0

I've created a standalone client that connects to a WildFly 10 cluster running a simple server application. I'm using the DatabaseLoginModule configured in my client's properties to connect to my remote server. Authentication & authorization works as expected... except for "imperfect world" scenarios.

When I try a bad password I get (from the client's org.jboss logs):

javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   JBOSS-LOCAL-USER: javax.security.sasl.SaslException: Failed to read server challenge [Caused by java.io.FileNotFoundException: /home/appsrv/wildfly-10.1.0.Final/domain/tmp/auth/local2865129174817472197.challenge (No such file or directory)]
   PLAIN: Server rejected authentication

When I try accessing a remote method I'm not authorized to access I get (from the host controller's logs):

[Server:server02] 16:06:16,261 ERROR [org.jboss.as.ejb3.invocation] (default task-31) WFLYEJB0034: EJB Invocation failed on component Login for method public abstract java.lang.String com.test.serverapp.LoginRemote.getStr(): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract java.lang.String com.test.serverapp.LoginRemote.getStr() of bean: Login is not allowed

The real problem with both of these cases, however, is that my client application freezes perpetually in either situation. I realized the libraries in use here are probably attempting something in the background, so I dumped traffic from the client workstation to the host controller and I can see that every few seconds some packets are sent. So, it seems like it's just retrying forever (even though the log entries are only made once).

I'm not sure why the failures are not throwing an exception that I can handle. Any suggestions? One thought I had was to run this on a separate thread, then kill it after a timeout. It just feels like a hack though. I mean, what would I report back to the user trying their credentials? "Your credentials are bad... or maybe you're not authorized to do that..?"

TrunkFullOfGoats
  • 161
  • 1
  • 8
  • Is the server returning a HTTP 401 or 403? If so, then the client code should be giving up, not retrying. If not, then there is a bug on the Wildfly side. – stdunbar Jan 23 '17 at 22:26
  • It's not a connectivity nor availability issue. The remote EJB client communicates as intended with the endpoint. The problem is my expectation of results isn't what I think it should be. Which makes me suspect I'm doing something wrong. I'm taking a username/password from a JavaFX stage. I put that into a Properties object which I'm then building my EJBClientConfiguration with that I'm using to authenticate & authorize the user. If they provide an incorrect set of credentials, the program freezes and I'm left with the first problem above. – TrunkFullOfGoats Jan 23 '17 at 22:41
  • I realize that the 2nd issue, the authorization one. Where if a user tries RMI to a method where their role isn't allowed to access, I could prevent by limiting their access based on their role via the client application. I guess the problem there is that I'm not sure how to acquire their role assigned from the database. The DatabaseLoginModule seems to "handle" that and doesn't exactly give me access to it. – TrunkFullOfGoats Jan 23 '17 at 22:44
  • I'm not even sure I have the proper approach here. I was thinking maybe all users should be using a simple account. Then I should use a security interceptor to switch their role once they attempt to authenticate via the JavaFX client. I'm pretty new to this though, and most of the books I've read are about setup and development... but none seem to cover design. – TrunkFullOfGoats Jan 23 '17 at 22:45

0 Answers0