Data source with security domain does not work in 7.1.1.Final
atulkc Apr 18, 2013 8:42 PMI am trying to migrate our server from JBoss 5.1 GA to JBoss AS 7.1.1 Final. I have configured the data source to use the custom security domain as I need the password to be encrypted.However, whenever I specify data source to use security domain I get following exception:
16:38:02,113 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()PB00024: Access Denied:Unauthenticated caller:null: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89) [picketbox-4.0.7.Final.jar:4.0.7.Final] at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1019) [ironjacamar-deployers-common-1.0.9.Final.jar:1.0.9.Final] at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1014) [ironjacamar-deployers-common-1.0.9.Final.jar:1.0.9.Final] at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_07] at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1013) [ironjacamar-deployers-common-1.0.9.Final.jar:1.0.9.Final] at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:562) [ironjacamar-deployers-common-1.0.9.Final.jar:1.0.9.Final] at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282) [ironjacamar-deployers-common-1.0.9.Final.jar:1.0.9.Final] at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:271) [jboss-as-connector-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:111) [jboss-as-connector-7.1.1.Final.jar:7.1.1.Final] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0_07] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0_07] at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_07]
After googling for the issue I saw that there is already an issue filed (https://issues.jboss.org/browse/AS7-3923) and resolved in 7.1.1 Final. I am using 7.1.1 Final but still seeing this issue.
(Also, looking at the comments on JIRA it appeared to me that the issue was in test code and the only changes that were done were to SecurityTest.java and DsWithSecurityDomainTestCase.java.)
Inspite of the above exception I see following entry in server.log indicating that the data source is actually bound:
16:38:02,144 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2) JBAS010400: Bound data source [java:jboss/datasources/MyNoTxDS]
But when I am trying to use this data source then I get following exception:
Error while parsing config file, cannot read configuration!: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89) [picketbox-4.0.7.Final.jar:4.0.7.Final] at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getSubject(AbstractConnectionManager.java:689) at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:463) at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:129) at com.ibatis.sqlmap.engine.transaction.jdbc.JdbcTransaction.init(Unknown Source) [ibatis-2.jar:] at com.ibatis.sqlmap.engine.transaction.jdbc.JdbcTransaction.getConnection(Unknown Source) [ibatis-2.jar:] at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryForList(Unknown Source) [ibatis-2.jar:] at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(Unknown Source) [ibatis-2.jar:] at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(Unknown Source) [ibatis-2.jar:] at com.ibatis.sqlmap.engine.impl.SqlMapSessionImpl.queryForList(Unknown Source) [ibatis-2.jar:] at com.ibatis.sqlmap.engine.impl.SqlMapClientImpl.queryForList(Unknown Source) [ibatis-2.jar:] at com.ibatis.dao.client.template.SqlMapDaoTemplate.queryForList(SqlMapDaoTemplate.java:282) [ibatis-dao-2.jar:] at com.brocade.efcm.domain.dao.others.SystemPropertyDAOImpl.selectByExample(SystemPropertyDAOImpl.java:61) [domain.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_07] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_07] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_07] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_07]
Below given is my data source configuration:
<datasources> <datasource jta="false" jndi-name="java:jboss/datasources/MyNoTxDS" pool-name="MyNoTxDS" enabled="true" use-java-context="true"> <connection-url>jdbc:postgresql://localhost:5432/dcmdb</connection-url> <driver-class>org.postgresql.Driver</driver-class> <connection-property name="char.encoding"> UTF-8 </connection-property> <connection-property name="loglevel"> 0 </connection-property> <connection-property name="logUnclosedConnections"> false </connection-property> <connection-property name="loginTimeout"> 30 </connection-property> <connection-property name="socketTimeout"> 0 </connection-property> <driver>postgresql</driver> <new-connection-sql>select 1</new-connection-sql> <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> <pool> <min-pool-size>5</min-pool-size> <max-pool-size>30</max-pool-size> <use-strict-min>true</use-strict-min> </pool> <security> <security-domain>MyDbRealm</security-domain> </security> <validation> <check-valid-connection-sql>select 1</check-valid-connection-sql> </validation> <timeout> <blocking-timeout-millis>90000</blocking-timeout-millis> <idle-timeout-minutes>15</idle-timeout-minutes> </timeout> <statement> <track-statements>false</track-statements> </statement> </datasource> <drivers> <driver name="postgresql" module="org.postgresql"/> </drivers> </datasources>
Here's my security domain configuration:
<security-domain name="MyDbRealm"> <authentication> <login-module code="SecureIdentity" flag="required"> <module-option name="username" value="dcmadmin"/> <module-option name="password" value="4BzGG0V+s3IAAAN/Jdvwi116NROzqnT/frxR4g=="/> <module-option name="managedConnectionFactoryName" value="jboss.jca:name=MyNoTxDS,service=NoTxCM"/> </login-module> </authentication> </security-domain>
Can someone point me to what I am doing wrong? Or the fix for this is not yet available?