How to disable security on the EJB remoting interface in JBoss EAP 6

Solution Verified - Updated 6 Aug 2024

Environment

Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x

Issue

Need to call remote EJB deployed on EAP 6 server from a WAR deployed on another eap6 server without security.
Is it possible to disable the security and call an EJB without setting username and password for the connection?
How to disable the security for the remoting subsystem?
I disabled the security for the remoting subsystem but get still the following Exception if I call an EJB on this server, what is the issue?

WARN: Could not register a EJB receiver for connection to localhost:4447
java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
	at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:80)
	at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:146)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:115)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:47)
	at org.jboss.ejb.client.EJBClientContext.getCurrent(EJBClientContext.java:279)
	at org.jboss.ejb.client.EJBClientContext.requireCurrent(EJBClientContext.java:289)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:178)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy18.getJBossNodeName(Unknown Source)
	at org.jboss.as.quickstarts.ejb.multi.server.Client.main(Client.java:80)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
	at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:113)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:443)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
	at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
	at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
	at org.xnio.nio.NioHandle.run(NioHandle.java:90)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:198)
	at ...asynchronous invocation...(Unknown Source)
	at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)
	at org.jboss.ejb.client.remoting.EndpointPool$PooledEndpoint.connect(EndpointPool.java:187)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:152)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:133)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:78)
	... 16 more

[WARNING] 
java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:jboss-ejb-multi-server-app-one, moduleName:ejb, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@2153b39b
	at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:747)
	at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:116)
	at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)
	at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:255)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:200)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:183)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy18.getJBossNodeName(Unknown Source)
	at org.jboss.as.quickstarts.ejb.multi.server.Client.main(Client.java:80)
	... 6 more

Resolution

Disable ApplicationRealm inside the remoting subsystem within the server configuration (standalone or domain)

change from:

        <subsystem xmlns="urn:jboss:domain:remoting:1.1">
            <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
        </subsystem>

to:

  <subsystem xmlns="urn:jboss:domain:remoting:1.1">
            <connector name="remoting-connector" socket-binding="remoting"/>
  </subsystem>

Set the correct properties for standalone clients

To call unsecured EJB's it is necessary to set the SASL_POLICY_NOANONYMOUS property to "false".
Here an example for the jboss-ejb-client.properties

remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

remote.connections=one
remote.connection.one.host=localhost
remote.connection.one.port = 4447
remote.connection.one.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

Set the correct properties for the remote-outbound-connection if the caller is inside of a server and use jboss-ejb-client.xml

        <subsystem xmlns="urn:jboss:domain:remoting:1.1">
            <connector name="remoting-connector" socket-binding="remoting"/>
            <outbound-connections>
                <remote-outbound-connection name="remote-ejb-connection-1" outbound-socket-binding-ref="remote-ejb-1">
                    <properties>
                        <property name="SASL_POLICY_NOANONYMOUS" value="false"/>
                        <property name="SSL_ENABLED" value="false"/>
                    </properties>
                </remote-outbound-connection>
            </outbound-connections>

Note If the target is a cluster the jboss-ejb-client.xml also need to have the property set for the cluster configuration

Related Solutions

How to disable security on the EJB remoting interface in JBoss EAP 7

Root Cause

The remoting connector security is enabled by default.

SBR

JBoss Base AS

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.