Bug 781050 (SOA-3534)

Summary: teiid fails to work when the datasource han an encrypted password created with PBEUtils
Product: [JBoss] JBoss Enterprise SOA Platform 5 Reporter: Tom Fonteyne <tfonteyn>
Component: EDSAssignee: Van Halbert <vhalbert>
Status: CLOSED WORKSFORME QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 5.1.0 GACC: fnguyen, rwagner, tfonteyn, vhalbert
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-3534
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
all
Last Closed: 2011-11-30 11:16:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
jdbc.war none

Description Tom Fonteyne 2011-10-31 15:54:28 UTC 
Help Desk Ticket Reference: https://c.na7.visual.force.com/apex/Case_View?id=500A0000008S3em
Steps to Reproduce: Install the SOA suite and the EDS components as per normal.
Use JBoss Developer Studio to create two datasources and configure them in a VDB; deploy the VDB and test with the SQL scrapbook.
Once this is working, stop SOA.
Then follow the procedure as documented in   https://access.redhat.com/kb/docs/DOC-19884
for all datasources used by the VDB.

Note that you will need multiple application-policy with a different setting for domain=ServerMasterPassword
Use the modified name in the MBean in the datasource file.
You can of course use a single server.password file.

Start SOA and connect via the SQL scrapbook again. This time a query will fail, and in the server.log you will find ("myuser" being the username of the datasource being exercised with your query)

2011-10-28 16:53:32,021 ERROR [org.teiid.CONNECTOR] (Worker1_QueryProcessorQueue1) Connector worker process failed for atomic-request=mbpF0FFphSOG.0.1.0
java.lang.SecurityException: Unauthenticated caller:myuser
        at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:92)
        at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
        at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
        at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
        at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)
        at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:245)
        at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:80)
        at org.teiid.dqp.internal.datamgr.ConnectorWorkItem.execute(ConnectorWorkItem.java:198)
        at org.teiid.dqp.internal.process.DataTierTupleSource.getResults(DataTierTupleSource.java:281)
        at org.teiid.dqp.internal.process.DataTierTupleSource.access$000(DataTierTupleSource.java:71)
        at org.teiid.dqp.internal.process.DataTierTupleSource$1.call(DataTierTupleSource.java:123)
        at org.teiid.dqp.internal.process.DataTierTupleSource$1.call(DataTierTupleSource.java:120)
        at org.teiid.dqp.internal.process.DQPCore$FutureWork.run(DQPCore.java:107)
        at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:188)
        at org.teiid.dqp.internal.process.ThreadReuseExecutor$RunnableWrapper.run(ThreadReuseExecutor.java:116)
        at org.teiid.dqp.internal.process.ThreadReuseExecutor$3.run(ThreadReuseExecutor.java:290)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)



project_key: SOA

Encrypt the datasource password with procedure in
   https://access.redhat.com/kb/docs/DOC-19884

the teiid VDB will throw "Unauthenticated caller" when
Comment 1 Tom Fonteyne 2011-10-31 16:11:52 UTC 
Link: Added: This issue Cloned to SOA-3536
Comment 2 Tom Fonteyne 2011-10-31 16:14:47 UTC 
Link: Removed: This issue Cloned to SOA-3536
Comment 3 Tom Fonteyne 2011-10-31 16:22:11 UTC 
Link: Added: This issue Cloned to TEIID-1799
Comment 4 Tom Fonteyne 2011-10-31 16:23:26 UTC 
Link: Added: This issue Cloned to SOA-3537
Comment 5 Tom Fonteyne 2011-10-31 16:23:58 UTC 
Link: Removed: This issue Cloned to SOA-3537
Comment 6 Tom Fonteyne 2011-10-31 16:28:40 UTC 
Link: Added: This issue Cloned to SOA-3538
Comment 7 Van Halbert 2011-11-11 04:43:38 UTC 
Please read the comments in TEIID-1799 as to how they were able to get it to work.
Comment 8 Tom Fonteyne 2011-11-11 08:41:30 UTC 
Please re-read my description.
I use TWO datasources
I did use login-conf.xml and not that teiid xml you mention.
Comment 9 Rick Wagner 2011-11-17 15:45:17 UTC 
Hi Tom.  Hey, wouldn't we use the procedures outlined in Section 8.7 of the 5.1 Services Guide instead of using this KB article?  Please have a look, let us know if those instructions would apply (and if they would, if it fixes this problem.)

Thanks,

Rick
Comment 10 Tom Fonteyne 2011-11-28 16:05:35 UTC 
Hi Rick,

I tested that procedure: does not work.
Seems it might work if the the password was a <property> tag (as documented for the messaging example), but the datasource uses a <password> tag and substitution just fails

Kind regards
Tom
Comment 11 Rick Wagner 2011-11-28 16:10:35 UTC 
The suggestion above (to use tips in Section 8.7 of the 5.1 Services Guide) didn't pan out.
Comment 15 Van Halbert 2011-11-29 12:27:59 UTC 
Attachment: Added: jdbc.war
Comment 16 Tom Fonteyne 2011-11-30 11:16:47 UTC 
Closing as not a bug. The real issue seems to be when using Teiid Designer mixing usernames up. (user error)