1315439 – [GSS] (6.4.z) Difficult to identify datasource with wrong credentials if security-domain is used.

Bug 1315439 - [GSS] (6.4.z) Difficult to identify datasource with wrong credentials if security-domain is used.

Summary: [GSS] (6.4.z) Difficult to identify datasource with wrong credentials if secu...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	JCA
Sub Component:
Version:	6.4.6
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	high
Target Milestone:	CR1
Target Release:	EAP 6.4.8
Assignee:	Lin Gao
QA Contact:	Peter Mackay
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	eap648-payload 1310867
TreeView+	depends on / blocked

Reported:	2016-03-07 18:03 UTC by Lami Akagwu
Modified:	2019-10-10 11:28 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-01-17 12:35:43 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1315441	unspecified	CLOSED	[GSS] (6.4.z) Flagging of invalid login credential for datasource is inconsistent.	2021-02-22 00:41:40 UTC
Red Hat Issue Tracker	JBEAP-3811	Major	Closed	Difficult to identify datasource with wrong credentials if security-domain is used	2018-02-27 13:22:53 UTC
Red Hat Issue Tracker	JBJCA-1317	Minor	Closed	Log jndi-name in console log to identify datasource with wrong credentials if security-domain is used	2018-02-27 13:22:52 UTC

Internal Links: 1315441

Description Lami Akagwu 2016-03-07 18:03:07 UTC

Description of problem:

If the password for any datasource is invalid, and there are multiple datasources defined, it is difficult to identify the problematic datasource from the the console log.
 

In this particular case, security-domain is used for the login credential.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.    Using the attached standalone-ds2.xml and app.properties, start an EAP 6 instance with the following commands

 ./standalone.sh -c standalone-ds2.xml -P app.properties

user=lami
password=57f4a2091f03f2fd

Actual results:
2. Console log reports

17:49:54,660 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) JBAS010400: Bound data source [java:/DefaultDS]
17:49:54,663 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-3) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
	at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1084)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1079)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1078)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:316)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:120)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]

17:49:54,670 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) JBAS010400: Bound data source [java:/DefaultDS2]



Expected results:
Console clearly identifies which login id was problematic

Additional info:
Password encrypted using 
java -cp ../modules/system/layers/base/.overlays/layer-base-jboss-eap-6.4.5.CP/org/picketbox/main/picketbox-4.1.2.Final-redhat-1.jar:../modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.4.GA-redhat-2.jar:CLASSPATH  org.picketbox.datasource.security.SecureIdentityLoginModule lami
Encoded password: 57f4a2091f03f2fd

Comment 3 Lin Gao 2016-03-12 03:06:48 UTC

The PR to IJ 1.0 branch: https://github.com/ironjacamar/ironjacamar/pull/480 has been merged, it will be included in next upgrade of IJ.

Comment 5 Peter Mackay 2016-05-05 12:03:02 UTC

Verified with EAP 6.4.8.CP.CR2

Comment 6 JBoss JIRA Server 2016-05-12 03:39:38 UTC

Lin Gao <lgao> updated the status of jira JBEAP-3811 to Resolved

Comment 7 JBoss JIRA Server 2016-05-23 12:27:16 UTC

Jesper Pedersen <jpederse> updated the status of jira JBJCA-1317 to Closed

Comment 8 JBoss JIRA Server 2016-08-23 11:38:48 UTC

Jiri Pallich <jpallich> updated the status of jira JBEAP-3811 to Closed

Comment 9 Petr Penicka 2017-01-17 12:35:43 UTC

Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.

Note You need to log in before you can comment on or make changes to this bug.