6 Replies Latest reply on Sep 10, 2004 4:46 AM by Yuriy Guskov

    security-domain for datasource

    Yuriy Guskov Newbie

      I tried to use security-domain in datasource and in fact needed to find workarounds for problems.

      First problem was I constantly got JBossResourceException("No matching credentials in Subject!"). Source code says that Subject is tested against connection properties but the same code show that these properties never filled.

      Ok, I comment that exception. Now this works. But you need specify username/password in getConnection(). But why? As I understood security-domain specifies authentication information is obtained from Subject which is result of using LoginContext.

      Something here is definitely wrong. Does somebody know what's exactly? Or because everybody uses always just one username/password for all data connections it was never tested?

        • 1. Re: security-domain for datasource
          Yuriy Guskov Newbie

          Must I assume it's evident bug if nobody answered me? Or it's apparently rare used feature which exists only for huge feature list?

          • 2. Re: security-domain for datasource
            Joachim Van der Auwera Expert

            There is just a lack of mindreaders on these forums.

            Please try to explain what you are trying to do, then explain how you are trying to achive that. Then you might get some help.

            Joachim

            • 3. Re: security-domain for datasource
              Yuriy Guskov Newbie

              Ok, if it needs explanations...

              I try to achieve situation when each connect to database is personalized. So, no single user for all connection but each connection has own credentials.

              How I tried to do that:

              From -ds.xml file I removed user/password and added security-domain.

              In documentation and Google I haven't found what's else there should be for personalized connections.

              So, from this changes I assume when I login through LoginContext the same credentials will be used for creating connection.

              What's followed I've already described. Maybe I'm wrong somewhere but where?

              • 4. Re: security-domain for datasource
                Scott Stark Master

                You need to use the ConfiguredIdentityLoginModule to have the database connection authenticated using the credentials of the caller.
                http://www.jboss.org/wiki/Wiki.jsp?page=ConfigJCALoginModule

                • 5. Re: security-domain for datasource
                  Yuriy Guskov Newbie

                  Wrong. Correct answer is CallerIdentityLoginModule.

                  But... Sorry, additional comments: we also needs method permissions. If I use these then I've got just exception. It seems like my credentials for connection are eaten by j2ee security.

                  NB: I have the same exception in either cases: either when I copy code of CallerIdentityLoginModule to "my" module or when I just modify CallerIdentityLoginModule and add here implementation of getRoleSets.

                  12:30:24,459 WARN [JBossManagedConnectionPool] Throwable while attempting to get a new connection: null
                  org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: Null user or password not supported in THIN
                  driver)
                  at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:168)
                  at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnectionEventListener(InternalManagedConnectionPool.java:504)
                  at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.getConnection(InternalManagedConnectionPool.java:214)
                  at org.jboss.resource.connectionmanager.JBossManagedConnectionPool$BasePool.getConnection(JBossManagedConnectionPool.java:534)
                  at org.jboss.resource.connectionmanager.BaseConnectionManager2.getManagedConnection(BaseConnectionManager2.java:444)
                  at org.jboss.resource.connectionmanager.TxConnectionManager.getManagedConnection(TxConnectionManager.java:312)
                  at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:496)
                  at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:887)
                  at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:102)

                  • 6. Re: security-domain for datasource
                    Yuriy Guskov Newbie

                    This time all seems obvious, doesn't? I just use JBoss LoginModule and because of that I've got exceptions. Ok, but can at least someone says how to correct that (possibly by writing own LoginModule)? Or, at least, at what stage credentials are lost?

                    (I repeat again but that is just if something is unclear from my previous post and mindreading is necessary again:
                    1. All is ok when I just use credentials for connection.
                    2. When I use method permissions they are consumed by j2ee security for them but totally lost for connection creating.)