| Summary: | [GSS] (6.4.z) Flagging of invalid login credential for datasource is inconsistent. | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Lami Akagwu <lakagwu> |
| Component: | Security | Assignee: | Lin Gao <lgao> |
| Status: | CLOSED DEFERRED | QA Contact: | Josef Cacek <jcacek> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4.6 | CC: | anmiller, bbaranow, bdawidow, bmaxwell, cdewolf, darran.lofthouse, lgao, msochure, ppenicka, pskopek |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-06-06 15:19:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Lin Gao <lgao> updated the status of jira SECURITY-938 to Coding In Progress Carlo de Wolf <cdewolf> updated the status of jira JBEAP-3812 to Resolved More info from Lin for the Triage call: Some conflicts I see to merge this commit to EAP 6.4.x are: 1). Some new Injected dependencies were added in EAP 7 Services(like AbstractDataSourceService, AbstractResourceAdapterDeploymentService, etc), which are not in EAP 6 yet. 2). The missing class(PicketBoxSubjectFactory) in IronJacamar 1.0 branch which is used for EAP 6.x. 3). JBoss Module dependency declaration, EAP 7 uses feature pack to compose the target archive, EAP 6 specify the module dependencies in a different location. And it needs 2 parts to fix the issue by improving the ability to assist customer to find out the root cause of the exception(NOTE, no functionality fix): a). Fixes in connector subsystem, which needs the cherry-pick from EAP 7 commit which has the conflicts above b). Fixes in PicketBox(https://issues.jboss.org/browse/SECURITY-938), which needs an upgrade of PicketBox which is still not happen yet for both EAP 7 and 6(out of my control...) Lin Gao <lgao> updated the status of jira SECURITY-938 to Resolved Jiri Pallich <jpallich> updated the status of jira JBEAP-3812 to Closed |
Description of problem: Version-Release number of selected component (if applicable): How reproducible: Always There are multiple parts to this (1) If the security-domain is defined for a datasource and the password is invalid, an error is reported in the console which is expected <datasource jndi-name="java:/DefaultDS2" pool-name="DefaultDS2" enabled="true" use-java-context="true"> <connection-url>jdbc:oracle:thin:@hostname:1521:ora1</connection-url> <driver>oracle</driver> <security> <security-domain>encryptedPassword2</security-domain> </security> </datasource> (2) If the 'password' for the datasource is invalid no error is reported in the console log at startup e.g <datasource jndi-name="java:/DefaultDS2" pool-name="DefaultDS2" enabled="true" use-java-context="true"> <connection-url>jdbc:oracle:thin:@hostname:1521:ora1</connection-url> <driver>oracle</driver> <security> <user-name>user</user-name> <password>passwd</password> </security> </datasource> 3. Whether or not you use a security-domain for a datasource, an invalid 'username' doesn't get flagged in the console. Actual results: Expected results: Invalid username and password should be flagged as login errors in the console log. It shouldn't make a difference whether or not you use security-credentials Additional info: