JBoss Security Elytron Using Credential Stores for RARs - jboss

I am using JBoss 7.3. I have wmq RAR and I want to connect wmq using Password from Elytron Security Credential Store. I tried to do it via configuration from Admin Console with Credential Store authentication context and config, but no success. Although I could set up using admin console for DB passwords. Please help.

For your WMQ JCA configuration, you will need to add the section:
<security>
<elytron-enabled />
</security>
So your configuration will look something like:
<subsystem xmlns="urn:jboss:domain:resource-adapters:5.0">
<resource-adapters>
<resource-adapter id="wmq.jmsra.rar" statistics-enabled="true">
<archive>
wmq.jmsra.rar
</archive>
<transaction-support>NoTransaction</transaction-support>
<connection-definitions>
<connection-definition class-name="com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl" jndi-name="java:jboss/MQCF" tracking="false" pool-name="mq-pool">
<security>
<elytron-enabled />
</security>
<config-property name="channel">
CHANNEL
</config-property>

Related

How to deploy JCA before WAR in Wildfly 10?

I have JCA(jackrabbit-jca-2.10.1.rar) and example.war file deployed on Wildfly 10.1.0.
Here are config files:
standalone.xml
<subsystem xmlns="urn:jboss:domain:resource-adapters:4.0">
<resource-adapters>
<resource-adapter id="jackrabbit-jca-2.10.1.rar">
<archive>
jackrabbit-jca-2.10.1.rar
</archive>
<transaction-support>XATransaction</transaction-support>
<connection-definitions>
<connection-definition class-name="org.apache.jackrabbit.jca.JCAManagedConnectionFactory" jndi-name="java:/jca/DocumentStore" enabled="true" pool-name="RabbitAdapter">
<config-property name="ConfigFile">
C:\jca\repository.xml
</config-property>
<config-property name="HomeDir">
C:\jca
</config-property>
<security>
<application/>
</security>
<validation>
<background-validation>false</background-validation>
</validation>
</connection-definition>
</connection-definitions>
</resource-adapter>
</resource-adapters>
</subsystem>
In example.war file I have class which uses JCA repository.
Resources.java
import javax.annotation.Resource;
import javax.enterprise.inject.Produces;
import javax.jcr.Repository;
public class Resources {
#Produces
#Resource(mappedName = "java:/jca/DocumentStore")
private Repository repository;
}
When I deploy it one by one, starting with JCA everything works good.
However if I restart the server I got sometimes following error:
javax.naming.NameNotFoundException: jca/DocumentStore [Root exception is java.lang.IllegalStateException]
It probably has some problem with deployment order. In my case JCA needs to be deployed before example.war.
I tried to add jboss-all.xml with following content:
<jboss umlns="urn:jboss:1.0">
<jboss-deployment-dependencies xmlns="urn:jboss:deployment-dependencies:1.0">
<dependency name="jackrabbit-jca-2.10.1.rar" />
</jboss-deployment-dependencies>
</jboss>
But still without success.
I even tried to package it as .ear and set initialize-in-order to true, but still got this error.
example.ear
.
+--META-INF
| +--application.xml
+--jackrabbit-jca-2.10.1.rar
+--example.war
application.xml
<?xml version="1.0" encoding="UTF-8"?>
<application xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/application_7.xsd" version="7">
<display-name>example-ear</display-name>
<initialize-in-order>true</initialize-in-order>
<module>
<connector>jackrabbit-jca-2.10.1.rar</connector>
</module>
<module>
<web>
<web-uri>example.war</web-uri>
<context-root>/example</context-root>
</web>
</module>
</application>
standalone.xml
<subsystem xmlns="urn:jboss:domain:resource-adapters:4.0">
<resource-adapters>
<resource-adapter id="jackrabbit-jca-2.10.1.rar">
<archive>
example.ear#jackrabbit-jca-2.10.1.rar
</archive>
<transaction-support>XATransaction</transaction-support>
<connection-definitions>
<connection-definition class-name="org.apache.jackrabbit.jca.JCAManagedConnectionFactory" jndi-name="java:/jca/DocumentStore" enabled="true" pool-name="RabbitAdapter">
<config-property name="ConfigFile">
C:\jca\repository.xml
</config-property>
<config-property name="HomeDir">
C:\jca
</config-property>
<security>
<application/>
</security>
<validation>
<background-validation>false</background-validation>
</validation>
</connection-definition>
</connection-definitions>
</resource-adapter>
</resource-adapters>
</subsystem>
But I still get the error:
Caused by: javax.naming.NameNotFoundException: jca/DocumentStore -- service jboss.naming.context.java.jca.DocumentStore
Does anyone know how to fix this error?

