Problem Encrypting Datasource Password for JBoss AS 6.0 M2
bsullivan3333 Mar 29, 2010 3:14 PMHey All,
I've been trying to encrypt my database password using the SecureIdentityLoginModule and I can't seem to get it to work. Was wondering if anyone could point me in the right direction if things had changed for JBoss 6.0?
For reference, I followed the instructions at this post: http://community.jboss.org/wiki/encryptingdatasourcepasswords
I encrypted my password using the following command:
C:\apps\jboss-6.0.0.20100216-M2>java -cp client/jboss-logging-spi.jar;common/lib/jbosssx.jar org.jbo
ss.resource.security.SecureIdentityLoginModule <my database password>
Encoded password: 1996ff11d0bb3fb4c3bc376bef610c0a
Here's my oracle-ds.xml :
<datasources> <local-tx-datasource> <jndi-name>encryptOracleDS</jndi-name> <connection-url>jdbc:oracle:thin:@mydbip:port:schema</connection-url> <driver-class>oracle.jdbc.driver.OracleDriver</driver-class> <min-pool-size>1</min-pool-size> <max-pool-size>5</max-pool-size> <security-domain>EncryptDBPassword</security-domain> <metadata> <type-mapping>oracle 10g</type-mapping> </metadata> </local-tx-datasource> </datasources>
And in my login-config.xml I put:
<application-policy name="EncryptDBPassword"> <authentication> <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required"> <module-option name="username">myUserId</module-option> <module-option name="password">1996ff11d0bb3fb4c3bc376bef610c0a</module-option> <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=encryptOracleDS</module-option> </login-module> </authentication> </application-policy>
When I test the datasource through the admin console I get the following exception:
2010-03-26 11:14:22,377 WARN [org.jboss.resource.connectionmanager.JBossManagedConnectionPool] (ResourceContainer.invoker.nonDaemon-1) Throwable while attempting to get a new connection: null: org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: ORA-01017: invalid username/password; logon denied ) at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:225) at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:195) at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnectionEventListener(InternalManagedConnectionPool.java:643) at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.getConnection(InternalManagedConnectionPool.java:267) at org.jboss.resource.connectionmanager.JBossManagedConnectionPool$BasePool.getConnection(JBossManagedConnectionPool.java:659) at org.jboss.resource.connectionmanager.JBossManagedConnectionPool.testConnection(JBossManagedConnectionPool.java:354) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:271) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:670) at org.jboss.system.microcontainer.ServiceControllerContext.invoke(ServiceControllerContext.java:194) at org.jboss.kernel.plugins.registry.basic.LifecycleAwareKernelBus$1.dispatch(LifecycleAwareKernelBus.java:61) at org.jboss.kernel.plugins.registry.basic.LifecycleAwareKernelBus$1.dispatch(LifecycleAwareKernelBus.java:58) at org.jboss.kernel.plugins.registry.basic.BasicKernelBus.execute(BasicKernelBus.java:71) at org.jboss.kernel.plugins.registry.basic.LifecycleAwareKernelBus.invoke(LifecycleAwareKernelBus.java:57) at org.jboss.profileservice.management.KernelBusRuntimeComponentDispatcher.invoke(KernelBusRuntimeComponentDispatcher.java:186) at org.jboss.profileservice.management.DelegatingComponentDispatcherImpl.invoke(DelegatingComponentDispatcherImpl.java:103) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:121) at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82) at org.jboss.profileservice.remoting.ProfileServiceInvocationHandler.invoke(ProfileServiceInvocationHandler.java:99) at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:897) at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106) at org.jboss.remoting.Client.invoke(Client.java:1927) at org.jboss.remoting.Client.invoke(Client.java:770) at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.remoting.MergeMetaDataInterceptor.invoke(MergeMetaDataInterceptor.java:74) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aop.generatedproxies.AOPProxy$1.invoke(AOPProxy$1.java) at org.jboss.profileservice.management.client.ManagedOperationDelegate.invoke(ManagedOperationDelegate.java:63) at org.rhq.plugins.jbossas5.ManagedComponentComponent.invokeOperation(ManagedComponentComponent.java:218) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.rhq.core.pc.inventory.ResourceContainer$ComponentInvocationThread.call(ResourceContainer.java:525) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) Caused by: java.sql.SQLException: ORA-01017: invalid username/password; logon denied at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:70) at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:133) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:406) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:399) at oracle.jdbc.driver.T4CTTIoauthenticate.receiveOauth(T4CTTIoauthenticate.java:799) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:368) at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:508) at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:203) at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:510) at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:207) ... 51 more
I know the username and password are correct. As the connection works perfectly if I hardcode the username and password into the datasource config. My suspicion is that the login-config.xml identity and oracle-ds config aren't being linked up properly. Is there anything else I need to do to enable this security functionality? When I register the datasource, the console spits out:
11:03:46,874 INFO [org.jboss.resource.connectionmanager.ConnectionFactoryBindingService] Bound Conn
ectionManager 'jboss.jca:service=DataSourceBinding,name=encryptOracleDS' to JNDI name 'java:encryptO
racleDS'
I've tried setting service=DataSourceBinding in my login-config managedConnectionFactoryName but that doesn't solve the error. Any help would be greatly appreciated. Let me know if you'd like me to post any more detailed information. Thanks!