aspose file tools*
The moose likes JBoss/WildFly and the fly likes Want to use different data source than my security principal Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Want to use different data source than my security principal" Watch "Want to use different data source than my security principal" New topic
Author

Want to use different data source than my security principal

Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
Ok so this may be a little confusing but I am not sure what exactly is happening.

I am using a custom login module for jboss. I have it defined to use this module in my login-config.xml.

Everything is working ok as far as the login module getting called and authenticating users before getting to my beans.

But when i am in my bean i try and get a DB connection using a default datasource.

I have that datasource setup to use an oracle jdbc driver.

However when I make a call to getConnection it is going through a different driver. Looks like it is going through the driver that is defined for the security domain.

The issue is that I am getting a new initial context that does not contain the custom principal so why would my getConnection call use the custom principal.

Billy
Javid Jamae
Author
Ranch Hand

Joined: May 14, 2008
Posts: 198
What version of JBoss are you using? Can we see your application-policy block in your server/xxx/conf/login-config.xml file, the code that loads the DB connection, and your -ds.xml file?


Author: JBoss in Action, javidjamae.com, @javidjamae on Twitter
Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
I could not remember the exact configuration but this should give you a good example. The problem really is that in the code I am trying to get a connection to my ExampleDS but for some reason since I am using a custom security domain it ends up hitting the driver for the DefaultDS. Which seems very wrong to me because I grabbed the ExampleDS from the context. When I look in the debugger at the datasource i get it points to the right driver, but when the code runs it goes the the driver of the DefaultDS.


JBoss is 4.2.2.GA

jboss.xml:


ejb-jar.xml


oracle-ds.xml:


example-ds.xml


login-config.xml
Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
So basically my custom security module is working, but once inside my EJB I create an InitialContext and try and grab a datasource and call getConnection(). The problem is that it is hitting a driver froma different datasource. I am using oracle and it is hitting a driver that is defined for the DeafultDS in my oracle-ds.xml. But I want to use a different datasource from another datasource file like example-ds.xml. I do not reference a datasource in my login-config.xml because my security module does not go to a DB to get anything. So once inside my EJB I cannot connect to a datasource other than whats defined in my oracle-ds.xml. What do i have wrong? has anyone ever seen this behavior before?

Thanks again,
Billy
Javid Jamae
Author
Ranch Hand

Joined: May 14, 2008
Posts: 198
Billy,

First of all, could you please put your code in Code blocks so that it is easier to read (you can go back and edit your previous message).

Please provide us with the jboss.xml code that shows how your resource-ref's local namespace defined in your ejb-jar.xml is getting bound to your datasource in the global JNDI namespace.
Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
Javid,

Ok sorry the code is now in code blocks.

So I am still at a loss as to why when I ask for my ExampleDS from an InitialContext and call getConnection it is going through com.example.driver.ProxiedOracleDriver and not oracle.jdbc.driver.OracleDriver (which is the driver defined for ExampleDS).

I am all out of ideas.

Thanks again,
Billy
Javid Jamae
Author
Ranch Hand

Joined: May 14, 2008
Posts: 198
I'm pretty sure your problem is that you're not defining a resource-ref element in your jboss.xml. You're trying to use the Enterprise Naming Context to enable local namespace for your datasource, but you're not mapping that local name to a global JNDI name. So JBoss is just going out and grabbing the DefaultDS for you out of JNDI because its probably the first one it finds (I'm not sure if it searches alphabetically, or what).

You can additionally use a resource-manager block in your jboss.xml if you have multiple beans that will point to the same global JNDI name.

Please refer to the resource-ref and resource-manager descriptions in <jboss-installation>/docs/schema/jboss_4_2.xsd file (I don't have 4.2 installed right now, but it should be something like that).

Read this.

Here is another example I found doing a quick google search.
Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
Ok I will try that! What about for EJB3.0, i.e. is there an annotation to take care of this? I have the same exact problem using EJB3.0 which is very wierd to me because I get the datasource from the jndi name

i.e.


So everything works just fine until I annotate with @SecurityDomain("customSecurityDomain") I run into the same problem of my datasource using a different driver.
Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
Still cannot get this to work with EJB2.1 or EJB3.0. Although I am not sure what exactly to pu for my resource-ref in the jboss.xml file for my data source. I.E. java:/jdbc/ExampleDS or jdbc/ExampleDS or both, i am so confused.

But again the real problem is that this all works just fine......until I add @SecurityDomain(3.0) or <security-domain>(2.1). So why is using a security domain all of the sudden messing with the datasource that I want to get once inside my bean? I dont' even use/reference a datasource for my security domain. This seems like a jboss issue but I cannot find out why. Again my login module works just fine it will not allow access to the bean unless the roles are correct, but once inside the bean when I grab my datasource and get a connection when I try and do anything with that connection it somehow gets into the driver for a different datasource, and in this case it seems like it is getting into the driver for the default datasource. When I debug this I can see my connection is using the right datasource and the right driver, but once i do something like:



I get an error because it is going through the wrong driver. So it is the right datasource and driver at least that's what the debugger is telling me.
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10210
    
166

dbConnection.prepareStatement("select * from Foo");


Is this piece of code in your bean or your login module? How do you get the dbConnection? From some datasource? If yes, then post that piece of code which looks up the datasource.

You mention, the problem starts when you use @SecurityDomain. Please enable TRACE level logging of jboss security package as explained in Q4 here. That might give some hints.

[My Blog] [JavaRanch Journal]
Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
I have tried a bunch of different ways to get the datasource. Remember I can get the datasource and a connection just fine until I add in the Security Domain. Also I can get the connection just fine and when I look in the debugger it looks like the right datasource and the correct driver for that datasource. he problem happens when I try and execute a statement. So somewhere I think that JBoss is making a call to the driver to the DefaultDS instead of my ExampleDS.


I will turn on trace debugging and see what I can't find out from that, thanks. If anyone any other ideas let me know I have been working on this problem for over two weeks know without any progress. I am really starting to wonder if this is a JBoss problem, sense this only happens when you are trying to use a datasource other than what you have defined as the DeafultDS.



or




Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
Jboss security logging does not show anything. Remember I am going through my login module just fine and I get into the bean. BUT then I try and get a connection to the DB and I have all sorts of problems.

I decided to use the BaseCertLoginModule instead of a custom login module to see if it was a problem with my login module. When using the BaseCertLoginModule I am having the same problem, I can get into the bean just fine (security domain is working) but when I try and get a connection to my database for some reason it goes through the driver defined for my DeafultDS not the driver defined for the datasource I am actually retrieving.

Can anyone else reproduce this? I.E. define a DefaultDS and another datasource "ExampleDS" and use a security domain and try and get a connection to the ExampleDS in your Bean? I am using oracle, maybe that is the problem.

Thanks again, maybe someday I will figure this out

billy
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Want to use different data source than my security principal