Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-6120 Expand support for System Property substitution
  3. AS7-5177

Add support for expressions in security domain module-option

XMLWordPrintable

      If I use the SecureIdentity security-domain with my datasource, and I directly hardcode the password in the security-domain definition (in standalone.xml), AS7.1.1.Final starts up fine with no errors:

      <security-domain name="RHQDSSecurityDomain" cache-type="default">
      <authentication>
      <login-module code="SecureIdentity" flag="required">
      <module-option name="username" value="${myser:rhqadmin}"/>
      <module-option name="password" value="1eeb2f255e832171df8592078de921bc"/>
      </login-module>
      </authentication>
      </security-domain>

      Notice that I use the sys prop variable in the username (${var} notation) but not for password. But now, use it for the password too:

      <security-domain name="RHQDSSecurityDomain" cache-type="default">
      <authentication>
      <login-module code="SecureIdentity" flag="required">
      <module-option name="username" value="${myser:rhqadmin}"/>
      <module-option name="password" value="${mypass:1eeb2f255e832171df8592078de921bc}"/>
      </login-module>
      </authentication>
      </security-domain>

      Notice ${mypass:1eeb...}. I do not want to hardcode the encrypted password - I want to set that system property (preferably via the -P option) so I don't hardcode it here.

      But when I start up AS7, I get an exception. Here's the exception I see at startup:

      17:44:08,636 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()PB00024: Access Denied:Unauthenticated caller:null: java.lang.SecurityException: PB00024: Access Denied:Unauthenticated caller:null
      at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:89)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1019)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1014)
      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_29]
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1013)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.deployXADataSource(AbstractDsDeployer.java:824)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:338)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:271)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:111)
      ...

              tomazcerar Tomaž Cerar (Inactive)
              jmazzitelli John Mazzitelli
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: