Details

    • Similar Issues:
      Show 10 results 

      Description

      If I use the SecureIdentity security-domain with my datasource, and I directly hardcode the password in the security-domain definition (in standalone.xml), AS7.1.1.Final starts up fine with no errors:

      <security-domain name="RHQDSSecurityDomain" cache-type="default">
      <authentication>
      <login-module code="SecureIdentity" flag="required">
      <module-option name="username" value="$

      {myser:rhqadmin}

      "/>
      <module-option name="password" value="1eeb2f255e832171df8592078de921bc"/>
      </login-module>
      </authentication>
      </security-domain>

      Notice that I use the sys prop variable in the username ($

      {var}

      notation) but not for password. But now, use it for the password too:

      <security-domain name="RHQDSSecurityDomain" cache-type="default">
      <authentication>
      <login-module code="SecureIdentity" flag="required">
      <module-option name="username" value="$

      {myser:rhqadmin}

      "/>
      <module-option name="password" value="$

      {mypass:1eeb2f255e832171df8592078de921bc}

      "/>
      </login-module>
      </authentication>
      </security-domain>

      Notice $

      {mypass:1eeb...}

      . I do not want to hardcode the encrypted password - I want to set that system property (preferably via the -P option) so I don't hardcode it here.

      But when I start up AS7, I get an exception. Here's the exception I see at startup:

      17:44:08,636 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()PB00024: Access Denied:Unauthenticated caller:null: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null
      at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1019)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1014)
      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_29]
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1013)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.deployXADataSource(AbstractDsDeployer.java:824)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:338)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:271)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:111)
      ...

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            John Mazzitelli added a comment -

            Note, it doesn't matter if I pass in -Dmypass=1eeb... or not. If I use $

            {var}

            notation in the password value in standalone.xml, this fails no matter if the sysprop is defined or not.

            Show
            John Mazzitelli added a comment - Note, it doesn't matter if I pass in -Dmypass=1eeb... or not. If I use $ {var} notation in the password value in standalone.xml, this fails no matter if the sysprop is defined or not.
            Hide
            John Mazzitelli added a comment -

            and for completeness, I also tried $

            {mypass}

            in the configuration (without providing a ":default") - still fails, whether I pass in -Dmypass=... or not.

            Show
            John Mazzitelli added a comment - and for completeness, I also tried $ {mypass} in the configuration (without providing a ":default") - still fails, whether I pass in -Dmypass=... or not.
            Hide
            Tomaz Cerar added a comment -

            module-option doesn't support expressions, so probably proper issue would be to add support for them.

            Show
            Tomaz Cerar added a comment - module-option doesn't support expressions, so probably proper issue would be to add support for them.
            Hide
            RH Bugzilla Integration added a comment -

            John Mazzitelli <mazz@redhat.com> made a comment on bug 851268

            I've got some notes on this port work found here on the wiki:

            https://docs.jboss.org/author/display/RHQ/Hosting+RHQ+Server+in+AS7

            Show
            RH Bugzilla Integration added a comment - John Mazzitelli <mazz@redhat.com> made a comment on bug 851268 I've got some notes on this port work found here on the wiki: https://docs.jboss.org/author/display/RHQ/Hosting+RHQ+Server+in+AS7
            Hide
            RH Bugzilla Integration added a comment -

            John Mazzitelli <mazz@redhat.com> made a comment on bug 851268

            removing all the external bug tracking links - the bugzilla integration to jira is not good:

            I will add "see also" links from this BZ to these:

            https://issues.jboss.org/browse/AS7-5342
            https://issues.jboss.org/browse/AS7-5336
            https://issues.jboss.org/browse/AS7-5321
            https://issues.jboss.org/browse/AS7-5177
            https://issues.jboss.org/browse/AS7-887
            https://issues.jboss.org/browse/AS7-3199

            Show
            RH Bugzilla Integration added a comment - John Mazzitelli <mazz@redhat.com> made a comment on bug 851268 removing all the external bug tracking links - the bugzilla integration to jira is not good: I will add "see also" links from this BZ to these: https://issues.jboss.org/browse/AS7-5342 https://issues.jboss.org/browse/AS7-5336 https://issues.jboss.org/browse/AS7-5321 https://issues.jboss.org/browse/AS7-5177 https://issues.jboss.org/browse/AS7-887 https://issues.jboss.org/browse/AS7-3199

              People

              • Assignee:
                Tomaz Cerar
                Reporter:
                John Mazzitelli
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Development