[teiid-issues] [JBoss JIRA] (TEIID-3684) RoleBasedCredentialMapIdentityLoginModule throws exception at startup time

RH Bugzilla Integration (JIRA) issues at jboss.org
Mon Aug 8 23:04:00 EDT 2016 

    [ https://issues.jboss.org/browse/TEIID-3684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13276464#comment-13276464 ] 

RH Bugzilla Integration commented on TEIID-3684:
------------------------------------------------

David Le Sage <dlesage at redhat.com> changed the Status of [bug 1260621|https://bugzilla.redhat.com/show_bug.cgi?id=1260621] from ASSIGNED to ON_QA

> RoleBasedCredentialMapIdentityLoginModule throws exception at startup time
> --------------------------------------------------------------------------
>
>                 Key: TEIID-3684
>                 URL: https://issues.jboss.org/browse/TEIID-3684
>             Project: Teiid
>          Issue Type: Bug
>    Affects Versions: 8.7.1.6_2
>            Reporter: Juraj Duráni
>            Assignee: Ramesh Reddy
>             Fix For: 9.0, 8.12.5
>
>
> If a data source is configured to use RoleBasedCredentialMapIdentityLoginModule, then exception is thrown at startup \[1\], because default username and password are null. Please, add module options "username" and "password" to set up default user (similar functionality have e.g. CallerIdentityLoginModule and PassthroughIdentityLoginModule), so DV is able to properly load data source at startup when no user is authenticated and therefore no mapping could be performed.
> Example configuration \[2\]. Note, there is no exception if UsersRoles login module is used instead of RealDirect. However, it means that EAP users are separate from DV users.
> *FYI:*
> - credentialMap module option should be defined as URL (file://...). It would be nice to have this information in the documentation.
> - I tried to use unauthenticatedIdentity module option for RealmDirect, but same exception has been thrown with different root cause (realm 'ApplicationRealm' not found). I do not know why.
> \[1\]
> ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-5) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
> 	at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
> 	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
> 	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
> 	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_40]
> 	at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
> 	at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
> 	at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
> 	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
> 	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_40]
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_40]
> 	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_40]
> \[2\]
> {code:xml}
> <security-domain name="my-sec">
>     <authentication>
>         <login-module code="RealmDirect" flag="required">
>             <module-option name="password-stacking" value="tryFirstPass"/>
>             <!--<module-option name="unauthenticatedIdentity" value="guest"/>-->
>         </login-module>
>         <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" module="org.jboss.teiid" flag="required">
>             <module-option name="password-stacking" value="useFirstPass"/>
>             <module-option name="credentialMap" value="file://${jboss.server.config.dir}/teiid-credentialmap.properties"/>
>         </login-module>
>     </authentication>
> </security-domain>
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the teiid-issues mailing list