EJB calls over HTTP | Authentication issue
284 views
Skip to first unread message
Prateek Jain
Sep 25, 2023, 10:13:20 AM9/25/23
to WildFly
Hi All,
I am trying to reproduce the scenario (in jboss-EAP-7.3 [wildfly-18]) as shown in figure. 
I can successfully do this when using remote+http protocol. But fails when trying to use only http. The issue is, server1 doesnt send any authentication information to server2. So, the call gets rejected and I see this log in server1
java.lang.SecurityException: WFHTTP000008: Authentication failed
and following log in server2
09:31:28,197 DEBUG [io.undertow.request.security] (default I/O-2) Setting authentication required for exchange HttpServerExchange{ POST /wildfly-services/ejb/v1/invoke/poc-ear2/remote-ejb2/-/Level2Ejb/-/com.poc.remote.ejb.level2.api.PodNameReturner/returnPodName}
Here are the configurations on server1:
$server-1/bin/add-user.sh -a -u 'quickstartUser' -p 'quickstartPwd1!' -g 'guest'
then execute following CLI commands
/subsystem=elytron/authentication-configuration=ejb-auth-config:add(authentication-name=quickstartUser, credential-reference={clear-text="quickstartPwd1!"})
/subsystem=elytron/authentication-context=ejb-auth-context:add(match-rules=[{authentication-configuration=ejb-auth-config}])
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-ejb:add(host=localhost, port=8080)
/subsystem=remoting/remote-outbound-connection=remote-ejb-connection:add(authentication-context=ejb-auth-context, outbound-socket-binding-ref=remote-ejb)
:reload
--------------------
Configurations on server2
${jboss.home.name}/bin/add-user.sh -a -u 'quickstartUser' -p 'quickstartPwd1!' -g 'guest'
execute following CLI commands
/subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain)
/subsystem=remoting/http-connector=http-remoting-connector:undefine-attribute(name=security-realm)
:reload
------------------
As I already mentioned, client call gets rejected because there is no authentication information passed by server1.
Any clues, what might be missing? I have gone through following links:
Regards,
Prateek
Manuel Finelli
Sep 26, 2023, 10:53:34 AM9/26/23
to Prateek Jain, WildFly
Hi Prateek,
I'm not sure what Application Server you're using:
- In case you're using EAP, contact Red Hat official support in your region
- In case you're using WildFly, I would suggest you update the version of WildFly you're using.
Then, please refer to the quickstart ejb-txn-remote-call
Best,
Manuel
--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/32ccfd34-6a0f-4112-ab88-a7dba787512fn%40googlegroups.com.
Tommaso Borgato
Sep 26, 2023, 10:58:26 AM9/26/23
to WildFly
Hi Prateek,
Can you link a https://gist.github.com/ with your client code? (remove any sensitive information)
that would help investigating....
Tommaso
Manuel Finelli
Sep 26, 2023, 2:21:02 PM9/26/23
to Prateek Jain, WildFly
Hi Prateek,
It is possible to use a direct lookup (the one you mentioned in your message), or you can set up a "remote outbound socket" with an "authentication context". You can read more about it in the README of the quickstart I mentioned earlier.
I hope this helps :-)
Manuel
Hi Manuel,Thanks for your reply. I looked at the example that you shared and I see that it it passing user-id/password via codewhereas, my expectation is authentication and location information of implementation should be at jboss level.Regards,Prateek Jain
Reply all
Reply to author
Forward
0 new messages