1 Reply Latest reply on Oct 16, 2007 4:34 PM by yairinbal

    EncyptDBPassword

    wnorth

      I've been researching encrypting datasource passwords within the oracle-ds.xml file, which requires setting up a security domain per the following URL:

      http://www.jboss.org/wiki/Wiki.jsp?page=EncryptingDataSourcePasswords



      I followed the examples on the aforementioned link and can't seem to get it to work, the following represents the errors that I am seeing:

      13:26:26,551 INFO [database] Found data source asd_DS
      13:26:26,575 ERROR [database] Error:500: Unknown error on asd_DS,Invalid authentication attempt, principal=null
      java.lang.SecurityException: Invalid authentication attempt, principal=null
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:618)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:447)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:838)
      at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:102)
      at com.ameriquest.asd.utils.DBUtil.getConnection(DBUtil.java:51)
      at com.ameriquest.asd.sessionEJBS.ItinerarySession.getDisplayItinerary(ItinerarySession.java:380)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
      at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:214)
      at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
      at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:113)
      at org.jboss.webservice.server.ServiceEndpointInterceptor.invoke(ServiceEndpointInterceptor.java:51)
      at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
      at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:105)
      at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:313)
      at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:146)
      at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:123)
      at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
      at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
      at org.jboss.ejb.Container.invoke(Container.java:870)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
      at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
      at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:805)
      at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:406)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
      at sun.rmi.transport.Transport$1.run(Transport.java:153)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
      at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
      at java.lang.Thread.run(Thread.java:595)
      13:26:26,578 INFO [STDOUT] java.sql.SQLException: Error:500: Unknown error on asd_DS,Invalid authentication attempt, principal=null
      13:26:26,578 INFO [STDOUT] at com.ameriquest.asd.utils.DBUtil.getConnection(DBUtil.java:68)
      13:26:26,579 INFO [STDOUT] at com.ameriquest.asd.sessionEJBS.ItinerarySession.getDisplayItinerary(ItinerarySession.java:380)
      13:26:26,579 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      13:26:26,579 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      13:26:26,579 INFO [STDOUT] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      13:26:26,579 INFO [STDOUT] at java.lang.reflect.Method.invoke(Method.java:585)
      13:26:26,579 INFO [STDOUT] at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
      13:26:26,579 INFO [STDOUT] at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:214)
      13:26:26,579 INFO [STDOUT] at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
      13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:113)
      13:26:26,580 INFO [STDOUT] at org.jboss.webservice.server.ServiceEndpointInterceptor.invoke(ServiceEndpointInterceptor.java:51)
      13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
      13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:105)
      13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:313)
      13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:146)
      13:26:26,580 INFO [STDOUT] at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:123)
      13:26:26,581 INFO [STDOUT] at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
      13:26:26,581 INFO [STDOUT] at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
      13:26:26,581 INFO [STDOUT] at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
      13:26:26,581 INFO [STDOUT] at org.jboss.ejb.Container.invoke(Container.java:870)
      13:26:26,581 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      13:26:26,581 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      13:26:26,581 INFO [STDOUT] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      13:26:26,582 INFO [STDOUT] at java.lang.reflect.Method.invoke(Method.java:585)
      13:26:26,582 INFO [STDOUT] at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
      13:26:26,582 INFO [STDOUT] at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
      13:26:26,582 INFO [STDOUT] at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
      13:26:26,582 INFO [STDOUT] at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
      13:26:26,582 INFO [STDOUT] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)

      My login-config.xml is as follows:

      <application-policy name = "EncryptDBPassword">
       <authentication>
       <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule"
       flag = "required">
       <module-option name = "username">sys_user</module-option>
       <module-option name = "password">-187398cd0a5cc262</module-option>
       <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
      My oracle-ds.xml is as follows:
      
      <datasources>
      
       <local-tx-datasource>
       <jndi-name>asd_DS</jndi-name>
       <use-java-context>false</use-java-context>
       <connection-url>jdbc:oracle:thin:@10.34.112.114:1521:sidname</connection-url>
       <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
       <min-pool-size>5</min-pool-size>
       <max-pool-size>20</max-pool-size>
       <idle-timeout-minutes>0</idle-timeout-minutes>
       <blocking-timeout-millis>5000</blocking-timeout-millis>
       <check-valid-connection-sql>select 1 from dual</check-valid-connection-sql>
       <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
      <security-domain>EncryptDBPassword</security-domain>
       </local-tx-datasource>
      
      </datasources>
      
      
      I've followed the URL as best as I can and I still can't seem to get it to decrypt the password and pass the credentials. Note: the username and password in the login-config.xml are fictitious since I don't want to pass production data out on the net.
      
      Any thoughts/suggestions would be appreciated.
      
      -Wes