Bug 1315439 - [GSS] (6.4.z) Difficult to identify datasource with wrong credentials if security-domain is used.
Summary: [GSS] (6.4.z) Difficult to identify datasource with wrong credentials if secu...
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: JCA
Version: 6.4.6
Hardware: All
OS: All
Target Milestone: CR1
: EAP 6.4.8
Assignee: Lin Gao
QA Contact: Peter Mackay
Depends On:
Blocks: eap648-payload 1310867
TreeView+ depends on / blocked
Reported: 2016-03-07 18:03 UTC by Lami Akagwu
Modified: 2019-10-10 11:28 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2017-01-17 12:35:43 UTC
Type: Bug

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1315441 None None None Never
Red Hat One Jira Issue Tracker JBEAP-3811 Major Closed Difficult to identify datasource with wrong credentials if security-domain is used 2018-02-27 13:22:53 UTC
Red Hat One Jira Issue Tracker JBJCA-1317 Minor Closed Log jndi-name in console log to identify datasource with wrong credentials if security-domain is used 2018-02-27 13:22:52 UTC

Internal Links: 1315441

Description Lami Akagwu 2016-03-07 18:03:07 UTC
Description of problem:

If the password for any datasource is invalid, and there are multiple datasources defined, it is difficult to identify the problematic datasource from the the console log.

In this particular case, security-domain is used for the login credential.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.    Using the attached standalone-ds2.xml and app.properties, start an EAP 6 instance with the following commands

 ./standalone.sh -c standalone-ds2.xml -P app.properties


Actual results:
2. Console log reports

17:49:54,660 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) JBAS010400: Bound data source [java:/DefaultDS]
17:49:54,663 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-3) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
	at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]

17:49:54,670 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) JBAS010400: Bound data source [java:/DefaultDS2]

Expected results:
Console clearly identifies which login id was problematic

Additional info:
Password encrypted using 
java -cp ../modules/system/layers/base/.overlays/layer-base-jboss-eap-6.4.5.CP/org/picketbox/main/picketbox-4.1.2.Final-redhat-1.jar:../modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.4.GA-redhat-2.jar:CLASSPATH  org.picketbox.datasource.security.SecureIdentityLoginModule lami
Encoded password: 57f4a2091f03f2fd

Comment 3 Lin Gao 2016-03-12 03:06:48 UTC
The PR to IJ 1.0 branch: https://github.com/ironjacamar/ironjacamar/pull/480 has been merged, it will be included in next upgrade of IJ.

Comment 5 Peter Mackay 2016-05-05 12:03:02 UTC
Verified with EAP 6.4.8.CP.CR2

Comment 6 JBoss JIRA Server 2016-05-12 03:39:38 UTC
Lin Gao <lgao@redhat.com> updated the status of jira JBEAP-3811 to Resolved

Comment 7 JBoss JIRA Server 2016-05-23 12:27:16 UTC
Jesper Pedersen <jpederse@redhat.com> updated the status of jira JBJCA-1317 to Closed

Comment 8 JBoss JIRA Server 2016-08-23 11:38:48 UTC
Jiri Pallich <jpallich@redhat.com> updated the status of jira JBEAP-3811 to Closed

Comment 9 Petr Penicka 2017-01-17 12:35:43 UTC
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.

Note You need to log in before you can comment on or make changes to this bug.