Bug 1260621 - RoleBasedCredentialMapIdentityLoginModule throws exception at startup time
Summary: RoleBasedCredentialMapIdentityLoginModule throws exception at startup time
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Data Virtualization 6
Classification: JBoss
Component: Teiid
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: GA
: 6.3.0
Assignee: David Le Sage
QA Contact: Juraj Duráni
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-07 11:45 UTC by Juraj Duráni
Modified: 2016-08-24 11:36 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-08-24 11:36:32 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker TEIID-3684 0 Major Closed RoleBasedCredentialMapIdentityLoginModule throws exception at startup time 2016-08-09 12:34:00 UTC

Description Juraj Duráni 2015-09-07 11:45:40 UTC
Description of problem:

If a data source is configured to use RoleBasedCredentialMapIdentityLoginModule, then exception is thrown at startup [1], because default username and password are null. Please, add module options "username" and "password" to set up default user (similar functionality have e.g. CallerIdentityLoginModule and PassthroughIdentityLoginModule), so DV is able to properly load data source at startup when no user is authenticated and therefore no mapping could be performed.
Example configuration [2]. Note, there is no exception if UsersRoles login module is used instead of RealDirect. However, it means that EAP users are separate from DV users.

FYI:

    credentialMap module option should be defined as URL (file://...). It would be nice to have this information in the documentation.
    I tried to use unauthenticatedIdentity module option for RealmDirect, but same exception has been thrown with different root cause (realm 'ApplicationRealm' not found). I do not know why.

[1]
ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-5) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_40]
at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_40]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_40]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_40]

[2]

<security-domain name="my-sec">
    <authentication>
        <login-module code="RealmDirect" flag="required">
            <module-option name="password-stacking" value="tryFirstPass"/>
            <!--<module-option name="unauthenticatedIdentity" value="guest"/>-->
        </login-module>
        <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" module="org.jboss.teiid" flag="required">
            <module-option name="password-stacking" value="useFirstPass"/>
            <module-option name="credentialMap" value="file://{$jboss.server.config.dir}/teiid-credentialmap.properties"/>
        </login-module>
    </authentication>
</security-domain>


Document URL: 

Section Number and Name: 

Describe the issue: 

Suggestions for improvement: 

Additional information:

Comment 1 Van Halbert 2015-12-21 21:37:11 UTC
No fixes are being recommended for this, as its being recommended that this login module be deprecated from further use.

At this time, closing this issue as will not fix, unless it becomes a client issue in the future.

Comment 3 JBoss JIRA Server 2016-02-16 17:21:05 UTC
Ramesh Reddy <rareddy> updated the status of jira TEIID-3684 to Resolved

Comment 4 Van Halbert 2016-02-16 18:07:32 UTC
The use of RoleBasedCredentialMapIdentityLoginModule is being deprecated in DV 6.3, and will be removed in DV 7.

Comment 6 JBoss JIRA Server 2016-08-09 12:34:01 UTC
Steven Hawkins <shawkins> updated the status of jira TEIID-3684 to Closed


Note You need to log in before you can comment on or make changes to this bug.