Details

    • Similar Issues:
      Show 10 results 

      Description

      If I use the SecureIdentity security-domain with my datasource, and I directly hardcode the password in the security-domain definition (in standalone.xml), AS7.1.1.Final starts up fine with no errors:

      <security-domain name="RHQDSSecurityDomain" cache-type="default">
      <authentication>
      <login-module code="SecureIdentity" flag="required">
      <module-option name="username" value="$

      {myser:rhqadmin}

      "/>
      <module-option name="password" value="1eeb2f255e832171df8592078de921bc"/>
      </login-module>
      </authentication>
      </security-domain>

      Notice that I use the sys prop variable in the username ($

      {var}

      notation) but not for password. But now, use it for the password too:

      <security-domain name="RHQDSSecurityDomain" cache-type="default">
      <authentication>
      <login-module code="SecureIdentity" flag="required">
      <module-option name="username" value="$

      {myser:rhqadmin}

      "/>
      <module-option name="password" value="$

      {mypass:1eeb2f255e832171df8592078de921bc}

      "/>
      </login-module>
      </authentication>
      </security-domain>

      Notice $

      {mypass:1eeb...}

      . I do not want to hardcode the encrypted password - I want to set that system property (preferably via the -P option) so I don't hardcode it here.

      But when I start up AS7, I get an exception. Here's the exception I see at startup:

      17:44:08,636 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()PB00024: Access Denied:Unauthenticated caller:null: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null
      at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1019)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1014)
      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_29]
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1013)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.deployXADataSource(AbstractDsDeployer.java:824)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:338)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:271)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:111)
      ...

        Issue Links

          Activity

          Hide
          John Mazzitelli
          added a comment -

          Note, it doesn't matter if I pass in -Dmypass=1eeb... or not. If I use $

          {var}

          notation in the password value in standalone.xml, this fails no matter if the sysprop is defined or not.

          Show
          John Mazzitelli
          added a comment - Note, it doesn't matter if I pass in -Dmypass=1eeb... or not. If I use $ {var} notation in the password value in standalone.xml, this fails no matter if the sysprop is defined or not.
          Hide
          John Mazzitelli
          added a comment -

          and for completeness, I also tried $

          {mypass}

          in the configuration (without providing a ":default") - still fails, whether I pass in -Dmypass=... or not.

          Show
          John Mazzitelli
          added a comment - and for completeness, I also tried $ {mypass} in the configuration (without providing a ":default") - still fails, whether I pass in -Dmypass=... or not.
          Hide
          Tomaz Cerar
          added a comment -

          module-option doesn't support expressions, so probably proper issue would be to add support for them.

          Show
          Tomaz Cerar
          added a comment - module-option doesn't support expressions, so probably proper issue would be to add support for them.
          Hide
          RH Bugzilla Integration
          added a comment -

          John Mazzitelli <mazz@redhat.com> made a comment on bug 851268

          I've got some notes on this port work found here on the wiki:

          https://docs.jboss.org/author/display/RHQ/Hosting+RHQ+Server+in+AS7

          Show
          RH Bugzilla Integration
          added a comment - John Mazzitelli <mazz@redhat.com> made a comment on bug 851268 I've got some notes on this port work found here on the wiki: https://docs.jboss.org/author/display/RHQ/Hosting+RHQ+Server+in+AS7
          Hide
          RH Bugzilla Integration
          added a comment -

          John Mazzitelli <mazz@redhat.com> made a comment on bug 851268

          removing all the external bug tracking links - the bugzilla integration to jira is not good:

          I will add "see also" links from this BZ to these:

          https://issues.jboss.org/browse/AS7-5342
          https://issues.jboss.org/browse/AS7-5336
          https://issues.jboss.org/browse/AS7-5321
          https://issues.jboss.org/browse/AS7-5177
          https://issues.jboss.org/browse/AS7-887
          https://issues.jboss.org/browse/AS7-3199

          Show
          RH Bugzilla Integration
          added a comment - John Mazzitelli <mazz@redhat.com> made a comment on bug 851268 removing all the external bug tracking links - the bugzilla integration to jira is not good: I will add "see also" links from this BZ to these: https://issues.jboss.org/browse/AS7-5342 https://issues.jboss.org/browse/AS7-5336 https://issues.jboss.org/browse/AS7-5321 https://issues.jboss.org/browse/AS7-5177 https://issues.jboss.org/browse/AS7-887 https://issues.jboss.org/browse/AS7-3199

            People

            • Assignee:
              Tomaz Cerar
              Reporter:
              John Mazzitelli
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: