Hi Darran,
Thanks for quick response. To give some background about our application, we use the default security domain "other" and uses a customized login module which extents javax.security.auth.spi.LoginModule for authentication. The principal propagated using the Picketbox "SecurityContextAssociation".
After Elytron migration, the problem comes, when the remote client(different JVM) trying to accessing the EJB. my sample client code is like this,
try{
final Hashtable jndiProperties = new Hashtable();
jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
jndiProperties.put(Context.PROVIDER_URL, "http-remoting://localhost:1099");
jndiProperties.put(Context.SECURITY_PRINCIPAL, "username");
jndiProperties.put(Context.SECURITY_CREDENTIALS, "password");
final Context context = new InitialContext(jndiProperties);
ChangeDetectionRemote ch = (ChangeDetectionRemote)context.lookup(EjbNames.getRemoteJndiLookupName(EjbNames.ChangeDetection));
System.out.println(ch.getChangeDetectionStateMessage());
}catch (Exception e){
e.printStackTrace();
}
The client code works only if I add user into the property files. if the user is not available then, getting the below error
Suppressed: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:736)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:578)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
I don't want to add user credentials in properties files.
not sure, do we really needs to use custom realm . My understanding is that, the Elytron ApplicationDomain is equivalent of legacy security domain "other"