0 Replies Latest reply on Apr 4, 2013 3:33 AM by balaji chode

    Cache credentials not working for datasource security login modules

    balaji chode Newbie

      We secured datasources using custom login module. This login module is used to retrieve password.

       

      Problem is for each connection custom login module is called to retrieve the password . This is huge performace hit to us.

       

      We are expecting that custom login module should be called only once and following connections should use credentails from cache.

       

      Following are custom login module , datasource and standalone.xml file code snippets.. Debug log also attached for your kind help.

       

      Custom login module:

       

      package org.picketbox.datasource.security;

       

      public class GetDBPasswordLoginModule extends AbstractPasswordCredentialLoginModule {

       

      public boolean login() throws LoginException {

       

       



        try {

                  if(dbservername != null) {

                                   sybPassword = getSybPassword(username, dbservername).toCharArray();

                  } else {

                                 sybPassword = getSybPassword(username).toCharArray();

                  }

       

              } catch (Exception e) {

                  log.debug("GetDBPasswordLoginModule:login - Could not get sybase password for user. Throwing LoginException");

                  throw new LoginException("GetDBPasswordLoginModule:login:could not get sybase password for user=" + username);

              }

              sharedState.put("javax.security.auth.login.name", username);

              sharedState.put("javax.security.auth.login.password", new String(sybPassword));

       

       

              PasswordCredential cred = new PasswordCredential(username,sybPassword);



      SubjectActions.addCredentials(subject,cred);

              log.debug("GetDBPasswordLoginModule:login - Login OK for user : " + username);

              return super.loginOk = true;

          }

       

          protected Principal getIdentity() {return new SimplePrincipal(username);}

          protected Group[] getRoleSets() throws LoginException {return new Group[0];}

      }

       

      Datasource entries :

       

      <?xml version='1.0'?>

      <datasources>

        <datasource jndi-name="java:/jdbc/cbalaji" pool-name="cbalaji" enabled="true" use-ccm="true">

        <connection-url>jdbc:sybase:Tds:xxxxxxxxxxxx</connection-url>

        <driver>sybaseDriver</driver>

        <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>

        <pool>

        <min-pool-size>5</min-pool-size>

        <max-pool-size>10</max-pool-size>

                <prefill>true</prefill>

        <use-strict-min>true</use-strict-min>

        </pool>

        <security>

        <security-domain>DBSecurity</security-domain> 

        </security>

        <timeout>

                   <idle-timeout-minutes>100</idle-timeout-minutes>

               </timeout>

        </datasource>

       

      </datasources>

       

      standalone.xml:

       

      <subsystem xmlns="urn:jboss:domain:security:1.1">

                  <security-domains>             

                      <security-domain name="DBSecurity" cache-type="default">

                          <authentication>

                              <login-module code="org.picketbox.datasource.security.GetSybPasswordLoginModule" flag="required">

                                  <module-option name="username" value="cbalaji"/>

                                  <module-option name="password-stacking" value="useFirstPass"/>                          

                              </login-module>

                          </authentication>

                      </security-domain>           

                  </security-domains>

              </subsystem>