4 Replies Latest reply on Dec 12, 2014 3:19 PM by Joseph Paul

    Jboss EAP 6.3 data source password encryption - vault mechanism

    Joseph Paul Newbie

      I have created vault and trying to start the server but getting error. Why this error comes and how can i resolve this? If there is any reference please let me know. Thanks in advance

       

      My requirement is to encrypt & protect data source password. For this purpose I am trying to use vault. Is there any better mechanism available?

       

      reference

      https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/Administration_and_Configur…

      JBoss AS7 Securing Passwords

       

      keytool -genkey -alias vault -keystore vault.keystore -keyalg RSA -keysize 1024 -storepass jboss12# -keypass jboss12# -dname "CN=Picketbox vault,OU=picketbox,O=att,L=alpharetta,ST=ga,C=us"

       

      ./vault.sh -k vault.keystore -p jboss12# -e /home/jp295m/migration/jboss-eap-6.3/vault -i 50 -s 12345678 -v vault -b ds_ExampleDS -a password -x jboss12#

      WARNING JBOSS_HOME may be pointing to a different installation - unpredictable results may occur.

      =========================================================================

        JBoss Vault

        JBOSS_HOME: /home/jp295m/migration/jboss-eap-6.3

        JAVA: /opt/app/posbea/jdk-1.6.0_41/bin/java

       

      =========================================================================

       

      Dec 10, 2014 2:08:58 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init

      INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready

      Secured attribute value has been stored in vault.

      Please make note of the following:

      ********************************************

      Vault Block:ds_ExampleDS

      Attribute Name:password

      Configuration should be done as follows:

      VAULT::ds_ExampleDS::password::1

      ********************************************

      Vault Configuration in AS7 config file:

      ********************************************

      ...

      </extensions>

      <vault>

        <vault-option name="KEYSTORE_URL" value="vault.keystore"/>

        <vault-option name="KEYSTORE_PASSWORD" value="MASK-152B1JTrNga41zUwNiaFjZ"/>

        <vault-option name="KEYSTORE_ALIAS" value="vault"/>

        <vault-option name="SALT" value="12345678"/>

        <vault-option name="ITERATION_COUNT" value="50"/>

        <vault-option name="ENC_FILE_DIR" value="/home/jp295m/migration/jboss-eap-6.3/vault/"/>

      </vault><management> ...

      ********************************************

       

      ---------------------------------------------------------------------------------------------------

       

      used the below CLI script to add and initialize vault  and it says initialized successfully

       

      /host=master/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "vault.keystore"), ("KEYSTORE_PASSWORD" => "MASK-152B1JTrNga41zUwNiaFjZ"), ("KEYSTORE_ALIAS" => "vault"), ("SALT" => "12345678"),("ITERATION_COUNT" => "50"), ("ENC_FILE_DIR" => "/home/jp295m/migration/jboss-eap-6.3/vault/")])

       

      If I re-start server after adding <vault>...</vault> (either manually or using CLI) in host.xml it is showing the below error

       

      [Host Controller] 12:34:37,783 INFO  [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010922: Starting server server-two

      [Host Controller] 12:34:37,823 INFO  [org.jboss.as.host.controller] (server-registration-threads - 1) JBAS010919: Registering server server-one

      12:34:37,830 INFO  [org.jboss.as.process.Server:server-two.status] (ProcessController-threads - 3) JBAS012017: Starting process 'Server:server-two'

      [Server:server-two] 12:34:38,767 INFO  [org.jboss.modules] (main) JBoss Modules version 1.3.3.Final-redhat-1

      [Server:server-one] 12:34:38,888 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault --  org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:

      [Server:server-one]     at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:89) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:75) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:611) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:489) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:290) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:285) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1132) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:322) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:292) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.server.ServerService.boot(ServerService.java:346) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.server.ServerService.boot(ServerService.java:321) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:254) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_41]

      [Server:server-one] Caused by: org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:

      [Server:server-one]     at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:95) [jboss-as-security-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:87) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     ... 12 more

