2 Replies Latest reply on Feb 9, 2012 2:57 PM by lhoneywood

    Encrypting Datasource Password

    schlumpf

      Hi all,

       

      I encrypted the datasource password with the SecureIdentityLoginModule in a JBoss 5.1.GA. Everything works fine but it doesn't work with one datasource. I checked everything in the configuration and also the generated password. But it was ok.

      The datasource are all Oracle 10g datasources.

       

      In the log there is the following error:

      2010-06-24 15:46:54,577 xxxxxxxx INFO  [VerboseError is false
      2010-06-24 15:46:55,755 xxxxx ERROR [org.jboss.resource.security.AbstractPasswordCrede
      ntialLoginModule] xxxxxx: The ConnectionManager mbean: jboss.jca:name=xxxxxx,service=XATxCM specified in a ConfiguredIdentityLoginModule could not be found. ConnectionFactory will be unusable!
      javax.management.InstanceNotFoundException: jboss.jca:name=xxxxx,service=XATxCM is not registered.
              at org.jboss.mx.server.registry.BasicMBeanRegistry.get(BasicMBeanRegistry.java:526)
              at org.jboss.mx.server.MBeanServerImpl.getAttribute(MBeanServerImpl.java:559)
              at org.jboss.resource.security.AbstractPasswordCredentialLoginModule.getMcf(AbstractPasswordCredentialLoginModule.java
      :118)
              at org.jboss.resource.security.AbstractPasswordCredentialLoginModule.initialize(AbstractPasswordCredentialLoginModule.
      java:88)
              at org.jboss.resource.security.SecureIdentityLoginModule.initialize(SecureIdentityLoginModule.java:80)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:585)
              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
              at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
              at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
              at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:90)
              at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
              at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
              at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectio
      nManager2.java:941)
              at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)

       

      The datasource was bound:

      2010-06-24 15:44:22,391 main INFO  [org.jboss.resource.connectionmanager.ConnectionFactoryBindingService] --: Bound Connection
      Manager 'jboss.jca:service=DataSourceBinding,name=xxxx' to JNDI name 'java:xxxx'

       

      And the in jmx-console under jca you can find the datasource under the name.

       

      In the login-config.xml is the following policy entry:

      ...

      <application-policy name="NAMExxxx">
              <authentication>
                  <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
                      <module-option name="username">xxxx</module-option>
                      <module-option name="password">xxxxxx</module-option>
                      <module-option name="managedConnectionFactoryName">jboss.jca:name=xxxx,service=XATxCM</module-option>
                  </login-module>
              </authentication>
          </application-policy>

      ....

       

      Username and password are correct.

       

      I changed the password for testing, so that is was wrong, but the ERROR messages are the same.

       

      Can somebody help me?

       

      Best regards

      Knut

        • 1. Re: Encrypting Datasource Password
          vipul.0207026

          make sure jboss.jca:name matches to name give in *-xa-ds.xml.I was getting same problem earlier

          • 2. Re: Encrypting Datasource Password
            lhoneywood

            Also, Make sure the service type in your login-config.xml file matches the transaction type in your "-ds.xml" file. EX:

             

            if your "-ds.xml" entry looks like:

            <xa-datasource>
                <jndi-name>SomeDS</jndi-name>
                    <security-domain>SomeDomain</security-domain>
              </xa-datasource>

             

            Then the service type in the login-config.xml for the corresponding domain should look like :

             

            <module-option name = "managedConnectionFactoryName">jboss.jca:name=SomeDS,service=XATxCM</module-option>

             

            But,

             

            if your "-ds.xml" entry looks like:

            <local-tx-datasource>
                <jndi-name>SomeDS</jndi-name>
                    <security-domain>SomeDomain</security-domain>
              </local-tx-datasource>

             

            Then the service type in the login-config.xml for the corresponding domain should look like :

             

            <module-option name = "managedConnectionFactoryName">jboss.jca:name=SomeDS,service=LocalTxCM</module-option>