JBoss datasource encryption
aramin Jul 29, 2008 6:08 PMWe're running JBoss 4.0.5 (Windows in development, Linux in production), and I'm trying to encrypt a datasource password using our own algorithm, using this as a reference:
http://wiki.jboss.org/wiki/EncryptingDataSourcePasswords
I've been able to get this to work using the standard JBoss SecureIdentityLoginModule with an encrypted password. But I have not been able to tie in a custom algorithm.
I've changed the datasource.xml file to add the security domain:
<security-domain>EncryptDBPassword</security-domain>
and added the policy to login-config.xml:
<application-policy name="EncryptDBPassword"> <authentication> <login-module code="org.jboss.resource.security.SecureCustomLoginModule" flag="required"> <module-option name="username">admin</module-option> <module-option name="password">-207a6df87216de44</module-option> <module-option name="managedConnectionFactoryName">jboss.jca:name=PostgresDS,service=LocalTxCM</module-option> </login-module> </authentication> </application-policy>
I've then written my own SecureCustomLoginModule, which at this point is identical to SecureIdentityLoginModule, extending AbstractPasswordCredentialLoginModule. I keep it packaged in org.jboss.resource.security to it has access to the JBoss classes (like SubjectActions) and packaged it in a separate jar in the deploy folder.
But without even changing the encryption logic, JBoss will not authenticate when I use a custom security module. The code is the same, it just points to a different class.
Is there an example of a working or recommended implementation of this? A requirement here is to use our own encryption algorithm and custom key.
Errors follow below.
Thanks to anyone who can help!
error:
State: FAILED Reason: java.lang.SecurityException: Invalid authentication attempt, principal=null java.lang.SecurityException: Invalid authentication attempt, principal=null at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:572) at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:378) at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:812) at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:88) at org.jboss.ejb.plugins.cmp.jdbc.SQLUtil.fixTableName(SQLUtil.java:173) at org.jboss.ejb.plugins.cmp.jdbc.bridge.JDBCEntityBridge.init(JDBCEntityBridge.java:157) at org.jboss.ejb.plugins.cmp.jdbc.JDBCStoreManager.initStoreManager(JDBCStoreManager.java:435) at org.jboss.ejb.plugins.cmp.jdbc.JDBCStoreManager.start(JDBCStoreManager.java:368) at org.jboss.ejb.plugins.CMPPersistenceManager.start(CMPPersistenceManager.java:172) at org.jboss.ejb.EntityContainer.startPmAndInterceptors(EntityContainer.java:1063) at org.jboss.ejb.EjbModule.startService(EjbModule.java:422)
(If I switch back to the SecureIdentityLoginModule then everything works fine)