      [Server:server-one] Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX000140: Unable to get keystore (vault.keystore)

      [Server:server-one]     at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-one]     at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:93) [jboss-as-security-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-one]     ... 13 more

      [Server:server-one] Caused by: java.lang.RuntimeException: PBOX000140: Unable to get keystore (vault.keystore)

      [Server:server-one]     at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:646) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-one]     at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:187) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-one]     ... 14 more

      [Server:server-one] Caused by: java.io.FileNotFoundException: vault.keystore (No such file or directory)

      [Server:server-one]     at java.io.FileInputStream.open(Native Method) [rt.jar:1.6.0_41]

      [Server:server-one]     at java.io.FileInputStream.<init>(FileInputStream.java:120) [rt.jar:1.6.0_41]

      [Server:server-one]     at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:150) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-one]     at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:643) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-one]     ... 15 more

      [Server:server-one]

      [Server:server-one] 12:34:38,902 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

      [Server:server-one] 12:34:38,949 ERROR [stderr] (main) org.jboss.msc.service.ServiceNotFoundException: Service service jboss.host.controller.client not found

      [Server:server-one] 12:34:38,948 INFO  [org.jboss.as] (MSC service thread 1-20) JBAS015950: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) stopped in 36ms

      [Server:server-one] 12:34:38,949 ERROR [stderr] (main)  at org.jboss.msc.service.ServiceContainerImpl.getRequiredService(ServiceContainerImpl.java:625)

      [Server:server-one] 12:34:38,950 ERROR [stderr] (main)  at org.jboss.as.server.DomainServerMain.getRequiredService(DomainServerMain.java:158)

      [Server:server-one] 12:34:38,950 ERROR [stderr] (main)  at org.jboss.as.server.DomainServerMain.main(DomainServerMain.java:137)

      [Server:server-one] 12:34:38,951 ERROR [stderr] (main)  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      [Server:server-one] 12:34:38,951 ERROR [stderr] (main)  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

      [Server:server-one] 12:34:38,951 ERROR [stderr] (main)  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

      [Server:server-one] 12:34:38,952 ERROR [stderr] (main)  at java.lang.reflect.Method.invoke(Method.java:597)

      [Server:server-one] 12:34:38,952 ERROR [stderr] (main)  at org.jboss.modules.Module.run(Module.java:312)

      [Server:server-one] 12:34:38,952 ERROR [stderr] (main)  at org.jboss.modules.Main.main(Main.java:460)

      [Server:server-one]

      12:34:38,986 INFO  [org.jboss.as.process.Server:server-one.status] (reaper for Server:server-one) JBAS012010: Process 'Server:server-one' finished with an exit status of 1

      [Host Controller] 12:34:39,029 INFO  [org.jboss.as.host.controller] (ProcessControllerConnection-thread - 2) JBAS010926: Unregistering server server-one

      [Server:server-two] 12:34:39,325 INFO  [org.jboss.msc] (main) JBoss MSC version 1.1.5.Final-redhat-1

      [Server:server-two] 12:34:39,574 INFO  [org.jboss.as] (MSC service thread 1-7) JBAS015899: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) starting

      [Server:server-two] 12:34:39,775 INFO  [org.xnio] (MSC service thread 1-13) XNIO Version 3.0.10.GA-redhat-1

      [Server:server-two] 12:34:39,790 INFO  [org.xnio.nio] (MSC service thread 1-13) XNIO NIO Implementation Version 3.0.10.GA-redhat-1

      [Server:server-two] 12:34:39,847 INFO  [org.jboss.remoting] (MSC service thread 1-13) JBoss Remoting version (unknown)

      [Host Controller] 12:34:41,214 INFO  [org.jboss.as.domain.controller.mgmt] (Remoting "zldv4175:MANAGEMENT" task-10) JBAS010920: Server [Server:server-two] registered using connection [Channel ID 1e00cf5c (inbound) of Remoting connection 00876d42 to /130.5.125.2:24755]