Wildfly Default data source class name

I am using WildFly 11, I am trying to understand when we configure a data source with a specific driver and we don't set the data source class name explicitly, which actual implementation of javax.sql.DataSource does WF ends up using ?
<datasource jndi-name="java:jboss/datasources/myDB" pool-name="myDB" enabled="true" use-java-context="true" spy="false">
<connection-url>jdbc:mysql://localhost:3306/db?useUnicode=true&characterEncoding=utf8&useSSL=false</connection-url>
<driver>mysql</driver>
<transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
<pool>
<min-pool-size>2</min-pool-size>
<max-pool-size>5</max-pool-size>
<prefill>true</prefill>
<use-strict-min>false</use-strict-min>
<flush-strategy>FailingConnectionOnly</flush-strategy>
</pool>
<security>
<user-name>root</user-name>
<password>root</password>
</security>
<validation>
<check-valid-connection-sql>select 1</check-valid-connection-sql>
<validate-on-match>false</validate-on-match>
<background-validation>true</background-validation>
<background-validation-millis>10000</background-validation-millis>
</validation>
</datasource>
my application certainly works and I can see the interaction with the DB just fine, however I am not sure which actual datasource implementation is in use, I tried to configure a logger against MySQL packages that contains the default data sources, but nothing seems to get logged as a result.
WildFly is using ironjacamar (http://www.ironjacamar.org/) as its datasource implementation.

How/where to get jms jndi configuration values in jboss to configure in cast iron studio

Can anybody help me to configure jms jndi properties in Cast Iron studio for accessing jms queue. I'm using jboss. How/where to get jms jndi properties in jboss? Also it's asking for jndi provider details such as username, password, provider name, value, and connection factory. Where to get these details?
try this
<datasource jndi-name="java:/project name" pool-name="project namre" enabled="true" use-java-context="true">
<connection-url>jdbc:oracle:thin:#databaseIP port service name</connection-url>
<driver>oracle</driver>
<pool>
<min-pool-size>10</min-pool-size>
<max-pool-size>100</max-pool-size>
<prefill>true</prefill>
</pool>
<security>
<user-name>username</user-name>
<password>password</password>
</security>
<statement>
<prepared-statement-cache-size>10</prepared-statement-cache-size>
<share-prepared-statements>false</share-prepared-statements>
</statement>
</datasource>

jta=true or xa-datasource in Jboss EAP 7

I'm trying to configure SQLSERVER datasource in standalone.xml. In my project i'm using JTA and i founded configuration with and others with . What is the difference ? I'm using this:
<datasource jta="true" jndi-name="java:jboss/datasources/mydatabase" pool-name="seguDS" enabled="true" use-java-context="true">
<connection-url>jdbc:jtds:sqlserver://192.168.40.16/mydatabase;instance=clust02</connection-url>
<driver>jtds-1.3.1.jar</driver>
<new-connection-sql>select 1</new-connection-sql>
<transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
<pool>
<min-pool-size>5</min-pool-size>
<max-pool-size>50</max-pool-size>
</pool>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
<validation>
<check-valid-connection-sql>select 1</check-valid-connection-sql>
</validation>
<timeout>
<set-tx-query-timeout>true</set-tx-query-timeout>
<blocking-timeout-millis>5000</blocking-timeout-millis>
<idle-timeout-minutes>15</idle-timeout-minutes>
</timeout>
<statement>
<track-statements>false</track-statements>
</statement>
</datasource>
This works for me but i'm afraid if it correct or i should change to XA-DATASOURCE.
When you create a local-tx datasource in JBoss EAP 6.x or JBoss EAP 7, it defaults "jta" attribute to "true". This would help the local-tx resource to enlist in a global transaction. The "jta" attribute enables JTA integration for non-xa datasources only (https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html-single/Administration_and_Configuration_Guide/index.html#Datasource_Parameters1).
If your application uses global transactions, i.e. it needs a transaction manager to coordinate a distributed transaction across multiple resource managers, then you need XA Datasource.

Environment variables in JBoss datasource

I have a JBoss server running and want to deploy a service.
The service connects to a database which is configured in the following xml file
<?xml version="1.0" encoding="UTF-8"?>
<datasources xmlns="http://www.jboss.org/ironjacamar/schema">
<datasource jta="false" jndi-name="java:/PMBootStrapDS"
pool-name="PMBootStrapDS" enabled="true" use-ccm="false">
<connection-url>jdbc:postgresql://localhost:5432/i2b2</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<driver>postgresql-9.2-1002.jdbc4.jar</driver>
<security>
<user-name>i2b2pm</user-name>
<password>demouser</password>
</security>
<validation>
<validate-on-match>false</validate-on-match>
<background-validation>false</background-validation>
</validation>
<statement>
<share-prepared-statements>false</share-prepared-statements>
</statement>
</datasource>
</datasources>
To deploy it on different systems easily, I want to bind the database location to an environment variable.
I tried something like this
<connection-url>jdbc:postgresql://${env.MY_DB_LOCATION}/i2b2</connection-url>
but it doesn't work.
Any suggestions on how to solve this issue?
Make sure you have property substitution enabled in your standalone.xml.
Look for the following subsytem in standalone.xml, and make sure the values are set to true
<subsystem xmlns="urn:jboss:domain:ee:1.1">
<spec-descriptor-property-replacement>true</spec-descriptor-property-replacement>
<jboss-descriptor-property-replacement>true</jboss-descriptor-property-replacement>
</subsystem>
EDIT: This is only supported for eap6 and jboss 7.1.2 (or later)