8 Replies Latest reply on Dec 19, 2014 7:06 AM by jaysensharma

    Authentication issue with DataSource

    valsaraj007

      Hi,

       

      I am getting following error on JBoss 7.1.2 startup:

      2014-12-16 17:33:26,840 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-5) Exception during createSubject()PB00024: Access Denied:Unauthenticated caller:null: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null

        at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89)

        at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1047)

        at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1042)

        at java.security.AccessController.doPrivileged(Native Method)

        at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1041)

        at org.jboss.jca.deployers.common.AbstractDsDeployer.deployXADataSource(AbstractDsDeployer.java:852)

        at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:338)

        at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:283)

        at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:116)

        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)

        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

        at java.lang.Thread.run(Thread.java:722)

       

      What may be wrong?

        • 1. Re: Authentication issue with DataSource
          jaysensharma

          Are you defining <security-domain> inside your datasources?  

          If yes then can you paste the <security-domain>  configuration from your security subsystem   and also the DataSource configuration.

          • 2. Re: Authentication issue with DataSource
            valsaraj007

            Here is the configuration details:

            ....................

            ......................

            <subsystem xmlns="urn:jboss:domain:datasources:1.1">

                        <datasources>

                        .................

                        ................

                            <xa-datasource jndi-name="java:jboss/datasources/appDS" pool-name="appDS" enabled="true" use-ccm="false">

                                <xa-datasource-property name="DatabaseName">

                                    app

                                </xa-datasource-property>

                                <xa-datasource-property name="Ssl">

                                    true

                                </xa-datasource-property>

                                <xa-datasource-property name="PortNumber">

                                    5432

                                </xa-datasource-property>

                                <xa-datasource-property name="ServerName">

                                    localhost

                                </xa-datasource-property>

                                <driver>postgresql</driver>

                                <xa-pool>

                                    <is-same-rm-override>false</is-same-rm-override>

                                    <interleaving>false</interleaving>

                                    <pad-xid>false</pad-xid>

                                    <wrap-xa-resource>false</wrap-xa-resource>

                                </xa-pool>

                                <security>

                                    <security-domain>appDB</security-domain>

                                </security>

                                <validation>

                                    <validate-on-match>false</validate-on-match>

                                    <background-validation>false</background-validation>

                                </validation>

                                <statement>

                                    <share-prepared-statements>false</share-prepared-statements>

                                </statement>

                            </xa-datasource>

                   ....................

                   ....................

                           

               <subsystem xmlns="urn:jboss:domain:security:1.2">

                        <security-domains>

                            <security-domain name="appDB" cache-type="default">

                                <authentication>

                                    <login-module code="org.app.security.auth.DBPasswordStoreLoginModule" flag="optional">

                                        <module-option name="username" value="postgres"/>

                                        <module-option name="passwordStoreAlias" value="postgresql.root"/>

                                    </login-module>

                                    <login-module code="org.app.security.auth.ManagedConnectionFactoryLoginModule" flag="required">

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                        <module-option name="managedConnectionFactoryKey" value="ManagedConnectionFactory"/>

                                        <module-option name="managedConnectionFactoryName" value="jboss.jca:service=XATxCM,name=appDS"/>

                                        <module-option name="serverId" value="jboss"/>

                                    </login-module>

                                </authentication>

                            </security-domain>

            ...................

            ..................

            • 3. Re: Authentication issue with DataSource
              jaysensharma

              From where did you get the "org.app.security.auth.DBPasswordStoreLoginModule" . JBoss AS7 does not ship this class, So it might be your own custom Login module.

              You will need to check   How to pass the password via this module.     The code of "DBPasswordStoreLoginModule.java"  can reveal the cause of the issue.       Looks like DBPasswordStoreLoginModule  is not passing the password    Or may be you are using  setting a correct   [module-option name]  to pass the password to your security domain.

              • 4. Re: Authentication issue with DataSource
                valsaraj007

                Yes, our own custom Login module..

                public class DBPasswordStoreLoginModule implements LoginModule {

                ..........................

                .............................

                • 5. Re: Authentication issue with DataSource
                  valsaraj007

                  I have traced and found that this class was not found by PicketBox.

                   

                  2014-12-19 14:36:19,344 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (MSC service thread 1-7) Login failure: javax.security.auth.login.LoginException: unable to find LoginModule class: org.app.security.auth.DBPasswordStoreLoginModule from [Module "org.picketbox:main" from local module loader @32482417 (roots: D:jboss-as-7.1.2.Final\modules)]

                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:822)

                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)

                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)

                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)

                    at java.security.AccessController.doPrivileged(Native Method)

                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)

                    at javax.security.auth.login.LoginContext.login(LoginContext.java:594)

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449)

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383)

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371)

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160)

                    at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:88)

                    at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1047)

                    at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1042)

                    at java.security.AccessController.doPrivileged(Native Method)

                    at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1041)

                    at org.jboss.jca.deployers.common.AbstractDsDeployer.deployXADataSource(AbstractDsDeployer.java:852)

                    at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:338)

                    at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:283)

                    at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:116)

                    at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)

                    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

                    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

                    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

                    at java.lang.Thread.run(Thread.java:722)

                   

                  and this issue fixed by adding dependency in PicketBox module to my custom module which contained the class required.

                  1 of 1 people found this helpful
                  • 6. Re: Re: Authentication issue with DataSource
                    jaysensharma

                    Yes,  As this "org.app.security.auth.DBPasswordStoreLoginModule" is you r custom login module class so you must specify the  "module"  attribute while defining your security-domain as following as well as your custom login module should have a dependency to "org.picketbox"

                     

                      <subsystem xmlns="urn:jboss:domain:security:1.2">

                                <security-domains>

                                    <security-domain name="appDB" cache-type="default">

                                        <authentication>

                                            <login-module code="org.app.security.auth.DBPasswordStoreLoginModule" flag="optional"  module="your.security.module.name" >

                    1 of 1 people found this helpful
                    • 7. Re: Authentication issue with DataSource
                      valsaraj007

                      Now another exception occurred:

                      2014-12-19 14:56:47,684 ERROR [stderr] (MSC service thread 1-5) java.lang.NullPointerException

                      2014-12-19 14:56:47,687 ERROR [stderr] (MSC service thread 1-5) at org.app.security.auth.DBPasswordStoreLoginModule.login(DBPasswordStoreLoginModule.java:59)

                      2014-12-19 14:56:47,693 ERROR [stderr] (MSC service thread 1-5) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                      2014-12-19 14:56:47,694 ERROR [stderr] (MSC service thread 1-5) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

                      2014-12-19 14:56:47,703 ERROR [stderr] (MSC service thread 1-5) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                      2014-12-19 14:56:47,705 ERROR [stderr] (MSC service thread 1-5) at java.lang.reflect.Method.invoke(Method.java:601)

                      2014-12-19 14:56:47,707 ERROR [stderr] (MSC service thread 1-5) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)

                      2014-12-19 14:56:47,710 ERROR [stderr] (MSC service thread 1-5) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)

                      2014-12-19 14:56:47,713 ERROR [stderr] (MSC service thread 1-5) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)

                      2014-12-19 14:56:47,715 ERROR [stderr] (MSC service thread 1-5) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)

                      2014-12-19 14:56:47,722 ERROR [stderr] (MSC service thread 1-5) at java.security.AccessController.doPrivileged(Native Method)

                      2014-12-19 14:56:47,726 ERROR [stderr] (MSC service thread 1-5) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)

                      2014-12-19 14:56:47,728 ERROR [stderr] (MSC service thread 1-5) at javax.security.auth.login.LoginContext.login(LoginContext.java:594)

                      2014-12-19 14:56:47,735 ERROR [stderr] (MSC service thread 1-5) at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449)

                      2014-12-19 14:56:47,742 ERROR [stderr] (MSC service thread 1-5) at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383)

                      2014-12-19 14:56:47,746 ERROR [stderr] (MSC service thread 1-5) at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371)

                      2014-12-19 14:56:47,759 ERROR [stderr] (MSC service thread 1-5) at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160)

                      2014-12-19 14:56:47,761 ERROR [stderr] (MSC service thread 1-5) at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:88)

                      2014-12-19 14:56:47,765 ERROR [stderr] (MSC service thread 1-5) at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1047)

                      2014-12-19 14:56:47,770 ERROR [stderr] (MSC service thread 1-5) at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1042)

                      2014-12-19 14:56:47,774 ERROR [stderr] (MSC service thread 1-5) at java.security.AccessController.doPrivileged(Native Method)

                      2014-12-19 14:56:47,776 ERROR [stderr] (MSC service thread 1-5) at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1041)

                      2014-12-19 14:56:47,780 ERROR [stderr] (MSC service thread 1-5) at org.jboss.jca.deployers.common.AbstractDsDeployer.deployXADataSource(AbstractDsDeployer.java:852)

                      2014-12-19 14:56:47,784 ERROR [stderr] (MSC service thread 1-5) at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:338)

                      2014-12-19 14:56:47,789 ERROR [stderr] (MSC service thread 1-5) at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:283)

                      2014-12-19 14:56:47,793 ERROR [stderr] (MSC service thread 1-5) at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:116)

                      2014-12-19 14:56:47,797 ERROR [stderr] (MSC service thread 1-5) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)

                      2014-12-19 14:56:47,802 ERROR [stderr] (MSC service thread 1-5) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

                      2014-12-19 14:56:47,809 ERROR [stderr] (MSC service thread 1-5) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

                      2014-12-19 14:56:47,813 ERROR [stderr] (MSC service thread 1-5) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

                      2014-12-19 14:56:47,816 ERROR [stderr] (MSC service thread 1-5) at java.lang.Thread.run(Thread.java:722)

                       

                      DBPasswordStoreLoginModule.java:59

                      password = PasswordStoreHolder.getInstance().getPassword(passwordStoreAlias); // Null pointer exception throws here

                      • 8. Re: Authentication issue with DataSource
                        jaysensharma

                        In Line 59 of your above code   you need to debug what is becoming null.    It's your code after all.

                         

                        Check what is  being returned  from     PasswordStoreHolder.getInstance()

                        Is that a null value?    If yes then  check why.