran Lofthouse
Can you please show both your JNDI configuration and the EJB client
configuration?

Also is this call on the same machine as the server or truely remote?

Regards,
Darran Lofthouse.

On 03/06/2012 04:17 PM, Wolf-Dieter Fink wrote:

> sorry unclear,
> I lookup with the name and try to call a method of the SLSB.
> If I use JNDI it won't work (unless I add the user) if I use native ejb:
> the method of the SLSB is executed.
>
> Wolf
>
> On 03/06/2012 05:13 PM, Darran Lofthouse wrote:
>> It is the communication with the server that is secured - if you switch
>> to an approach that doesn't have a round trip with the server then there
>> will be no need for authentication.
>>
>> Regards,
>> Darran Lofthouse.
>>
>>
>> On 03/06/2012 03:58 PM, Wolf-Dieter Fink wrote:
>>> Hi,
>>> if I lookup a SLSB in as 7.1.0.Final or 7.1.1 the JNDI call
>>> 'my.ear/my.jar...' will not work without having a (application) user and
>>> set the credential.
>>> If I use native 'ejb:my.ear...' it will work nevertheless whether I set
>>> username/password in jboss-ejb-client.properties or not.
>>>
>>> For standalone.xml the security looks enabled:
>>> <subsystem xmlns="urn:jboss:domain:remoting:1.1">
>>> <connector name="remoting-connector" socket-binding="remoting"
>>> security-realm="ApplicationRealm"/>
>>> </subsystem>
>>>
>>>
>>> I use 7.1.0.FINAL and 7.1.1 upstream (~noon)
>>>
>>> Is this a BUG? Or is something changed between 7.1.0.SNAPSHOT and later?
>>>
>>> Wolf
>>> _______________________________________________
>>> jboss-as7-dev mailing list
>>> [hidden email]
>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>> _______________________________________________
>> jboss-as7-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>
>
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: EJB remote lookup without authentication

Wolf-Dieter Fink
Both on the same machine, is this detected by using native lookup?

=========  jboss-ejb-client.properties  ======
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

remote.connections=default
#remote.connections=default, two

remote.connection.default.host=localhost
remote.connection.default.port = 4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

remote.connection.default.username=kiki
remote.connection.default.password=nopsw
=======================
{code}
         Hashtable<String, String> p = new Hashtable<String, String>();
         p.put(InitialContext.URL_PKG_PREFIXES,
"org.jboss.ejb.client.naming");
{code}
=========================
{code JNDI}
         Hashtable<String, String> p = new Hashtable<String, String>();
         p.put(InitialContext.INITIAL_CONTEXT_FACTORY,
"org.jboss.naming.remote.client.InitialContextFactory");
         p.put(InitialContext.PROVIDER_URL, "remote://localhost:4447");
         p.put(Context.SECURITY_PRINCIPAL,"user");
         p.put(Context.SECURITY_CREDENTIALS, "user123");
{code}

_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev