Why can't Jboss' security read the credentials properties file?
dkthung May 21, 2014 3:06 AMI'm currently setting up a very basic security domain that uses PropertiesUsers and takes a db.properties (contains "username=password") to use as credentials. My configured datasource would then use this security domain for authentication to the database. However, the authentication continually fails because of a "java.net.MalformedURLException: no protocol" error (full stack trace below).
I suspect that the specific problem is when the UsersRolesLoginModule (which PropertiesUsers module extends from) loads the users, it's actually trying to open the properties file as an URL connection (it does a new URL(propertiesFile)). Since Jboss doesn't specify a protocol ("file://"), the error gets thrown and thus the module doesn't actually read the credentials.
Is this what's actually happening? Or am I just misconfiguring my jboss? Thanks in advance!
Versions:
Jboss AS 7.2.0.FINAL
Postgres 9.2
Here's my standalone.xml:
<subsystem xmlns="urn:jboss:domain:datasources:1.1">
<datasources>
<datasource jndi-name="java:/dataSource" pool-name="PoolA" enabled="true" use-java-context="true">
<connection-url>jdbc:postgresql://${PGHOST}:${PGPORT}/${PGDBNAME}?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory</connection-url>
<driver>postgres</driver>
<security>
<security-domain>postgresLogin</security-domain>
</security>
</datasource>
<drivers>
<driver name="postgres" module="org.postgresql"/>
</drivers>
</datasources>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="postgresLogin" cache-type="default">
<authentication>
<login-module code="PropertiesUsers" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/postgres.properties"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmUsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
Here's my db.properties:
admin=password
Here's the resulting ERROR Stack Trace:
23:15:58,202 DEBUG [org.jboss.security] (MSC service thread 1-11) PBOX000287: Failed to open properties file from URL: java.net.MalformedURLException: no protocol: standalone/configuration/db.properties
at java.net.URL.<init>(URL.java:585) [rt.jar:1.7.0_25]
at java.net.URL.<init>(URL.java:482) [rt.jar:1.7.0_25]
at java.net.URL.<init>(URL.java:431) [rt.jar:1.7.0_25]
at org.jboss.security.auth.spi.Util.loadProperties(Util.java:200) [picketbox-4.0.15.Final.jar:4.0.15.Final]
at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:205) [picketbox-4.0.15.Final.jar:4.0.15.Final]
at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:219) [picketbox-4.0.15.Final.jar:4.0.15.Final]
at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:146) [picketbox-4.0.15.Final.jar:4.0.15.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_25]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_25]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_25]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_25]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:771) [rt.jar:1.7.0_25]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_25]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_25]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_25]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_25]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_25]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.15.Final.jar:4.0.15.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.15.Final.jar:4.0.15.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.15.Final.jar:4.0.15.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.15.Final.jar:4.0.15.Final]
at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:83) [picketbox-4.0.15.Final.jar:4.0.15.Final]
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1073)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1068)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1067)
at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:591)
at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:284)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:117)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]