Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-22300

[QE](7.3.z) JBJCA-1427 - not possible to bypass GSSCredentials using Datasource.getConnection(username,password)

    XMLWordPrintable

Details

    • Bug
    • Status: Verified (View Workflow)
    • Critical
    • Resolution: Done
    • 7.3.9.CR1, 7.4.1.CR1
    • 7.3.10.CR1, 7.3.10.GA
    • JCA
    • None
    • Hide

      configuration from JBEAP-21373 can be used for debugging

      Show
      configuration from JBEAP-21373 can be used for debugging
    • Workaround Exists
    • Hide

      System property

      ironjacamar.jdbc.kerberos.copygsscredentials=true
      
      Show
      System property ironjacamar.jdbc.kerberos.copygsscredentials= true
    • Regression
    • +

    Description

      Tested with EAP from 7.4.x branch, commit 59e4f3297c1de493e4ff14492dbf0b73bde86cb3

      After JBEAP-21373 it is not possible to overload authentication defined in server configuration with DataSource.getConnection(username, password)

      <datasource jndi-name="java:jboss/datasources/TestDatasource" pool-name="TestDatasource" spy="true" statistics-enabled="true">
          <connection-url>URL</connection-url>
          <connection-property name="oracle.net.authentication_services">
              (KERBEROS5)
          </connection-property>
          <driver>jdbc_driver</driver>
          <pool>
              <min-pool-size>0</min-pool-size>
              <max-pool-size>1</max-pool-size>
              <prefill>false</prefill>
              <allow-multiple-users>true</allow-multiple-users>
          </pool>
          <security>
              <security-domain>DatabaseUser</security-domain>
          </security>
      </datasource>
      

      And in the application then:

      @Resource(lookup = Constants.DATASOURCE_JNDI_NAME)
      private DataSource ds;
      
      ....
      
      ds.getConnection(username, password)
      

      username and password from getConnection method call should be used but kerberos authentication is used instead

      Attachments

        Issue Links

          Activity

            People

              rhn-engineering-lgao Lin Gao
              pmackay@redhat.com Peter Mackay
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: