[jboss-jira] [JBoss JIRA] Moved: (EJBTHREE-1737) Using SecurityDomain causing problems with DB access

Anil Saldhana (JIRA) jira-events at lists.jboss.org
Tue Feb 24 15:53:44 EST 2009 

     [ https://jira.jboss.org/jira/browse/EJBTHREE-1737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anil Saldhana moved SECURITY-371 to EJBTHREE-1737:
--------------------------------------------------

     Project: EJB 3.0  (was: JBoss Security and Identity Management)
         Key: EJBTHREE-1737  (was: SECURITY-371)
    Security:     (was: Public)


> Using SecurityDomain causing problems with DB access
> ----------------------------------------------------
>
>                 Key: EJBTHREE-1737
>                 URL: https://jira.jboss.org/jira/browse/EJBTHREE-1737
>             Project: EJB 3.0
>          Issue Type: Bug
>         Environment: Using oracle db, running linux red hat
>            Reporter: William Newman
>            Assignee: Anil Saldhana
>
> When using @SecurityDomain in EJB I try and get a connection to a database using a datasource other than the DefaultDS and it is somehow going to the driver defined for the DefaultDS.
> Create a security domain, I used the BaseCertLoginModule. Then have two datasources setup, one that is named 'DefaultDS' and one that is named something else 'AnotherDS'. Configure each data source with a different driver. When you get inside a bean get the 'AnotherDS' and call getConnection, then call something like prepareStatment. Sit back and watch the driver for the 'DefaultDS' get called. 
> Something seems to be  getting corrupted in JBoss when you use @SecurityDomain or when you set-up the context specific stuff for use with the security domain i.e. Context.SECURITY_PRINIPAL.. 
> here is some of my code:
> oracle-ds.xml (DefaultDS)
> <datasources>
>   <local-tx-datasource>
>     <jndi-name>DefaultDS</jndi-name>
>     <connection-url>jdbc:oracle:thin:@host:1721:example</connection-url>
>     <driver-class>com.example.driver.ProxiedOracleDriver</driver-class>
>     <user-name>defaultds</user-name>
>     <password>defaultds</password>
>     <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
>     <metadata>
>       <type-mapping>Oracle10g</type-mapping>
>     </metadata>
>   </local-tx-datasource>
> </datasources>
> A different DS with a different driver
>     
> <datasources>
>   <local-tx-datasource>
>     <jndi-name>AnotherDS</jndi-name>
>     <connection-url>jdbc:oracle:thin:@host:1721:example</connection-url>
>     <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
>     <user-name>anotherds</user-name>
>     <password>anotherds</password>
>     <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
>     <metadata>
>       <type-mapping>Oracle10g</type-mapping>
>     </metadata>
>   </local-tx-datasource>
> </datasources>
> login-config.xml
>     
> <policy>
>   <application-policy name="client-cert">
>     <authentication>
>       <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag="required">
>         <module-option name="securityDomain">java:/jaas/client-cert</module-option>
>         <module-option name="verifier">org.jboss.security.auth.certs.AnyCertVerifier</module-option>
>       </login-module>
>     </authentication>
>   </application-policy>
>   <application-policy name="ASecurityDomain">
>     <authentication>
>       <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag="required">
>         <module-option name="password-stacking">useFirstPass</module-option>
>         <module-option name="securityDomain">java:/jaas/client-cert</module-option>
>         <module-option name="verifier">org.jboss.security.auth.certs.AnyCertVerifier</module-option>
>         <module-option name="unathenticatedIdentity">guest</module-option>
>       </login-module>
>       <login-module code="org.jboss.security.ClientLoginModule" flag="required">
>         <module-option name="restore-login-identity">true</module-option>
>         <module-option name="password-stacking">useFirstPass</module-option>
>       </login-module>
>     </authentication>
>   </application-policy>
> </policy>
> Code in an EJB to get db stuff:
> @Clustered
> @Stateless
> @Local(SecurityService.class)
> @LocalBinding(jndiBinding="/ejb/SecurityRef")
> @SecurityDomain(ASecurityDomain)
> public class SecurityBean  {
> @Resource(mappedName="java:/AnotherDS")
> private DataSource ds;
> public Interger testDB() {
> Connection dbConn = ds.getConnection();
>     
> PreparedStatement pStmt = dbConn .prepareStatement("select count(*) from some_table");
> ResultSet rs = pStmt.executeQuery();
> rs.next();
> return new Integer(rs.getInt(1));
> }
> Code in servlet to call EJB:
> X509Certificate cert =  null; /* get cert here */
> Properties env = new Properties();
> env.put(InitialContext.PROVIDER_URL, "jnp://server:1100");
> env.put(InitialContext.SECURITY_PRINCIPAL, cert.getSubjectX500Principal());
> env.put(InitialContext.SECURITY_CREDENTIALS, cert);
> env.put(InitialContext.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
> InitialContext cxt = InitialContext(env);
> SecurityService security = (SecurityService) cxt.lookup("/ejb/SecurityRef");
> Integer result = security.testDB();

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list