-
1. Re: LoginModule with oracle datasource
vickyk Oct 17, 2007 1:58 AM (in response to ubersloth)Try this
<application-policy name="EncryptDBPassword"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">props1/users.properties</module-option> <module-option name="rolesProperties">props1/roles.properties</module-option> </login-module> <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required"> <module-option name="username">scott</module-option> <module-option name="password">-170dd0fbd8c13748</module-option> <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OracleDSJAAS</module-option> </login-module> </authentication> </application-policy>
You have to use the multiple login modules for authentication .
You would be having the web tier which would be using the DataSource , the subject would be populated using that secured web tier .
If you don't have secured web tier then the Login module would not populate the security credentials and thus you would get the exception what you are seeing ..... -
2. Re: LoginModule with oracle datasource
ubersloth Oct 17, 2007 5:04 AM (in response to ubersloth)Hi, vickyk.
Thank you for your very quick reply. It was right over money.
I've pored over jboss manuals for hours and googled intensively, but still this relatively simple solution hasn't presented itself.
To make the solution work I used your suggested configuration. The only change I had to make was add this line:<module-option name="unauthenticatedIdentity">nobody</module-option>
Again, thanks! -
3. Re: LoginModule with oracle datasource
vickyk Oct 17, 2007 5:20 AM (in response to ubersloth)Can you contribute by making a wiki for this ?
-
4. Re: LoginModule with oracle datasource
ubersloth Oct 17, 2007 5:40 AM (in response to ubersloth)
Certainly. I am writing internal documentation about this and will wikify it once I'm done. -
5. Re: LoginModule with oracle datasource
vickyk Oct 17, 2007 5:43 AM (in response to ubersloth)Excellent :)
-
6. Re: LoginModule with oracle datasource
ubersloth Oct 17, 2007 5:20 PM (in response to ubersloth)You can now find it here: http://www.jboss.com/wiki/Edit.jsp?page=ConfigDataSources
Under 'Configuring a DataSource to use login modules'. -
7. Re: LoginModule with oracle datasource
bitti1976 Jul 9, 2008 3:36 PM (in response to ubersloth)Hi:
I have the exact same issue.
What do you put in the user.properties and roles.propertis file, and where do you place them? I am very new to Jboss also, and just trying to get the Oracle datasource password encryption to work, but it keeps failing with principal=null error. I do not know what "principal is"?
Can you please help me. I would really appreciate that!
Thanks. -
8. Re: LoginModule with oracle datasource
peterj Jul 9, 2008 3:47 PM (in response to ubersloth)bitti1976 - you should have started a new post instead of appending to a post that is almost a year old.
Did you look in the JBossAS directory structure for the user.properties and role.properties files?
You already asked about the password encryption question in another post, let's continue that discussion there.
The term "principle" refers to the login, and other security-related information, about the person/entity who is logged in. -
9. Re: LoginModule with oracle datasource
bitti1976 Jul 10, 2008 3:43 PM (in response to ubersloth)Hello PeterJ:
I did actually start a new post, which happened to notice also. I responded to this post since I found this to be the closest to what I am trying to accomplish (and the error matches exactly with what I see in my test), and was getting really desparate for help. I wanted to give the solution in this post a try and see if that fixed my issues, but had a question about the user.properties and role.properties file.
I have looked at the JbossAS directory structure, and so far have only modified the properties file under $JBOSS_HOME/server/default/conf/props to secure the jmx-console.
Thanks you for your response to my other post. I appreciate your help.