API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 2nd, 2017
164
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.71 KB | None | 0 0
raw download clone embed print report
  1. # old configuration
  2. <security-domain name="DatabaseUser" cache-type="default">
  3. <authentication>
  4. <login-module name="Kerberos-Module" code="org.jboss.security.negotiation.KerberosLoginModule" flag="required" module="org.jboss.security.negotiation">
  5. <module-option name="storeKey" value="false"/>
  6. <module-option name="useKeyTab" value="true"/>
  7. <module-option name="doNotPrompt" value="true"/>
  8. <module-option name="debug" value="true"/>
  9. <module-option name="keyTab" value="/tmp/krbtest/jboss-eap-7.1/keytabs/KRBUSR01"/>
  10. <module-option name="principal" value="KRBUSR01@MW.LAB.ENG.BOS.REDHAT.COM"/>
  11. <module-option name="refreshKrb5Config" value="true"/>
  12. <module-option name="isInitiator" value="true"/>
  13. <module-option name="addGSSCredential" value="true"/>
  14. <module-option name="wrapGSSCredential" value="false"/>
  15. <module-option name="credentialLifetime" value="-1"/>
  16. </login-module>
  17. </authentication>
  18. </security-domain>
  19.  
  20. # datasource
  21. <datasource jndi-name="java:jboss/datasources/TestDatasource" pool-name="TestDatasource" enabled="true" spy="true">
  22. <connection-url>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=dev151.mw.lab.eng.bos.redhat.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=qaora12)))</connection-url>
  23. <connection-property name="oracle.net.authentication_services">
  24. (KERBEROS5)
  25. </connection-property>
  26. <driver>oracle12c</driver>
  27. <pool>
  28. <min-pool-size>0</min-pool-size>
  29. <max-pool-size>1</max-pool-size>
  30. <prefill>false</prefill>
  31. <allow-multiple-users>false</allow-multiple-users>
  32. </pool>
  33. <security>
  34. <elytron-enabled/>
  35. <authentication-context>krbAuthContext</authentication-context>
  36. </security>
  37. </datasource>
  38.  
  39.  
  40. # this looks ok
  41. /subsystem=elytron/kerberos-security-factory=krbSF:add(debug=true, path="/tmp/jboss-eap-7.1/keytabs/KRBUSR01", principal="KRBUSR01@MW.LAB.ENG.BOS.REDHAT.COM", server=true, mechanism-oids=[1.2.840.113554.1.2.2]
  42.  
  43. # I need realm for security domain - which one? do I really need it?
  44. /subsystem=elytron/identity-realm=krbRealm:add(identity=krbRealm
  45.  
  46. # why realm ?
  47. /subsystem=elytron/security-domain=krbSD:add(default-realm=krbRealm, realms=[{realm=krbRealm}],
  48.  
  49. # I think I need this, but how to include it in authentication-configuration or authentication-context?
  50. /subsystem=elytron/sasl-authentication-factory=krbAF:add(security-domain=krbSD,mechanism-configurations=[{credential-security-factory=krbSF, mechanism-name=KERBEROS}],sasl-server-factory=configured)
  51.  
  52. # is needed for context
  53. /subsystem=elytron/authentication-configuration=krbAC:add(security-domain=krbSD
  54.  
  55. # auth context, that I reference from datasource
  56. /subsystem=elytron/authentication-context=krbAuthContext:add(match-rules=[{authentication-configuration=krbAC}]
  57.  
  58. # with this config I get
  59. 19:42:55,537 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject() for java:jboss/datasources/TestDatasource: null: java.lang.NullPointerException
  60. at javax.resource.spi.security.PasswordCredential.<init>(PasswordCredential.java:60)
  61. at org.jboss.as.connector.security.ElytronSubjectFactory.createSubject(ElytronSubjectFactory.java:133)
  62. at org.jboss.as.connector.security.ElytronSubjectFactory.createSubject(ElytronSubjectFactory.java:108)
  63. at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1472)
  64. at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1467)
  65. at java.security.AccessController.doPrivileged(Native Method)
  66. at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1466)
  67. at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:773)
  68. at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:312)
  69. at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:392)
  70. at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:158)
  71. at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
  72. at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
  73. at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
  74. at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
  75. at java.lang.Thread.run(Thread.java:745)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!