[jboss-user] [JCA/JBoss] - org.jboss.resource.security.SecureIdentityLoginModule

bitti1976 do-not-reply at jboss.com
Wed Jul 9 14:47:56 EDT 2008 

Hi there.
I am trying to get the Oracle datasource password encrytion to work. I am Jboss newbie, and recently attended a Jboss administration training, where the instructor went over the steps for  how to do this. I can successfully generate the encrypted password, and have modified my login-config and oracle-ds.xml as per my notes from the class.
Here is my security domain in login-config.xml looks like:

    <!-- Security domains for testing new jca framework -->
    <application-policy name="Encrypted">
        
            <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
                <module-option name="username">wr</module-option>
                <module-option name="password">7180326e7b1e444e</module-option>
                <module-option name="managedConnectionFactoryName">jboss.jca:name=WRDS,service=LocalTxCM</module-option>
            </login-module>
        
    </application-policy>


And here is what I have in my oracle-ds.xml:


  <local-tx-datasource>
    <jndi-name>WRDS</jndi-name>
    <use-java-context>false</use-java-context>
    <connection-url>jdbc:oracle:thin:@qa1wrdb1:1541:wrq1</connection-url>
    <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
    <security-domain>Encrypted></security-domain>
<!--
    <user-name>wr</user-name>
    wr
-->
    <!-- Uses the pingDatabase method to check a connection is still valid before handing it out from the pool
    <valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleValidConnectionChecker</valid-connection-checker-class-name> -->
    <!-- Checks the Oracle error codes and messages for fatal errors -->
    <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
        <!-- sql to call when connection is created
        <new-connection-sql>select systimestamp from dual</new-connection-sql> -->

        <!-- sql to call on an existing pooled connection when it is obtained from pool - the OracleValidConnectionChecker is prefered
        <check-valid-connection-sql>select systimestamp from dual</check-valid-connection-sql> -->

      <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml -->
      
         <type-mapping>Oracle9i</type-mapping>
      
 <!-- pooling parameters -->
   <min-pool-size>5</min-pool-size>
   <max-pool-size>100</max-pool-size>
   <blocking-timeout-millis>30000</blocking-timeout-millis>
   <idle-timeout-minutes>15</idle-timeout-minutes>
 <!-- performance related parameters
   <transaction-isolation>TRANSACTION_READ_COMMITED</transaction-isolation>
   <track-statements>false</track-statements>
 -->
   <prepared-statement-cache-size>50</prepared-statement-cache-size>
   </local-tx-datasource>
 <!-- END WRDS datasource -->

This is the code I run to test if I can successfully make a database connection using this new security domain.

*****Java Code Starts here, This is a simple java code that I first compile a nd then execute ****/

import java.util.*;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.sql.DataSource;

public class DataSourceTest {
public static void main(String[] args) throws Exception {
testDataSource();
}

private static void testDataSource()
throws NamingException, SQLException {
final String sql = "select systimestamp from dual";
Properties properties = new Properties();
properties.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
properties.put(Context.PROVIDER_URL, "jnp://localhost:1099");
properties.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces" );
Context ctx = new InitialContext(properties);
DataSource ds = (DataSource) ctx.lookup("WRDS");
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
try {
con = ds.getConnection();
stmt = con.createStatement();
rs = stmt.executeQuery(sql);
while(rs.next()) {
    System.out.println("Query '" + sql + "' returned " + rs.getString(1));
}
} finally {
if(rs != null) rs.close();
if(stmt != null) stmt.close();
if(con != null) con.close();
}
}
}


And here are the errors that get when I run this above code:

[jboss at qa1wrapp1 bin]$ java DataSourceTest
Exception in thread "main" java.lang.SecurityException: Invalid authentication attempt, principal=null
        at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:589)
        at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:395)
        at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:842)
        at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:88)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

Please nore that this code works just fine If I have the password hard-coded in the oracle-ds.xml file, and am NOT using the "Encrypted" security domain in the login-config.xml file.

I am in desparate need of help for getting it to work real soon. Please help!!!!  Thanks a millions in advance!


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163387#4163387

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4163387

More information about the jboss-user mailing list