Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-3811

Difficult to identify datasource with wrong credentials if security-domain is used

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.0.1.CR1, 7.0.1.GA
    • 7.0.0.ER6
    • JCA
    • None
    • EAP 7.0.1

    Description

      Description of problem:

      If the password for any datasource is invalid, and there are multiple datasources defined, it is difficult to identify the problematic datasource from the the console log.

      In this particular case, security-domain is used for the login credential.

      Version-Release number of selected component (if applicable):

      How reproducible:
      Always

      Steps to Reproduce:
      1. Using the attached standalone-ds2.xml and app.properties, start an EAP 6 instance with the following commands

      ./standalone.sh -c standalone-ds2.xml -P app.properties

      user=lami
      password=57f4a2091f03f2fd

      Actual results:
      2. Console log reports

      17:49:54,660 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) JBAS010400: Bound data source [java:/DefaultDS]
      17:49:54,663 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-3) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
      at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
      at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
      at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
      at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
      at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]

      17:49:54,670 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) JBAS010400: Bound data source [java:/DefaultDS2]

      Expected results:
      Console clearly identifies which login id was problematic

      Additional info:
      Password encrypted using
      java -cp ../modules/system/layers/base/.overlays/layer-base-jboss-eap-6.4.5.CP/org/picketbox/main/picketbox-4.1.2.Final-redhat-1.jar:../modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.4.GA-redhat-2.jar:CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule lami
      Encoded password: 57f4a2091f03f2fd

      Attachments

        Issue Links

          is blocked by

          Task - Represents a small unit of work that is not end-user facing. JBJCA-1317 Log jndi-name in console log to identify datasource with wrong credentials if security-domain is used

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-3810 Upgrade IronJacamar from 1.3.3.Final to 1.3.4.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-engineering-lgao Lin Gao
              rhn-engineering-lgao Lin Gao
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: