1 Reply Latest reply on May 21, 2014 3:16 AM by dkthung

    Why can't Jboss' security read the credentials properties file?

    dkthung
    dkthung May 21, 2014 3:06 AM

      I'm currently setting up a very basic security domain that uses PropertiesUsers and takes a db.properties (contains "username=password") to use as credentials.  My configured datasource would then use this security domain for authentication to the database.  However, the authentication continually fails because of a "java.net.MalformedURLException: no protocol" error (full stack trace below).

       

      I suspect that the specific problem is when the UsersRolesLoginModule (which PropertiesUsers module extends from) loads the users, it's actually trying to open the properties file as an URL connection (it does a new URL(propertiesFile)).  Since Jboss doesn't specify a protocol ("file://"), the error gets thrown and thus the module doesn't actually read the credentials.

       

      Is this what's actually happening?  Or am I just misconfiguring my jboss?  Thanks in advance!

       

      Versions:

      Jboss AS 7.2.0.FINAL

      Postgres 9.2

       

      Here's my standalone.xml:

              <subsystem xmlns="urn:jboss:domain:datasources:1.1">

                  <datasources>

                      <datasource jndi-name="java:/dataSource" pool-name="PoolA" enabled="true" use-java-context="true">

                          <connection-url>jdbc:postgresql://${PGHOST}:${PGPORT}/${PGDBNAME}?ssl=true&amp;sslfactory=org.postgresql.ssl.NonValidatingFactory</connection-url>

                          <driver>postgres</driver>

                          <security>

                              <security-domain>postgresLogin</security-domain>

                          </security>

                      </datasource>

                      <drivers>

                          <driver name="postgres" module="org.postgresql"/>

                      </drivers>

                  </datasources>

              </subsystem>

       

              <subsystem xmlns="urn:jboss:domain:security:1.2">

                  <security-domains>

                      <security-domain name="postgresLogin" cache-type="default">

                          <authentication>

                              <login-module code="PropertiesUsers" flag="required">

                                      <module-option name="usersProperties" value="${jboss.server.config.dir}/postgres.properties"/>

                              </login-module>

                          </authentication>

                      </security-domain>

                      <security-domain name="other" cache-type="default">

                          <authentication>

                              <login-module code="Remoting" flag="optional">

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                              <login-module code="RealmUsersRoles" flag="required">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                  <module-option name="realm" value="ApplicationRealm"/>

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                          </authentication>

                      </security-domain>

                  </security-domains>

              </subsystem>

       

       

      Here's my db.properties:

      admin=password

       

      Here's the resulting ERROR Stack Trace:

      23:15:58,202 DEBUG [org.jboss.security] (MSC service thread 1-11) PBOX000287: Failed to open properties file from URL: java.net.MalformedURLException: no protocol: standalone/configuration/db.properties

              at java.net.URL.<init>(URL.java:585) [rt.jar:1.7.0_25]

              at java.net.URL.<init>(URL.java:482) [rt.jar:1.7.0_25]

              at java.net.URL.<init>(URL.java:431) [rt.jar:1.7.0_25]

              at org.jboss.security.auth.spi.Util.loadProperties(Util.java:200) [picketbox-4.0.15.Final.jar:4.0.15.Final]

              at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:205) [picketbox-4.0.15.Final.jar:4.0.15.Final]

              at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:219) [picketbox-4.0.15.Final.jar:4.0.15.Final]

              at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:146) [picketbox-4.0.15.Final.jar:4.0.15.Final]

              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_25]

              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_25]

              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_25]

              at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_25]

              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:771) [rt.jar:1.7.0_25]

              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_25]

              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_25]

              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_25]

              at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]

              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_25]

              at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_25]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.15.Final.jar:4.0.15.Final]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.15.Final.jar:4.0.15.Final]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.15.Final.jar:4.0.15.Final]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.15.Final.jar:4.0.15.Final]

              at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:83) [picketbox-4.0.15.Final.jar:4.0.15.Final]

              at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1073)

              at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1068)

              at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]

              at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1067)

              at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:591)

              at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)

              at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:284)

              at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:117)

              at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)

              at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]

              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]

              at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]

        • 1. Re: Why can't Jboss' security read the credentials properties file?
          dkthung
          dkthung May 21, 2014 3:16 AM (in response to dkthung)

          Also, I know the credentials and datasource configurations are correct because the same configurations without the security domain configuration works just fine.  For example, the following configuratino will allow me to get a successful DB connection:

           

                  <subsystem xmlns="urn:jboss:domain:datasources:1.1">

                      <datasources>

                          <datasource jndi-name="java:/dataSourceNormal" pool-name="Media-Broker" enabled="true" use-java-context="true">

                              <connection-url>jdbc:postgresql://${PGHOST}:${PGPORT}/${PGDBNAME}?ssl=true&amp;sslfactory=org.postgresql.ssl.NonValidatingFactory</connection-url>

                              <driver>postgres</driver>

                              <security>

                                  <user-name>admin</user-name>

                                  <password>password</password>

                              </security>

                          </datasource>

                          <drivers>

                              <driver name="postgres" module="org.postgresql"/>

                          </drivers>

                      </datasources>

                  </subsystem>

            • Actions