2 Replies Latest reply on Apr 18, 2003 5:07 PM by benwalstrum

Firebird security domain problem

benwalstrum Apr 18, 2003 1:23 PM

Hello everyone -

I am migrating from 3.0.4 to 3.2.0, and am trying to get my datasources set up. I am using FireBird, and as such have switched from using firebird-service.xml to firebird-ds.xml to configure my Firebird datasource. It should be noted that we originally were using an Interbase client, and that is why the datasource is named InterbaseDS.

Here's my firebird-ds.xml:

<connection-factories>
<tx-connection-factory>
<jndi-name>InterbaseDS</jndi-name>
<xa-transaction />
<adapter-display-name>Firebird Database Connector</adapter-display-name>
<config-property name="Database" type="java.lang.String">devserv01/3050:E:/devdb/java/dev_integration2/thgg101.gdb</config-property>

<min-pool-size>0</min-pool-size>
<security-domain>FirebirdDBRealm</security-domain>
</tx-connection-factory>
</connection-factories>

I have gotten everything to work fine using the and fields in the firebird-ds.xml file, but I actually would like to use a security realm set up in login-config.xml. The reason for this is that we have a ConfiguredIdentityLoginModule that supports encryption of the username and password, which is required for our project. Right now I am trying to get an unencrypted username and password to work correctly, but to no avail. I believe that the problem resides in the "managedConnectionFactoryName" module-option, because it complains in the logs that it doesn't exist. Unfortunately, I have no clue what the correct value should be. I see a lot of example realms with different values, but no explanation.

Here's my realm from the login-config.xml:

<application-policy name="FirebirdDBRealm">

<login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
<module-option name="principal">guest</module-option>
<module-option name="userName">SYSDBA</module-option>
<module-option name="password">password</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=InterbaseDS</module-option>
</login-module>

</application-policy>

If anyone has thoughts on what I have misconfigured I would greatly appreciate any input!!

Thanks.

Ben

1. Re: Firebird security domain problem

davidjencks Apr 18, 2003 4:18 PM (in response to benwalstrum)

I think you want the mcf name to be

jboss.jca:service=TxCM,name=InterbaseDS

To be sure, look in jmx-console.

Would you be interested and/or able to contribute the ConfiguredIdentity login module? Periodically people ask for this. Have you found a way to provide any real security or is it basically just obscured?
Actions
2. Re: Firebird security domain problem

benwalstrum Apr 18, 2003 5:07 PM (in response to benwalstrum)

Thanks for the quick reply.

Changing to "TxCM" did solve the problem, as I had a successful deployment. However, the startup time became unacceptably slow. Normally JBoss starts up in ~60s. To start up JBoss in this mode it takes ~5.5 min. That is a fairly unacceptable amount of time. Is there something that I can tweak to get the startup time to decrease back to its normal level? I think that there must be something wrong for it to take so long.

As far as the ConfiguredIdentityLoginModule, let me describe it a bit and you can decide whether it is worthwhile (and then I will see about contributing the source). We are using a password-based encryption system, which means that a salt of some sort must be stored (usually in the source code/compiled class) which can then be used to encrypt and decrypt values. The problem with that approach for distribution is that each person using JBoss should probably have a different salt, because once you have the salt, you can very easily get the plain text. Also, if someone were to get a hold of the class and a decompiler the salt would be available.

Thanks.

Ben
Actions

Go to original post