Remoting WildFly Subsystem Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 7: Line 7:
Remoting connection attempts are authenticated against a configurable set of authentication mechanisms.
Remoting connection attempts are authenticated against a configurable set of authentication mechanisms.


The presence of the '<tt>security-realm</tt>' attribute in the remoting connector configuration triggers the enabling of authentication within the remoting service, by initializing the list of authentication mechanisms to those contributed by the security realm. The "ApplicationRealm" security realm employs "DIGEST" and "LOCAL" security mechanisms.  
The presence of the '<tt>security-realm</tt>' attribute in the remoting connector configuration triggers enabling of authentication within the remoting service, by initializing the list of authentication mechanisms to those contributed by the security realm. The "ApplicationRealm" security realm employs "DIGEST" and "LOCAL" security mechanisms.  


For more details on the local authentication mechanism see [[WildFly Security Realms#The_.24local_User|the 'LOCAL' authentication mechanism]].
For more details on the local authentication mechanism see [[WildFly Security Realms#The_.24local_User|the 'LOCAL' authentication mechanism]].

Revision as of 00:09, 12 April 2016

Internal

Security

Remoting connection attempts are authenticated against a configurable set of authentication mechanisms.

The presence of the 'security-realm' attribute in the remoting connector configuration triggers enabling of authentication within the remoting service, by initializing the list of authentication mechanisms to those contributed by the security realm. The "ApplicationRealm" security realm employs "DIGEST" and "LOCAL" security mechanisms.

For more details on the local authentication mechanism see the 'LOCAL' authentication mechanism.

Removing 'security-realm="ApplicationRealm"' from the remoting connector configuration ends up in the installation of the "ANONYMOUS" authentication mechanism, which enforces no authentication.

For more on JBoss 7 security, see WildFly Security Realms.

Authenticated Remoting Call

How do I inject the credentials on the client so I actually make an authenticated remoting call?

Remoting and JMX Access

JBoss Remoting provides the transport of the JSR-160 Java Management Extensions (JMX) Remote API (TODO: https://home.feodorov.com:9443/wiki/Wiki.jsp?page=JSR160JavaManagementExtensionsJMXRemoteAPI compliant implementation of a JMXConnector (TODO: https://home.feodorov.com:9443/wiki/Wiki.jsp?page=JMXConnector) that can be used by standard monitoring applications (such as VisualVM (TODO: https://home.feodorov.com:9443/wiki/Wiki.jsp?page=VisualVM)) to access the JMX bus. This is why JBoss Remoting configuration and security is relevant when an external JMX client needs access to JBoss.