[jboss-dev-forums] [PicketBox Development] - Re: AS7: Sensitive Attributes Masking
Dmitri Voronov
do-not-reply at jboss.com
Mon Dec 19 04:28:39 EST 2011
Dmitri Voronov [http://community.jboss.org/people/dimonv] created the discussion
"Re: AS7: Sensitive Attributes Masking"
To view the discussion, visit: http://community.jboss.org/message/642169#642169
--------------------------------------------------------------
Hi all,
I'm currently trying to apply vault for DataSource' password in JBoss AS 7.1.0.Beta1 as described in Wiki http://community.jboss.org/docs/DOC-17248 http://community.jboss.org/wiki/JBossAS7SecuringPasswords but doesn't work. I get following exception:
10:23:41,265 ERROR [org.jboss.as.controller] (ServerService Thread Pool -- 47) JBAS014612: Operation ("enable") failed - address: ([
("subsystem" => "datasources"),
("data-source" => "java:jboss/jdbc/MSSQLDataSource-PROD")
]): java.lang.SecurityException: org.jboss.security.vault.SecurityVaultException: PB00027: Vault Mismatch:Shared Key does not match for vault block:MSSQLDataSource and attributeName:password
at org.jboss.as.server.services.security.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:98) [jboss-as-server-7.1.0.Beta1.jar:]
at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45) [jboss-as-server-7.1.0.Beta1.jar:]
at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:58) [jboss-as-controller-7.1.0.Beta1.jar:]
...
My configuration:
I put vault configuration in standalone in the server scope:
| <vault> |
|
| | <vault-option name="KEYSTORE_URL" value="C:/eplatform/jboss/AS-7.0/standalone/configuration/vault.keystore"/> |
| | <vault-option name="KEYSTORE_PASSWORD" value="MASK-8mj0bd6g0iq"/> |
| | <vault-option name="KEYSTORE_ALIAS" value="vault"/> |
| | <vault-option name="SALT" value="12345678"/> |
| | <vault-option name="ITERATION_COUNT" value="42"/> |
| | <vault-option name="ENC_FILE_DIR" value="C:/eplatform/jboss/AS-7.0/standalone/data/"/> |
| </vault> |
|
and the DataSource' password value:
| <password> |
|
| | ${VAULT::MSSQLDataSource::password::MmUxNzU1MjgtYWM1Mi00MzZmLThlZTctZGIxNzE4ZGQ3ZWZlTElORV9CUkVBS3ZhdWx0} |
| </password> |
|
Thanks and regards
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/642169#642169]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2088]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20111219/632490af/attachment.html
More information about the jboss-dev-forums
mailing list