JBoss AS7 - Datasource password encryption using PBEIdentityLoginModule
eran_kazula Dec 13, 2012 4:31 AMHello,
Working with JBoss AS7.1.1, I've been trying to use the "org.jboss.resource.security.PBEIdentityLoginModule" in order to use a self chosen key to encrypt a datasource passowrd. I've followed the example in the "Configured Identity with Password Based Encryption" section of this post - https://community.jboss.org/wiki/ConfigJCALoginModule. The thing is that no matter what secret / key / pbepass / etc'.. I use (even using the ones mentioned in the example), I always get the following security exception:
11:01:46,421 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-1) Exception during createSubject()PB00024: Access Denied:Unauthenticated caller:null: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null
at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1019)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1014)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_02]
at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1013)
at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:562)
at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:271)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:111)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0_02]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0_02]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_02]
This is the login-module configuration in my 'standalone.xml':
<login-module code="org.jboss.resource.security.PBEIdentityLoginModule" flag="required">
<module-option name="userName" value="sa"/>
<module-option name="password" value="3fp7R/7TMjyTTxhmePdJVk"/>
<module-option name="pbealgo" value="PBEWithMD5AndDES"/>
<module-option name="pbepass" value="testPBEIdentityLoginModule"/>
<module-option name="salt" value="abcdefgh"/>
<module-option name="iterationCount" value="19"/>
</login-module>
Any idea what I'm missing here? Am I using this login-module incorrectly?
Thanks,
Eran.