Datasource security broken in latest nightly
Sometime between build 1531 and build 1594 the ability to use a secureidentity security domain to obfuscate the datasource password broke.
Example configuration:
<subsystem xmlns="urn:jboss:domain:security:1.0">
<security-domain name="somedomain" cache-type="default">
<authentication>
<login-module code="SecureIdentity" flag="required">
<module-option name="username" value="userid"/>
<module-option name="password" value="anencryptedpassword"/>
</login-module>
</authentication>
</security-domain>
...
<subsystem xmlns="urn:jboss:domain:datasources:1.0">
<datasource jndi-name="jdbc/somename" pool-name="somepoolname_Pool" enabled="true" jta="true" use-java-context="true" use-ccm="true">
<connection-url>jdbc:db2://hostname:port/databasename</connection-url>
<driver>db2</driver>
<security>
<security-domain>somedomain</security-domain>
</security>
</datasource>
The messages from the log file:
14:46:25,374 INFO [org.jboss.as.connector.subsystems.datasources] (Controller Boot Thread) Deploying JDBC-compliant driver class com.ibm.db2.jcc.DB2Driver (version 4.12)
14:46:25,429 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()null: java.lang.NullPointerException
at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:87)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1006)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1001)
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_26]
at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1000)
at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:549)
at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:277)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:243)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:105)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1824)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1759)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_26]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_26]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_26]
When I look at the jndi tree on the build 1531 server, I see:
| "java:jboss" => { | |
| "jaas" => { | |
| "class-name" => "org.jboss.as.naming.context.ModularReference", | |
| "children" => { | |
| "somedomain" => { | |
| "class-name" => "org.jboss.as.security.plugins.SecurityDomainContext", | |
| "value" => "org.jboss.security.authentication.JBossCachedAuthenticationManager@6865cfd2" | |
| }, |
The broken one on build 1594 shows:
| "jaas" => { | |
| "class-name" => "$Proxy12", | |
| "children" => { | |
| "somedomain" => { | |
| "class-name" => "org.jboss.as.security.plugins.SecurityDomainContext", | |
| "value" => "org.jboss.security.authentication.JBossCachedAuthenticationManager@3dc1902d" | |
| }, |
I rolled back individual jar files, and with the 1531 version of jboss-as-naming-7.1.0.Alpha1-SNAPSHOT.jar it works, and with the 1594 version it breaks.
Hopefully this narrows it down enough for someone to fix. In the meantime I'm going back to the older build.
