Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2108

Subject private credentials have zeroes when passed to elytron-enabled datasource

XMLWordPrintable

      We have a web application that uses via hibernate a datasource.

      This datasource is elytron-enabled.

       

      The problem that we face is that when we set our security domain to have a properties realm, Subject passed to DS connection info has correctly assigned in privCredentials property the user's password.

      When we change the realm to be an ldap realm, password characters stay the same regarding the length, but we see only zeroes.

      <datasource jndi-name="java:/devDS" pool-name="devDS">
 <connection-url>jdbc:postgresql://localhost:5432/testDB</connection-url>
 <driver>postgres</driver>
 <pool>
 <max-pool-size>100</max-pool-size>
 </pool>
 <security>
 <elytron-enabled>true</elytron-enabled>
 <authentication-context>test-authentication-context</authentication-context>
 </security>
 <validation>
 <check-valid-connection-sql>select 1</check-valid-connection-sql>
 <background-validation>false</background-validation>
 </validation>
 <timeout>
 <idle-timeout-minutes>5</idle-timeout-minutes>
 </timeout>
 </datasource>\{noformat}

      <authentication-client>
 <authentication-configuration name="test-authentication-configuration" security- domaim="testSD" forwarding-mode="authentication"/>
 <authentication-context name="test-authentication-context">
 <match-rule authentication-configuration="test-authentication-configuration"/>
 </authentication-context>
</authentication-client>

      <security-domain name="testSD" default-realm="idmLR" permission-mapper="default-permission-mapper"> <realm name="idmLR" role-decoder="from-roles-attribute"/> </security-domain>

      <dir-context name="idmDC" url=our_ldap_url" principal="principal_query">
 <credential-reference clear-text="xxxxx"/>
</dir-context>

      <ldap-realm name="idmLR" dir-context="idmDC" direct-verification="true">
 <identity-mapping rdn-identifier="uid" search-base-dn="cn=users,cn=accounts,dc=internal,dc=net">
 <attribute-mapping>
 <attribute from="cn" to="Roles" filter="(member=uid=\{0},cn=users,cn=accounts,dc=internal,dc=net)" filter-base-dn="cn=groups,cn=accounts,dc=internal,dc=net"/>
 </attribute-mapping>
 </identity-mapping>
</ldap-realm>

       

        1. CaptureWildfly.PNG
          CaptureWildfly.PNG
          194 kB

            rhn-support-rmartinc Ricardo Martin Camarero
            rhn-support-rmartinc Ricardo Martin Camarero
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: