]
Ramesh Reddy resolved TEIID-3684.
---------------------------------
Resolution: Done
Deprecated in 8.12.5, removed in 9.0
Updated the documents accordingly, is there place we are tracking the migration issues?
RoleBasedCredentialMapIdentityLoginModule throws exception at startup
time
--------------------------------------------------------------------------
Key: TEIID-3684
URL:
https://issues.jboss.org/browse/TEIID-3684
Project: Teiid
Issue Type: Bug
Affects Versions: 8.7.1.6_2
Reporter: Juraj DurĂ¡ni
Assignee: Ramesh Reddy
Fix For: 9.0, 8.12.5
If a data source is configured to use RoleBasedCredentialMapIdentityLoginModule, then
exception is thrown at startup \[1\], because default username and password are null.
Please, add module options "username" and "password" to set up default
user (similar functionality have e.g. CallerIdentityLoginModule and
PassthroughIdentityLoginModule), so DV is able to properly load data source at startup
when no user is authenticated and therefore no mapping could be performed.
Example configuration \[2\]. Note, there is no exception if UsersRoles login module is
used instead of RealDirect. However, it means that EAP users are separate from DV users.
*FYI:*
- credentialMap module option should be defined as URL (file://...). It would be nice to
have this information in the documentation.
- I tried to use unauthenticatedIdentity module option for RealmDirect, but same
exception has been thrown with different root cause (realm 'ApplicationRealm' not
found). I do not know why.
\[1\]
ERROR
[org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer]
(MSC service thread 1-5) Exception during createSubject()PBOX000016: Access denied:
authentication failed: java.lang.SecurityException: PBOX000016: Access denied:
authentication failed
at
org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
at
org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
at
org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_40]
at
org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
at
org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
at
org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
at
org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
at
org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_40]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_40]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_40]
\[2\]
{code:xml}
<security-domain name="my-sec">
<authentication>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking"
value="tryFirstPass"/>
<!--<module-option name="unauthenticatedIdentity"
value="guest"/>-->
</login-module>
<login-module
code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule"
module="org.jboss.teiid" flag="required">
<module-option name="password-stacking"
value="useFirstPass"/>
<module-option name="credentialMap"
value="file://${jboss.server.config.dir}/teiid-credentialmap.properties"/>
</login-module>
</authentication>
</security-domain>
{code}