we have a situation in which we must allow database password change (ORACLE DB) while Jboss server is running.
I'm trying to do it by using JAAS login modules:
- I've created a module which loges me in (works)
- I've created an password vault which changes password in DB and gives me the new password (works in background)
So far so good - everything works fine. I can change password and work on the server - no problem.
The problem starts when jboss looses the connection (session) to DB (for example iddle time reason) - it then (I'm guessing) tries to connect again using old credentials and thus locks my account.
Is there any way to get this working ?
I have few ideas which could help me out, but I'm not that good with Jboss. Can anybody help please ?
- if Jboss did not use (cached?) credentials to create new connections in case they are snipped
(setting parameter DefaultCacheTimeout to 0 does not help, still get the:
2011-03-10 12:33:09,889 INFO [STDOUT:156] [Thread-18] ---------- sqlQuery: ALTER USER user IDENTIFIED BY counter3
2011-03-10 12:33:13,857 INFO [STDOUT:156] [EJB-Timer-1299756281646[target=jboss.j2ee:ear=auc-server.ear,jar=gastro_keymanagement.jar,name=StatusRepositoryService,service=EJB3]] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! PASSWORD USED: counter3
2011-03-10 12:33:13,888 WARN [org.jboss.resource.connectionmanager.JBossManagedConnectionPool:363] [EJB-Timer-1299756281646[target=jboss.j2ee:ear=auc-server.ear,jar=gastro_keymanagement.jar,name=StatusRepositoryService,service=EJB3]] Throwable while attempting to get a new connection: null
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: ORA-01017: invalid username/password; logon denied
here STDOUT prints what's done on DB (alter user) and password used by login modules to log in.
- if jboss did not lost the DB connections at all this would help too, i guess (setting DB parameter IDLE_TIME to huge number of minutes did not help neither - got the same login error.
It looks to me as Jboss uses some old password (cached?) when trying to reconnect lost sessions (new sessions seem to be getting correct password and they connect to DB ok). How does this work ?
Is there a solution to my problem ? can DB pass be changed safely without the risk of locking the account ?