加密数据源密码:java.lang.SecurityException:未经身份验证的调用者:null

时间:2012-03-12 18:42:29

标签: security configuration jboss datasource connection-pooling

我正在尝试使用JBOSS安全域加密我的数据库密码。

数据源在oracle-ds.xml中定义如下:

<datasources>
  <local-tx-datasource>
    <jndi-name>OracleDS</jndi-name>
    <connection-url>jdbc:oracle:thin:@dbhost:1521:db</connection-url>
    <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
    <!-- app works fine when you use unencrypted password like this
    <user-name>username</user-name>
    <password>unencrypted_pass</password>
    -->
    <!-- Use the security domain defined in conf/login-config.xml for username and encrypted password-->
    <security-domain>Encrypt-my-Password</security-domain>
....etc

login-config.xml文件包含以下条目:

   <application-policy name="Encrypt-my-Password">
                <authentication>
                    <login-module
                            code="com.mycompany.global.er.util.ErSecureIdentityLoginModule"
                            flag="required">
                            <module-option name="username">databaseUsername</module-option>
                            <module-option name="password">232487h4873hf4</module-option>
                            <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OracleDS</module-option>
                    </login-module>
            </authentication>
    </application-policy>

注意,ErSecureIdentityLoginModule是一个已经用于在另一个应用程序中加密/解密数据库密码的类,它可以正常工作。

当我开始使用此配置时,当您尝试访问数据源时,应用程序会抛出异常,如下所示:

java.lang.SecurityException: Unauthenticated caller:null
    org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:92)
    org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
    org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
    org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
    org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)
    org.hibernate.connection.DatasourceConnectionProvider.getConnection(DatasourceConnectionProvider.java:92)
    org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:111)
    org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2101)
    org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1325)
    org.hibernate.cfg.AnnotationConfiguration.buildSessionFactory(AnnotationConfiguration.java:867)
    org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:669)
    org.hibernate.ejb.HibernatePersistence.createEntityManagerFactory(HibernatePersistence.java:126)
    javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:52)
    javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:34)
    com.mycompany.er.batch.data.DbHelper.createEntityManager(DbHelper.java:30)
    com.mycompany.er.batch.data.DbHelper.createAndBegin(DbHelper.java:49)
    com.mycompany.er.basman.HibernateTransactionFilter.doFilter(HibernateTransactionFilter.java:53)
    org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

我下载了jboss 5.0.1GA的源代码,并在启用了TRACE的情况下进行了调试。产生了一个有趣的堆栈跟踪:

2012-03-12 18-13-40:Login failure
javax.security.auth.login.LoginException: java.lang.NullPointerException
        at org.jboss.resource.security.SubjectActions$AddPrincipalsAction.run(SubjectActions.java:101)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.jboss.resource.security.SubjectActions.addPrincipals(SubjectActions.java:139)
        at org.jboss.resource.security.ConfiguredIdentityLoginModule.login(ConfiguredIdentityLoginModule.java:98)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
        at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
        at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
        at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
        at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:9
0)

NullPointerException引用org.jboss.resource.security.SubjectActions中的这行代码:



      static class AddPrincipalsAction implements PrivilegedAction
       {
          Subject subject;
          Principal p;
          AddPrincipalsAction(Subject subject, Principal p)
          {
             this.subject = subject;
             this.p = p;
          }
          public Object run()
          {
             subject.getPrincipals().add(p);
             return null;
          }
       }

然而这并没有多大帮助,我无法理解我做错了什么。 救命啊!

1 个答案:

答案 0 :(得分:1)

我已经开始工作了。我不得不删除一些可选的jboss组件,但我并不是100%清楚我是如何完全修复它的。一种可能是密码加密不正确 - 即我使用错误的库加密它,因此它没有被正确解密。

相关问题
最新问题