Bug 1315439 - [GSS] (6.4.z) Difficult to identify datasource with wrong credentials if security-domain is used.
[GSS] (6.4.z) Difficult to identify datasource with wrong credentials if secu...
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: JCA (Show other bugs)
All All
unspecified Severity high
: CR1
: EAP 6.4.8
Assigned To: Lin Gao
Peter Mackay
Depends On:
Blocks: eap648-payload 1310867
  Show dependency treegraph
Reported: 2016-03-07 13:03 EST by Lami Akagwu
Modified: 2017-01-17 07:35 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-01-17 07:35:43 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker JBEAP-3811 Major Closed Difficult to identify datasource with wrong credentials if security-domain is used 2018-02-27 08:22 EST
JBoss Issue Tracker JBJCA-1317 Minor Closed Log jndi-name in console log to identify datasource with wrong credentials if security-domain is used 2018-02-27 08:22 EST

  None (edit)
Description Lami Akagwu 2016-03-07 13:03:07 EST
Description of problem:

If the password for any datasource is invalid, and there are multiple datasources defined, it is difficult to identify the problematic datasource from the the console log.

In this particular case, security-domain is used for the login credential.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.    Using the attached standalone-ds2.xml and app.properties, start an EAP 6 instance with the following commands

 ./standalone.sh -c standalone-ds2.xml -P app.properties


Actual results:
2. Console log reports

17:49:54,660 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) JBAS010400: Bound data source [java:/DefaultDS]
17:49:54,663 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-3) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
	at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]

17:49:54,670 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) JBAS010400: Bound data source [java:/DefaultDS2]

Expected results:
Console clearly identifies which login id was problematic

Additional info:
Password encrypted using 
java -cp ../modules/system/layers/base/.overlays/layer-base-jboss-eap-6.4.5.CP/org/picketbox/main/picketbox-4.1.2.Final-redhat-1.jar:../modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.4.GA-redhat-2.jar:CLASSPATH  org.picketbox.datasource.security.SecureIdentityLoginModule lami
Encoded password: 57f4a2091f03f2fd
Comment 3 Lin Gao 2016-03-11 22:06:48 EST
The PR to IJ 1.0 branch: https://github.com/ironjacamar/ironjacamar/pull/480 has been merged, it will be included in next upgrade of IJ.
Comment 5 Peter Mackay 2016-05-05 08:03:02 EDT
Verified with EAP 6.4.8.CP.CR2
Comment 6 JBoss JIRA Server 2016-05-11 23:39:38 EDT
Lin Gao <lgao@redhat.com> updated the status of jira JBEAP-3811 to Resolved
Comment 7 JBoss JIRA Server 2016-05-23 08:27:16 EDT
Jesper Pedersen <jpederse@redhat.com> updated the status of jira JBJCA-1317 to Closed
Comment 8 JBoss JIRA Server 2016-08-23 07:38:48 EDT
Jiri Pallich <jpallich@redhat.com> updated the status of jira JBEAP-3811 to Closed
Comment 9 Petr Penicka 2017-01-17 07:35:43 EST
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.

Note You need to log in before you can comment on or make changes to this bug.