Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-3811

Difficult to identify datasource with wrong credentials if security-domain is used

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.0.1.CR1, 7.0.1.GA
    • 7.0.0.ER6
    • JCA
    • None
    • EAP 7.0.1

      Description of problem:

      If the password for any datasource is invalid, and there are multiple datasources defined, it is difficult to identify the problematic datasource from the the console log.

      In this particular case, security-domain is used for the login credential.

      Version-Release number of selected component (if applicable):

      How reproducible:
      Always

      Steps to Reproduce:
      1. Using the attached standalone-ds2.xml and app.properties, start an EAP 6 instance with the following commands

      ./standalone.sh -c standalone-ds2.xml -P app.properties

      user=lami
      password=57f4a2091f03f2fd

      Actual results:
      2. Console log reports

      17:49:54,660 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) JBAS010400: Bound data source [java:/DefaultDS]
      17:49:54,663 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-3) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
      at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
      at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]

      17:49:54,670 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) JBAS010400: Bound data source [java:/DefaultDS2]

      Expected results:
      Console clearly identifies which login id was problematic

      Additional info:
      Password encrypted using
      java -cp ../modules/system/layers/base/.overlays/layer-base-jboss-eap-6.4.5.CP/org/picketbox/main/picketbox-4.1.2.Final-redhat-1.jar:../modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.4.GA-redhat-2.jar:CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule lami
      Encoded password: 57f4a2091f03f2fd

            rhn-engineering-lgao Lin Gao
            rhn-engineering-lgao Lin Gao
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: