3 Replies Latest reply on Jul 10, 2008 4:40 PM by Peter Johnson

    org.jboss.resource.security.SecureIdentityLoginModule

    Yasha Bhatt Newbie

      Hi there.
      I am trying to get the Oracle datasource password encrytion to work. I am Jboss newbie, and recently attended a Jboss administration training, where the instructor went over the steps for how to do this. I can successfully generate the encrypted password, and have modified my login-config and oracle-ds.xml as per my notes from the class.
      Here is my security domain in login-config.xml looks like:

      <!-- Security domains for testing new jca framework -->
      <application-policy name="Encrypted">

      <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
      <module-option name="username">wr</module-option>
      <module-option name="password">7180326e7b1e444e</module-option>
      <module-option name="managedConnectionFactoryName">jboss.jca:name=WRDS,service=LocalTxCM</module-option>
      </login-module>

      </application-policy>


      And here is what I have in my oracle-ds.xml:


      <local-tx-datasource>
      <jndi-name>WRDS</jndi-name>
      <use-java-context>false</use-java-context>
      <connection-url>jdbc:oracle:thin:@qa1wrdb1:1541:wrq1</connection-url>
      <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
      <security-domain>Encrypted></security-domain>
      <!--
      <user-name>wr</user-name>
      wr
      -->
      <!-- Uses the pingDatabase method to check a connection is still valid before handing it out from the pool
      <valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleValidConnectionChecker</valid-connection-checker-class-name> -->
      <!-- Checks the Oracle error codes and messages for fatal errors -->
      <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
      <!-- sql to call when connection is created
      <new-connection-sql>select systimestamp from dual</new-connection-sql> -->

      <!-- sql to call on an existing pooled connection when it is obtained from pool - the OracleValidConnectionChecker is prefered
      <check-valid-connection-sql>select systimestamp from dual</check-valid-connection-sql> -->

      <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml -->

      <type-mapping>Oracle9i</type-mapping>

      <!-- pooling parameters -->
      <min-pool-size>5</min-pool-size>
      <max-pool-size>100</max-pool-size>
      <blocking-timeout-millis>30000</blocking-timeout-millis>
      <idle-timeout-minutes>15</idle-timeout-minutes>
      <!-- performance related parameters
      <transaction-isolation>TRANSACTION_READ_COMMITED</transaction-isolation>
      <track-statements>false</track-statements>
      -->
      <prepared-statement-cache-size>50</prepared-statement-cache-size>
      </local-tx-datasource>
      <!-- END WRDS datasource -->

      This is the code I run to test if I can successfully make a database connection using this new security domain.

      *****Java Code Starts here, This is a simple java code that I first compile a nd then execute ****/

      import java.util.*;
      import java.sql.Connection;
      import java.sql.ResultSet;
      import java.sql.SQLException;
      import java.sql.Statement;
      import javax.naming.InitialContext;
      import javax.naming.Context;
      import javax.naming.NamingException;
      import javax.sql.DataSource;

      public class DataSourceTest {
      public static void main(String[] args) throws Exception {
      testDataSource();
      }

      private static void testDataSource()
      throws NamingException, SQLException {
      final String sql = "select systimestamp from dual";
      Properties properties = new Properties();
      properties.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
      properties.put(Context.PROVIDER_URL, "jnp://localhost:1099");
      properties.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces" );
      Context ctx = new InitialContext(properties);
      DataSource ds = (DataSource) ctx.lookup("WRDS");
      Connection con = null;
      Statement stmt = null;
      ResultSet rs = null;
      try {
      con = ds.getConnection();
      stmt = con.createStatement();
      rs = stmt.executeQuery(sql);
      while(rs.next()) {
      System.out.println("Query '" + sql + "' returned " + rs.getString(1));
      }
      } finally {
      if(rs != null) rs.close();
      if(stmt != null) stmt.close();
      if(con != null) con.close();
      }
      }
      }


      And here are the errors that get when I run this above code:

      [jboss@qa1wrapp1 bin]$ java DataSourceTest
      Exception in thread "main" java.lang.SecurityException: Invalid authentication attempt, principal=null
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:589)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:395)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:842)
      at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:88)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

      Please nore that this code works just fine If I have the password hard-coded in the oracle-ds.xml file, and am NOT using the "Encrypted" security domain in the login-config.xml file.

      I am in desparate need of help for getting it to work real soon. Please help!!!! Thanks a millions in advance!