Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # old configuration
- <security-domain name="DatabaseUser" cache-type="default">
- <authentication>
- <login-module name="Kerberos-Module" code="org.jboss.security.negotiation.KerberosLoginModule" flag="required" module="org.jboss.security.negotiation">
- <module-option name="storeKey" value="false"/>
- <module-option name="useKeyTab" value="true"/>
- <module-option name="doNotPrompt" value="true"/>
- <module-option name="debug" value="true"/>
- <module-option name="keyTab" value="/tmp/krbtest/jboss-eap-7.1/keytabs/KRBUSR01"/>
- <module-option name="principal" value="KRBUSR01@MW.LAB.ENG.BOS.REDHAT.COM"/>
- <module-option name="refreshKrb5Config" value="true"/>
- <module-option name="isInitiator" value="true"/>
- <module-option name="addGSSCredential" value="true"/>
- <module-option name="wrapGSSCredential" value="false"/>
- <module-option name="credentialLifetime" value="-1"/>
- </login-module>
- </authentication>
- </security-domain>
- # datasource
- <datasource jndi-name="java:jboss/datasources/TestDatasource" pool-name="TestDatasource" enabled="true" spy="true">
- <connection-url>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=dev151.mw.lab.eng.bos.redhat.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=qaora12)))</connection-url>
- <connection-property name="oracle.net.authentication_services">
- (KERBEROS5)
- </connection-property>
- <driver>oracle12c</driver>
- <pool>
- <min-pool-size>0</min-pool-size>
- <max-pool-size>1</max-pool-size>
- <prefill>false</prefill>
- <allow-multiple-users>false</allow-multiple-users>
- </pool>
- <security>
- <elytron-enabled/>
- <authentication-context>krbAuthContext</authentication-context>
- </security>
- </datasource>
- # this looks ok
- /subsystem=elytron/kerberos-security-factory=krbSF:add(debug=true, path="/tmp/jboss-eap-7.1/keytabs/KRBUSR01", principal="KRBUSR01@MW.LAB.ENG.BOS.REDHAT.COM", server=true, mechanism-oids=[1.2.840.113554.1.2.2]
- # I need realm for security domain - which one? do I really need it?
- /subsystem=elytron/identity-realm=krbRealm:add(identity=krbRealm
- # why realm ?
- /subsystem=elytron/security-domain=krbSD:add(default-realm=krbRealm, realms=[{realm=krbRealm}],
- # I think I need this, but how to include it in authentication-configuration or authentication-context?
- /subsystem=elytron/sasl-authentication-factory=krbAF:add(security-domain=krbSD,mechanism-configurations=[{credential-security-factory=krbSF, mechanism-name=KERBEROS}],sasl-server-factory=configured)
- # is needed for context
- /subsystem=elytron/authentication-configuration=krbAC:add(security-domain=krbSD
- # auth context, that I reference from datasource
- /subsystem=elytron/authentication-context=krbAuthContext:add(match-rules=[{authentication-configuration=krbAC}]
- # with this config I get
- 19:42:55,537 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject() for java:jboss/datasources/TestDatasource: null: java.lang.NullPointerException
- at javax.resource.spi.security.PasswordCredential.<init>(PasswordCredential.java:60)
- at org.jboss.as.connector.security.ElytronSubjectFactory.createSubject(ElytronSubjectFactory.java:133)
- at org.jboss.as.connector.security.ElytronSubjectFactory.createSubject(ElytronSubjectFactory.java:108)
- at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1472)
- at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1467)
- at java.security.AccessController.doPrivileged(Native Method)
- at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1466)
- at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:773)
- at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:312)
- at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:392)
- at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:158)
- at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
- at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
- at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
- at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
- at java.lang.Thread.run(Thread.java:745)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement