EncyptDBPassword
wnorth Mar 29, 2005 4:42 PMI've been researching encrypting datasource passwords within the oracle-ds.xml file, which requires setting up a security domain per the following URL:
http://www.jboss.org/wiki/Wiki.jsp?page=EncryptingDataSourcePasswords
I followed the examples on the aforementioned link and can't seem to get it to work, the following represents the errors that I am seeing:
13:26:26,551 INFO [database] Found data source asd_DS
13:26:26,575 ERROR [database] Error:500: Unknown error on asd_DS,Invalid authentication attempt, principal=null
java.lang.SecurityException: Invalid authentication attempt, principal=null
at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:618)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:447)
at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:838)
at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:102)
at com.ameriquest.asd.utils.DBUtil.getConnection(DBUtil.java:51)
at com.ameriquest.asd.sessionEJBS.ItinerarySession.getDisplayItinerary(ItinerarySession.java:380)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:214)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:113)
at org.jboss.webservice.server.ServiceEndpointInterceptor.invoke(ServiceEndpointInterceptor.java:51)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:105)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:313)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:146)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:123)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
at org.jboss.ejb.Container.invoke(Container.java:870)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:805)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:406)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
at sun.rmi.transport.Transport$1.run(Transport.java:153)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:595)
13:26:26,578 INFO [STDOUT] java.sql.SQLException: Error:500: Unknown error on asd_DS,Invalid authentication attempt, principal=null
13:26:26,578 INFO [STDOUT] at com.ameriquest.asd.utils.DBUtil.getConnection(DBUtil.java:68)
13:26:26,579 INFO [STDOUT] at com.ameriquest.asd.sessionEJBS.ItinerarySession.getDisplayItinerary(ItinerarySession.java:380)
13:26:26,579 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
13:26:26,579 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
13:26:26,579 INFO [STDOUT] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
13:26:26,579 INFO [STDOUT] at java.lang.reflect.Method.invoke(Method.java:585)
13:26:26,579 INFO [STDOUT] at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
13:26:26,579 INFO [STDOUT] at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:214)
13:26:26,579 INFO [STDOUT] at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:113)
13:26:26,580 INFO [STDOUT] at org.jboss.webservice.server.ServiceEndpointInterceptor.invoke(ServiceEndpointInterceptor.java:51)
13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:105)
13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:313)
13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:146)
13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:123)
13:26:26,581 INFO [STDOUT] at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
13:26:26,581 INFO [STDOUT] at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
13:26:26,581 INFO [STDOUT] at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
13:26:26,581 INFO [STDOUT] at org.jboss.ejb.Container.invoke(Container.java:870)
13:26:26,581 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
13:26:26,581 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
13:26:26,581 INFO [STDOUT] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
13:26:26,582 INFO [STDOUT] at java.lang.reflect.Method.invoke(Method.java:585)
13:26:26,582 INFO [STDOUT] at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
13:26:26,582 INFO [STDOUT] at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
13:26:26,582 INFO [STDOUT] at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
13:26:26,582 INFO [STDOUT] at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
13:26:26,582 INFO [STDOUT] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
My login-config.xml is as follows:
<application-policy name = "EncryptDBPassword"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <module-option name = "username">sys_user</module-option> <module-option name = "password">-187398cd0a5cc262</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> </login-module> </authentication> </application-policy> My oracle-ds.xml is as follows: <datasources> <local-tx-datasource> <jndi-name>asd_DS</jndi-name> <use-java-context>false</use-java-context> <connection-url>jdbc:oracle:thin:@10.34.112.114:1521:sidname</connection-url> <driver-class>oracle.jdbc.driver.OracleDriver</driver-class> <min-pool-size>5</min-pool-size> <max-pool-size>20</max-pool-size> <idle-timeout-minutes>0</idle-timeout-minutes> <blocking-timeout-millis>5000</blocking-timeout-millis> <check-valid-connection-sql>select 1 from dual</check-valid-connection-sql> <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name> <security-domain>EncryptDBPassword</security-domain> </local-tx-datasource> </datasources> I've followed the URL as best as I can and I still can't seem to get it to decrypt the password and pass the credentials. Note: the username and password in the login-config.xml are fictitious since I don't want to pass production data out on the net. Any thoughts/suggestions would be appreciated. -Wes