1 Reply Latest reply on Sep 8, 2011 3:24 PM by Marcus Moyses

    Datasource security broken in latest nightly

    Chris Hiner Newbie

      Sometime between build 1531 and build 1594 the ability to use a secureidentity security domain to obfuscate the datasource password broke.

       

      Example configuration:

      <subsystem xmlns="urn:jboss:domain:security:1.0">

      <security-domain name="somedomain" cache-type="default">

      <authentication>

      <login-module code="SecureIdentity" flag="required">

      <module-option name="username" value="userid"/>

      <module-option name="password" value="anencryptedpassword"/>

      </login-module>

      </authentication>

      </security-domain>

      ...

      <subsystem xmlns="urn:jboss:domain:datasources:1.0">

      <datasource jndi-name="jdbc/somename" pool-name="somepoolname_Pool" enabled="true" jta="true" use-java-context="true" use-ccm="true">

      <connection-url>jdbc:db2://hostname:port/databasename</connection-url>

      <driver>db2</driver>

      <security>

      <security-domain>somedomain</security-domain>

      </security>

      </datasource>

       

      The messages from the log file:

      14:46:25,374 INFO  [org.jboss.as.connector.subsystems.datasources] (Controller Boot Thread) Deploying JDBC-compliant driver class com.ibm.db2.jcc.DB2Driver (version 4.12)

      14:46:25,429 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()null: java.lang.NullPointerException

               at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:87)

               at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1006)

               at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1001)

               at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_26]

               at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1000)

               at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:549)

               at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:277)

               at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:243)

               at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:105)

               at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1824)

               at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1759)

               at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_26]

               at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_26]

               at java.lang.Thread.run(Thread.java:662) [:1.6.0_26]

       

       

      When I look at the jndi tree on the build 1531 server, I see:

              "java:jboss" => {
                  "jaas" => {
                      "class-name" => "org.jboss.as.naming.context.ModularReference",
                      "children" => {
                          "somedomain" => {
                              "class-name" => "org.jboss.as.security.plugins.SecurityDomainContext",
                              "value" => "org.jboss.security.authentication.JBossCachedAuthenticationManager@6865cfd2"
                          },

       

      The broken one on build 1594 shows:

                  "jaas" => {
                      "class-name" => "$Proxy12",
                      "children" => {
                          "somedomain" => {
                              "class-name" => "org.jboss.as.security.plugins.SecurityDomainContext",
                              "value" => "org.jboss.security.authentication.JBossCachedAuthenticationManager@3dc1902d"
                          },

       

      I rolled back individual jar files, and with the 1531 version of jboss-as-naming-7.1.0.Alpha1-SNAPSHOT.jar it works, and with the 1594 version it breaks.

       

      Hopefully this narrows it down enough for someone to fix.  In the meantime I'm going back to the older build.