HTTP 401 Unauthorized is output to accless.log when accessed from EJB client using EJB over HTTP
Environment
Red Hat JBoss Enterprise Application Platform (EAP)
- 7.3
- 7.4
Issue
HTTP 401 Unauthorized is output to accless.log only once when accessed from an EJB client using EJB over HTTP.
10.0.2.2 - - [15/Aug/2022:20:47:30 +0900] "POST /wildfly-services/ejb/v1/invoke/-/ejb-remote-server-side/-/CalculatorBean/-/org.jboss.as.quickstarts.ejb.remote.stateless.RemoteCalculator/add/int/int HTTP/2.0" 401 77
...
Resolution
This is expected behavior. The HTTP 401 Unauthorized is caused by the EJB authentication process and only occurs once because the connection is cached and reused.
Root Cause
The ejb-remote application included in the jboss-eap-quickstarts can be used to reproduce the problem.
-
Add user and deploy EJB application to JBoss EAP server.
$JBOSS_HOME/bin/add-user.sh -a -u 'quickstartUser' -p 'quickstartPwd1!' cd jboss-eap-quickstarts/ejb-remote mvn clean install wildfly:deploy
-
Generate EJB Client module and execute.
cd jboss-eap-quickstarts/ejb-remote/client mvn package assembly:single mvn -Dhttp=true exec:exec
EJB over HTTP is used by adding the option -Dhttp=true
when the EJB client is executed.
If you enable the Request Dumping Handler and check server.log, you will see that the first HTTP 401 Unauthorized response returns a WWW-Authenticate header for DIGEST authentication.
In the following example, "AAAABAAAAvX+AhA1VniUOnq2tr6ubcslmZeNzJ4lwahDCP8yF/Az2hDrfN8=" is the digest information.
Digest realm="ApplicationRealm", nonce="AAAABAAAAvX+AhA1VniUOnq2tr6ubcslmZeNzJ4lwahDCP8yF/Az2hDrfN8=", opaque="00000000000000000000000000000000", algorithm=MD5, qop=auth
Then, for the second and subsequent requests, EJB client sends an Authorization header containing the user name and digest information.
Digest username="quickstartUser", uri="http://localhost:8080/wildfly-services/ejb/v1/invoke/-/ejb-remote-server-side/-/CalculatorBean/-/org.jboss.as.quickstarts.ejb.remote.stateless.RemoteCalculator/add/int/int", realm="ApplicationRealm", nc=00000001, cnonce="KlqoBoaqYswb2uiVaRcWBkupjurkIF45vpTh-KJw", algorithm=MD5, nonce="AAAABAAAAvX+AhA1VniUOnq2tr6ubcslmZeNzJ4lwahDCP8yF/Az2hDrfN8=", opaque="00000000000000000000000000000000", qop=auth, response="1eb1faa16b0ed1aaf576508396e0bfe3"
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments