2 Replies Latest reply: Feb 9, 2012 2:57 PM by Larry Honeywood RSS

Encrypting Datasource Password

Knut Klünker Newbie

Hi all,

 

I encrypted the datasource password with the SecureIdentityLoginModule in a JBoss 5.1.GA. Everything works fine but it doesn't work with one datasource. I checked everything in the configuration and also the generated password. But it was ok.

The datasource are all Oracle 10g datasources.

 

In the log there is the following error:

2010-06-24 15:46:54,577 xxxxxxxx INFO  [VerboseError is false
2010-06-24 15:46:55,755 xxxxx ERROR [org.jboss.resource.security.AbstractPasswordCrede
ntialLoginModule] xxxxxx: The ConnectionManager mbean: jboss.jca:name=xxxxxx,service=XATxCM specified in a ConfiguredIdentityLoginModule could not be found. ConnectionFactory will be unusable!
javax.management.InstanceNotFoundException: jboss.jca:name=xxxxx,service=XATxCM is not registered.
        at org.jboss.mx.server.registry.BasicMBeanRegistry.get(BasicMBeanRegistry.java:526)
        at org.jboss.mx.server.MBeanServerImpl.getAttribute(MBeanServerImpl.java:559)
        at org.jboss.resource.security.AbstractPasswordCredentialLoginModule.getMcf(AbstractPasswordCredentialLoginModule.java
:118)
        at org.jboss.resource.security.AbstractPasswordCredentialLoginModule.initialize(AbstractPasswordCredentialLoginModule.
java:88)
        at org.jboss.resource.security.SecureIdentityLoginModule.initialize(SecureIdentityLoginModule.java:80)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
        at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
        at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
        at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
        at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:90)
        at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
        at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
        at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectio
nManager2.java:941)
        at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)

 

The datasource was bound:

2010-06-24 15:44:22,391 main INFO  [org.jboss.resource.connectionmanager.ConnectionFactoryBindingService] --: Bound Connection
Manager 'jboss.jca:service=DataSourceBinding,name=xxxx' to JNDI name 'java:xxxx'

 

And the in jmx-console under jca you can find the datasource under the name.

 

In the login-config.xml is the following policy entry:

...

<application-policy name="NAMExxxx">
        <authentication>
            <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
                <module-option name="username">xxxx</module-option>
                <module-option name="password">xxxxxx</module-option>
                <module-option name="managedConnectionFactoryName">jboss.jca:name=xxxx,service=XATxCM</module-option>
            </login-module>
        </authentication>
    </application-policy>

....

 

Username and password are correct.

 

I changed the password for testing, so that is was wrong, but the ERROR messages are the same.

 

Can somebody help me?

 

Best regards

Knut

  • 1. Re: Encrypting Datasource Password
    Vipul Jadhav Newbie

    make sure jboss.jca:name matches to name give in *-xa-ds.xml.I was getting same problem earlier

  • 2. Re: Encrypting Datasource Password
    Larry Honeywood Newbie

    Also, Make sure the service type in your login-config.xml file matches the transaction type in your "-ds.xml" file. EX:

     

    if your "-ds.xml" entry looks like:

    <xa-datasource>
        <jndi-name>SomeDS</jndi-name>
            <security-domain>SomeDomain</security-domain>
      </xa-datasource>

     

    Then the service type in the login-config.xml for the corresponding domain should look like :

     

    <module-option name = "managedConnectionFactoryName">jboss.jca:name=SomeDS,service=XATxCM</module-option>

     

    But,

     

    if your "-ds.xml" entry looks like:

    <local-tx-datasource>
        <jndi-name>SomeDS</jndi-name>
            <security-domain>SomeDomain</security-domain>
      </local-tx-datasource>

     

    Then the service type in the login-config.xml for the corresponding domain should look like :

     

    <module-option name = "managedConnectionFactoryName">jboss.jca:name=SomeDS,service=LocalTxCM</module-option>