[jboss-jira] [JBoss JIRA] (AS7-5177) security domain using SecureIdentity fails when using sys property replacement tokens

John Mazzitelli (JIRA) jira-events at lists.jboss.org
Mon Jul 16 18:25:06 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-5177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12706246#comment-12706246 ] 

John Mazzitelli commented on AS7-5177:
--------------------------------------

and for completeness, I also tried ${mypass} in the configuration (without providing a ":default") - still fails, whether I pass in -Dmypass=... or not.
                
> security domain using SecureIdentity fails when using sys property replacement tokens
> -------------------------------------------------------------------------------------
>
>                 Key: AS7-5177
>                 URL: https://issues.jboss.org/browse/AS7-5177
>             Project: Application Server 7
>          Issue Type: Bug
>            Reporter: John Mazzitelli
>
> If I use the SecureIdentity security-domain with my datasource, and I directly hardcode the password in the security-domain definition (in standalone.xml), AS7.1.1.Final starts up fine with no errors:
> <security-domain name="RHQDSSecurityDomain" cache-type="default">
>   <authentication>
>     <login-module code="SecureIdentity" flag="required">
>       <module-option name="username" value="${myser:rhqadmin}"/>
>       <module-option name="password" value="1eeb2f255e832171df8592078de921bc"/>
>     </login-module>
>   </authentication>
> </security-domain>
> Notice that I use the sys prop variable in the username (${var} notation) but not for password. But now, use it for the password too:
> <security-domain name="RHQDSSecurityDomain" cache-type="default">
>   <authentication>
>     <login-module code="SecureIdentity" flag="required">
>       <module-option name="username" value="${myser:rhqadmin}"/>
>       <module-option name="password" value="${mypass:1eeb2f255e832171df8592078de921bc}"/>
>     </login-module>
>   </authentication>
> </security-domain>
> Notice ${mypass:1eeb...}. I do not want to hardcode the encrypted password - I want to set that system property (preferably via the -P option) so I don't hardcode it here.
> But when I start up AS7, I get an exception. Here's the exception I see at startup:
> 17:44:08,636 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()PB00024: Access Denied:Unauthenticated caller:null: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null
>         at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89)
>         at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1019)
>         at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1014)
>         at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_29]
>         at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1013)
>         at org.jboss.jca.deployers.common.AbstractDsDeployer.deployXADataSource(AbstractDsDeployer.java:824)
>         at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:338)
>         at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:271)
>         at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:111)
> ...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list