Disabling Security on http-invoker EJB for JBoss EAP 7.2

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat JBoss Enterprise Application Platform
- 7.2
EJBs via http-invoker

Issue

Disabling security doesn't allow the EJB client to connect

After disabling security with

/subsystem=remoting/http-connector=http-remoting-connector:undefine-attribute(name=security-realm)

/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker:write-attribute(name=security-realm)

I get this exception in server.log:

  ERROR [org.jboss.as.ejb3.invocation] (default task-1) {} WFLYEJB0034: EJB Invocation failed on component ServiceBean for method public abstract some.class.package.Message some.class.package.RemoteService.getMessage(some.class.package.Message): java.lang.IllegalArgumentException: Parameter 'identity' may not be null
      at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:71)
      at org.wildfly.common.Assert.checkNotNullParam(Assert.java:49)
      at org.wildfly.security.auth.server.SecurityDomain.forIdentity(SecurityDomain.java:187)
      at org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:313)

Resolution

This currently doesn't work. The workaround is to use simple property-file security and pass the password in the EJB client InitialContext:

JBoss CLI:

   /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker:write-attribute(name=security-realm, value=ApplicationRealm)

and for the EJB InitialContext on the client.

    Properties props = new Properties();
    props.put(Context.INITIAL_CONTEXT_FACTORY, WildFlyInitialContextFactory.class.getName());
    props.put(Context.PROVIDER_URL, "http://127.0.0.1:9080/wildfly-services");
    props.put(Context.SECURITY_PRINCIPAL, "ejb");
    props.put(Context.SECURITY_CREDENTIALS, "1234");
    return new InitialContext(props);

This assumes the default configuration for the ApplicationRealm, which uses property file security. Make sure to use `add-user.sh" to add the userId and password for the user referenced in the code above.

Root Cause

Creating this sort of connection without security simply wasn't implemented in JBoss EAP 7.2.0GA. Engineering is adding the feature. See issue: Content from issues.jboss.org is not included.JBEAP-16383.

SBR

JBoss Security

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.