0 Replies Latest reply on Dec 13, 2012 4:31 AM by eran_kazula

    JBoss AS7 - Datasource password encryption using PBEIdentityLoginModule

    eran_kazula

      Hello,

       

      Working with JBoss AS7.1.1, I've been trying to use the "org.jboss.resource.security.PBEIdentityLoginModule" in order to use a self chosen key to encrypt a datasource passowrd. I've followed the example in the "Configured Identity with Password Based Encryption" section of this post - https://community.jboss.org/wiki/ConfigJCALoginModule. The thing is that no matter what secret / key / pbepass / etc'.. I use (even using the ones mentioned in the example), I always get the following security exception:

       

      11:01:46,421 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-1) Exception during createSubject()PB00024: Access Denied:Unauthenticated caller:null: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null

                at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89)

                at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1019)

                at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1014)

                at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_02]

                at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1013)

                at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:562)

                at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)

                at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:271)

                at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:111)

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0_02]

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0_02]

                at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_02]

       

      This is the login-module configuration in my 'standalone.xml':

       

      <login-module code="org.jboss.resource.security.PBEIdentityLoginModule" flag="required">

           <module-option name="userName" value="sa"/>

           <module-option name="password" value="3fp7R/7TMjyTTxhmePdJVk"/>

           <module-option name="pbealgo" value="PBEWithMD5AndDES"/>

           <module-option name="pbepass" value="testPBEIdentityLoginModule"/>

           <module-option name="salt" value="abcdefgh"/>

           <module-option name="iterationCount" value="19"/>

      </login-module>

       

      Any idea what I'm missing here? Am I using this login-module incorrectly?

       

      Thanks,

      Eran.