      [Host Controller] 12:34:41,321 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015961: Http management interface listening on http://130.5.125.2:9990/management

      [Host Controller] 12:34:41,323 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://130.5.125.2:9990

      [Host Controller] 12:34:41,324 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) (Host Controller) started in 11037ms - Started 39 of 41 services (12 services are lazy, passive or on-demand)

      [Host Controller] 12:34:41,337 INFO  [org.jboss.as.host.controller] (server-registration-threads - 1) JBAS010919: Registering server server-two

      [Server:server-two] 12:34:42,370 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault --  org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:

      [Server:server-two]     at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:89) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:75) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:611) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:489) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:290) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:285) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1132) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:322) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:292) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.server.ServerService.boot(ServerService.java:346) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.server.ServerService.boot(ServerService.java:321) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:254) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_41]

      [Server:server-two] Caused by: org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:

      [Server:server-two]     at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:95) [jboss-as-security-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:87) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     ... 12 more

      [Server:server-two] Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX000140: Unable to get keystore (vault.keystore)

      [Server:server-two]     at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-two]     at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:93) [jboss-as-security-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]

      [Server:server-two]     ... 13 more

      [Server:server-two] Caused by: java.lang.RuntimeException: PBOX000140: Unable to get keystore (vault.keystore)

      [Server:server-two]     at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:646) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-two]     at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:187) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-two]     ... 14 more

      [Server:server-two] Caused by: java.io.FileNotFoundException: vault.keystore (No such file or directory)

      [Server:server-two]     at java.io.FileInputStream.open(Native Method) [rt.jar:1.6.0_41]

      [Server:server-two]     at java.io.FileInputStream.<init>(FileInputStream.java:120) [rt.jar:1.6.0_41]

      [Server:server-two]     at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:150) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-two]     at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:643) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]

      [Server:server-two]     ... 15 more

      [Server:server-two]

      [Server:server-two] 12:34:42,384 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

      [Server:server-two] 12:34:42,427 ERROR [stderr] (main) java.lang.IllegalStateException

      [Server:server-two] 12:34:42,429 ERROR [stderr] (main)  at org.jboss.as.server.mgmt.domain.HostControllerConnectionService.getValue(HostControllerConnectionService.java:140)

      [Server:server-two] 12:34:42,429 ERROR [stderr] (main)  at org.jboss.as.server.mgmt.domain.HostControllerConnectionService.getValue(HostControllerConnectionService.java:60)

      [Server:server-two] 12:34:42,433 ERROR [stderr] (main)  at org.jboss.msc.service.ServiceControllerImpl.getValue(ServiceControllerImpl.java:1161)

      [Server:server-two] 12:34:42,434 ERROR [stderr] (main)  at org.jboss.as.server.DomainServerMain.getRequiredService(DomainServerMain.java:159)

      [Server:server-two] 12:34:42,435 ERROR [stderr] (main)  at org.jboss.as.server.DomainServerMain.main(DomainServerMain.java:137)

      [Server:server-two] 12:34:42,436 ERROR [stderr] (main)  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      [Server:server-two] 12:34:42,436 ERROR [stderr] (main)  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

      [Server:server-two] 12:34:42,437 ERROR [stderr] (main)  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

      [Server:server-two] 12:34:42,436 INFO  [org.jboss.as] (MSC service thread 1-20) JBAS015950: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) stopped in 38ms

      [Server:server-two] 12:34:42,437 ERROR [stderr] (main)  at java.lang.reflect.Method.invoke(Method.java:597)

      [Server:server-two] 12:34:42,438 ERROR [stderr] (main)  at org.jboss.modules.Module.run(Module.java:312)

      [Server:server-two] 12:34:42,439 ERROR [stderr] (main)  at org.jboss.modules.Main.main(Main.java:460)

      [Server:server-two]

      12:34:42,471 INFO  [org.jboss.as.process.Server:server-two.status] (reaper for Server:server-two) JBAS012010: Process 'Server:server-two' finished with an exit status of 1