Datasource aquire connection fallback senario realm when first authentication fails

52 views
Skip to first unread message

Dj Apal

unread,
Mar 2, 2021, 10:14:15 AM3/2/21
to WildFly
Hello all.

We have the following senario in Wildfly 22:

a Datasource that is elytron enabled

            <datasource jndi-name="java:/myDS" pool-name="myDS">
                  <connection-url>jdbc:postgresql://localhost:5433/myDB</connection-url>
                    <driver>postgres</driver>
                    <pool>
                        <max-pool-size>100</max-pool-size>
                    </pool>
                    <security>
                        <elytron-enabled>true</elytron-enabled>
                        <authentication-context>test-authentication-context</authentication-context>
                    </security>
                </datasource>

but there are some timers with @Singleton @Startup that need to obtain a connection to the datasource.

These timers though cant send a username/password so they need to somehow connect to datasource via a standard username/password.

In Wildfly 10.1 we have the following senario which works perfect



                        <login-module code="org.picketbox.datasource.security.CallerIdentityLoginModule" flag="sufficient">
                            <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=pgsql"/>
                        </login-module>
                        <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
                            <module-option name="username" value="testUser"/>
                            <module-option name="password" value="xxxxxxxxxxxxxxxx"/>
                            <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=pgsql"/>
                        </login-module>

Here I'm trying to add a second context but this doesnt work


          <authentication-client>
                <authentication-configuration name="test-authentication-configuration" security-domain="exampleLdapSD"/>
                <authentication-configuration name="exampleAuthConfig" authentication-name="testUser">
                    <credential-reference clear-text="111"/>
                </authentication-configuration>
                <authentication-context name="test-authentication-context">
                    <match-rule authentication-configuration="test-authentication-configuration"/>
                    <match-rule authentication-configuration="exampleAuthConfig"/>
                </authentication-context>
            </authentication-client>


It seems that Wildfly tries to aquire connection through 


                <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
                    <properties>
                        <property name="wildfly.sasl.local-user.default-user" value="testUser"/>
                    </properties>
                </configurable-sasl-server-factory>


Can I put a password to be included for this user?
Is there another solution?
Custom ldap realm is not an option.
The final and worst case senario is to create a second datasource for these timers and change many parts of code.

Any help would be appreciated.

Thank you!

Reply all
Reply to author
Forward
0 new messages