Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-3684

RoleBasedCredentialMapIdentityLoginModule throws exception at startup time

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 8.7.1.6_2
    • Fix Version/s: 9.0, 8.12.5
    • Component/s: None
    • Labels:
      None

      Description

      If a data source is configured to use RoleBasedCredentialMapIdentityLoginModule, then exception is thrown at startup [1], because default username and password are null. Please, add module options "username" and "password" to set up default user (similar functionality have e.g. CallerIdentityLoginModule and PassthroughIdentityLoginModule), so DV is able to properly load data source at startup when no user is authenticated and therefore no mapping could be performed.
      Example configuration [2]. Note, there is no exception if UsersRoles login module is used instead of RealDirect. However, it means that EAP users are separate from DV users.

      FYI:

      • credentialMap module option should be defined as URL (file://...). It would be nice to have this information in the documentation.
      • I tried to use unauthenticatedIdentity module option for RealmDirect, but same exception has been thrown with different root cause (realm 'ApplicationRealm' not found). I do not know why.

      [1]
      ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-5) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
      at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_40]
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_40]
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_40]
      at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_40]

      [2]

      <security-domain name="my-sec">
          <authentication>
              <login-module code="RealmDirect" flag="required">
                  <module-option name="password-stacking" value="tryFirstPass"/>
                  <!--<module-option name="unauthenticatedIdentity" value="guest"/>-->
              </login-module>
              <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" module="org.jboss.teiid" flag="required">
                  <module-option name="password-stacking" value="useFirstPass"/>
                  <module-option name="credentialMap" value="file://${jboss.server.config.dir}/teiid-credentialmap.properties"/>
              </login-module>
          </authentication>
      </security-domain>
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                rareddy Ramesh Reddy
                Reporter:
                jdurani Juraj DurĂ¡ni
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: