[jboss-jira] [JBoss JIRA] (AS7-5177) Add support for expressions in security domain module-option

RH Bugzilla Integration (JIRA) jira-events at lists.jboss.org
Wed Aug 29 09:56:36 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-5177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12714566#comment-12714566 ] 

RH Bugzilla Integration commented on AS7-5177:
----------------------------------------------

John Mazzitelli <mazz at redhat.com> made a comment on [bug 851268|https://bugzilla.redhat.com/show_bug.cgi?id=851268]

removing all the external bug tracking links - the bugzilla integration to jira is not good:

I will add "see also" links from this BZ to these:

https://issues.jboss.org/browse/AS7-5342
https://issues.jboss.org/browse/AS7-5336
https://issues.jboss.org/browse/AS7-5321
https://issues.jboss.org/browse/AS7-5177
https://issues.jboss.org/browse/AS7-887
https://issues.jboss.org/browse/AS7-3199
                
> Add support for expressions in security domain module-option
> ------------------------------------------------------------
>
>                 Key: AS7-5177
>                 URL: https://issues.jboss.org/browse/AS7-5177
>             Project: Application Server 7
>          Issue Type: Enhancement
>          Components: Domain Management, Security
>    Affects Versions: 7.1.1.Final, 7.1.2.Final (EAP)
>            Reporter: John Mazzitelli
>            Assignee: Tomaz Cerar
>              Labels: rhq
>             Fix For: 7.2.0.Alpha1
>
>
> If I use the SecureIdentity security-domain with my datasource, and I directly hardcode the password in the security-domain definition (in standalone.xml), AS7.1.1.Final starts up fine with no errors:
> <security-domain name="RHQDSSecurityDomain" cache-type="default">
>   <authentication>
>     <login-module code="SecureIdentity" flag="required">
>       <module-option name="username" value="${myser:rhqadmin}"/>
>       <module-option name="password" value="1eeb2f255e832171df8592078de921bc"/>
>     </login-module>
>   </authentication>
> </security-domain>
> Notice that I use the sys prop variable in the username (${var} notation) but not for password. But now, use it for the password too:
> <security-domain name="RHQDSSecurityDomain" cache-type="default">
>   <authentication>
>     <login-module code="SecureIdentity" flag="required">
>       <module-option name="username" value="${myser:rhqadmin}"/>
>       <module-option name="password" value="${mypass:1eeb2f255e832171df8592078de921bc}"/>
>     </login-module>
>   </authentication>
> </security-domain>
> Notice ${mypass:1eeb...}. I do not want to hardcode the encrypted password - I want to set that system property (preferably via the -P option) so I don't hardcode it here.
> But when I start up AS7, I get an exception. Here's the exception I see at startup:
> 17:44:08,636 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()PB00024: Access Denied:Unauthenticated caller:null: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null
>         at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89)
>         at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1019)
>         at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1014)
>         at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_29]
>         at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1013)
>         at org.jboss.jca.deployers.common.AbstractDsDeployer.deployXADataSource(AbstractDsDeployer.java:824)
>         at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:338)
>         at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:271)
>         at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:111)
> ...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list