Connecting to aplication from remote client
157 views
Skip to first unread message
Holger
Mar 18, 2024, 5:25:05 AM3/18/24
to WildFly
Hi, this likely is once again a simple thing i overlooked.
the problem is the following: i have deployed an application to a wildfly 27 instance
the problem is the following: i have deployed an application to a wildfly 27 instance
this application also has a client. if i keep the configuration as java.naming.provider.url=remote+http://127.0.0.1:8080 and start the client on the same machine everything works. If i enter the remote IP and start the client on a different machine the client 'dies' without a message and the only thing i see in the logs is [io.undertow.request] (default I/O-1) Upgrading request HttpServerExchange{ GET /}
From my searches it appears it could be a security issue, but most descriptions i found had more logs saying something to that effect.
I'd be very grateful for any pointers and am fully aware that it is likely an oversight on my part.
I'd be very grateful for any pointers and am fully aware that it is likely an oversight on my part.
Wolfgang
Mar 18, 2024, 2:59:12 PM3/18/24
to WildFly
Hi Holger,
three basic things come into my mind:
0) can you open the remote WildFly homepage in a browser ("http://remotehost:8080")? Maybe a firewall blocks the server.
1) did you add a "Application User" using the script "add-user.bat/sh"? Or how do you manage the user?
2) do you specify username/password when connecting, e.g. by using a "jndi.properties"?
java.naming.factory.initial=org.wildfly.naming.client.WildFlyInitialContextFactory
java.naming.provider.url=remote+http://localhost:8080
java.naming.security.principal=theuser
java.naming.security.credentials=thepassword
java.naming.provider.url=remote+http://localhost:8080
java.naming.security.principal=theuser
java.naming.security.credentials=thepassword
Best regards
Wolfgang
Holger
Mar 19, 2024, 4:40:46 AM3/19/24
to WildFly
Hi Wolfgang,
thanks a bunch!
Passing the username/password did the trick.
I feel ashamed.
What i do not understand is why it wasnt necessary for a local connection.
In any case: Thank you so much.
Passing the username/password did the trick.
I feel ashamed.
What i do not understand is why it wasnt necessary for a local connection.
In any case: Thank you so much.
Wolfgang
Mar 19, 2024, 4:47:11 PM3/19/24
to WildFly
Glad I could help.
Anonymous access to "localhost" is allowed by the mechanism "JBOSS-LOCAL-USER" in "standalone.xml":
<sasl>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
...
</mechanism-configuration>
</sasl-authentication-factory>
...
</sasl>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
...
</mechanism-configuration>
</sasl-authentication-factory>
...
</sasl>
Reply all
Reply to author
Forward
0 new messages