[jboss-user] [Security & JAAS/JBoss] - JBoss datasource encryption

aramin do-not-reply at jboss.com
Tue Jul 29 18:08:26 EDT 2008 

We're running JBoss 4.0.5 (Windows in development, Linux in production), and I'm trying to encrypt a datasource password using our own algorithm, using this as a reference:
http://wiki.jboss.org/wiki/EncryptingDataSourcePasswords

I've been able to get this to work using the standard JBoss SecureIdentityLoginModule with an encrypted password.  But I have not been able to tie in a custom algorithm.

I've changed the datasource.xml file to add the security domain:
<security-domain>EncryptDBPassword</security-domain>

and added the policy to login-config.xml:
<application-policy name="EncryptDBPassword">
  |   <authentication>
  |   <login-module code="org.jboss.resource.security.SecureCustomLoginModule" flag="required">
  |   <module-option name="username">admin</module-option>
  |   <module-option name="password">-207a6df87216de44</module-option>
  |   <module-option name="managedConnectionFactoryName">jboss.jca:name=PostgresDS,service=LocalTxCM</module-option>
  |   </login-module>
  |   </authentication>
  | </application-policy>

I've then written my own SecureCustomLoginModule, which at this point is identical to SecureIdentityLoginModule, extending AbstractPasswordCredentialLoginModule.  I keep it packaged in org.jboss.resource.security to it has access to the JBoss classes (like SubjectActions) and packaged it in a separate jar in the deploy folder.

But without even changing the encryption logic, JBoss will not authenticate when I use a custom security module.  The code is the same, it just points to a different class.

Is there an example of a working or recommended implementation of this?  A requirement here is to use our own encryption algorithm and custom key.

Errors follow below.

Thanks to anyone who can help!

error:
 State: FAILED
  |  Reason: java.lang.SecurityException: Invalid authentication attempt, principal=null
  | 
  | java.lang.SecurityException: Invalid authentication attempt, principal=null
  |  at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:572)
  |  at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:378)
  |  at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:812)
  |  at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:88)
  |  at org.jboss.ejb.plugins.cmp.jdbc.SQLUtil.fixTableName(SQLUtil.java:173)
  |  at org.jboss.ejb.plugins.cmp.jdbc.bridge.JDBCEntityBridge.init(JDBCEntityBridge.java:157)
  |  at org.jboss.ejb.plugins.cmp.jdbc.JDBCStoreManager.initStoreManager(JDBCStoreManager.java:435)
  |  at org.jboss.ejb.plugins.cmp.jdbc.JDBCStoreManager.start(JDBCStoreManager.java:368)
  |  at org.jboss.ejb.plugins.CMPPersistenceManager.start(CMPPersistenceManager.java:172)
  |  at org.jboss.ejb.EntityContainer.startPmAndInterceptors(EntityContainer.java:1063)
  |  at org.jboss.ejb.EjbModule.startService(EjbModule.java:422)

(If I switch back to the SecureIdentityLoginModule then everything works fine)

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4167457#4167457

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4167457

More information about the jboss-user mailing list