Bug 1315439

Summary: [GSS] (6.4.z) Difficult to identify datasource with wrong credentials if security-domain is used.
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Lami Akagwu <lakagwu>
Component: JCAAssignee: Lin Gao <lgao>
Status: CLOSED CURRENTRELEASE QA Contact: Peter Mackay <pmackay>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.4.6CC: bbaranow, bmaxwell, cdewolf, jpederse, jtruhlar, lgao, pmackay
Target Milestone: CR1   
Target Release: EAP 6.4.8   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-17 12:35:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1279553, 1310867    

Description Lami Akagwu 2016-03-07 18:03:07 UTC 
Description of problem:

If the password for any datasource is invalid, and there are multiple datasources defined, it is difficult to identify the problematic datasource from the the console log.
 

In this particular case, security-domain is used for the login credential.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.    Using the attached standalone-ds2.xml and app.properties, start an EAP 6 instance with the following commands

 ./standalone.sh -c standalone-ds2.xml -P app.properties

user=lami
password=57f4a2091f03f2fd

Actual results:
2. Console log reports

17:49:54,660 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) JBAS010400: Bound data source [java:/DefaultDS]
17:49:54,663 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-3) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
	at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]

17:49:54,670 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) JBAS010400: Bound data source [java:/DefaultDS2]



Expected results:
Console clearly identifies which login id was problematic

Additional info:
Password encrypted using 
java -cp ../modules/system/layers/base/.overlays/layer-base-jboss-eap-6.4.5.CP/org/picketbox/main/picketbox-4.1.2.Final-redhat-1.jar:../modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.4.GA-redhat-2.jar:CLASSPATH  org.picketbox.datasource.security.SecureIdentityLoginModule lami
Encoded password: 57f4a2091f03f2fd
Comment 3 Lin Gao 2016-03-12 03:06:48 UTC 
The PR to IJ 1.0 branch: https://github.com/ironjacamar/ironjacamar/pull/480 has been merged, it will be included in next upgrade of IJ.
Comment 5 Peter Mackay 2016-05-05 12:03:02 UTC 
Verified with EAP 6.4.8.CP.CR2
Comment 6 JBoss JIRA Server 2016-05-12 03:39:38 UTC 
Lin Gao <lgao> updated the status of jira JBEAP-3811 to Resolved
Comment 7 JBoss JIRA Server 2016-05-23 12:27:16 UTC 
Jesper Pedersen <jpederse> updated the status of jira JBJCA-1317 to Closed
Comment 8 JBoss JIRA Server 2016-08-23 11:38:48 UTC 
Jiri Pallich <jpallich> updated the status of jira JBEAP-3811 to Closed
Comment 9 Petr Penicka 2017-01-17 12:35:43 UTC 
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.