[jboss-jira] [JBoss JIRA] Created: (SECURITY-371) Using SecurityDomain causing problems with DB access

William Newman (JIRA) jira-events at lists.jboss.org
Tue Feb 24 15:06:46 EST 2009 

Using SecurityDomain causing problems with DB access
----------------------------------------------------

                 Key: SECURITY-371
                 URL: https://jira.jboss.org/jira/browse/SECURITY-371
             Project: JBoss Security and Identity Management
          Issue Type: Bug
      Security Level: Public (Everyone can see)
         Environment: Using oracle db, running linux red hat
            Reporter: William Newman
            Assignee: Anil Saldhana


When using @SecurityDomain in EJB I try and get a connection to a database using a datasource other than the DefaultDS and it is somehow going to the driver defined for the DefaultDS.

Create a security domain, I used the BaseCertLoginModule. Then have two datasources setup, one that is named 'DefaultDS' and one that is named something else 'AnotherDS'. Configure each data source with a different driver. When you get inside a bean get the 'AnotherDS' and call getConnection, then call something like prepareStatment. Sit back and watch the driver for the 'DefaultDS' get called. 

Something seems to be  getting corrupted in JBoss when you use @SecurityDomain or when you set-up the context specific stuff for use with the security domain i.e. Context.SECURITY_PRINIPAL.. 

here is some of my code:
    
jboss.xml
<jboss>
  <security-domain>java:/jaas/customSecurityDomain</security-domain>
  <enterprise-beans>
    <session>
      <ejb-name>ExampleSession</ejb-name>
      <local-jndi-name>ejb/ExampleSessionRef</local-jndi-name>
      <clustered />
    </session>
  </enterprise-beans>
</jboss>

oracle-ds.xml (DefaultDS)
<datasources>
  <local-tx-datasource>
    <jndi-name>DefaultDS</jndi-name>
    <connection-url>jdbc:oracle:thin:@host:1721:example</connection-url>
    <driver-class>com.example.driver.ProxiedOracleDriver</driver-class>
    <user-name>defaultds</user-name>
    <password>defaultds</password>
    <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
    <metadata>
      <type-mapping>Oracle10g</type-mapping>
    </metadata>
  </local-tx-datasource>
</datasources>

A different DS with a different driver
    
<datasources>
  <local-tx-datasource>
    <jndi-name>AnotherDS</jndi-name>
    <connection-url>jdbc:oracle:thin:@host:1721:example</connection-url>
    <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
    <user-name>anotherds</user-name>
    <password>anotherds</password>
    <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
    <metadata>
      <type-mapping>Oracle10g</type-mapping>
    </metadata>
  </local-tx-datasource>
</datasources>

login-config.xml
    
<policy>
  <application-policy name="client-cert">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag="required">
        <module-option name="securityDomain">java:/jaas/client-cert</module-option>
        <module-option name="verifier">org.jboss.security.auth.certs.AnyCertVerifier</module-option>
      </login-module>
    </authentication>
  </application-policy>

  <application-policy name="ASecurityDomain">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag="required">
        <module-option name="password-stacking">useFirstPass</module-option>
        <module-option name="securityDomain">java:/jaas/client-cert</module-option>
        <module-option name="verifier">org.jboss.security.auth.certs.AnyCertVerifier</module-option>
        <module-option name="unathenticatedIdentity">guest</module-option>
      </login-module>
      <login-module code="org.jboss.security.ClientLoginModule" flag="required">
        <module-option name="restore-login-identity">true</module-option>
        <module-option name="password-stacking">useFirstPass</module-option>
      </login-module>
    </authentication>
  </application-policy>

</policy>

Code in an EJB to get db stuff:

@Resource(mappedName="java:/AnotherDS")
private DataSource ds;
.
.
.
Connection dbConn = ds.getConnection();
    
dbConn .prepareStatement("select * from Foo");

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list