Home » Archived » BIRT » JNDI and Username-Password
| JNDI and Username-Password [message #176192] |
Mon, 10 July 2006 13:21  |
 orkus9
Messages: 214
Registered: July 2009 |
Senior Member |
|
|
Hello,
i use Eclipse 3.2, Birt 2.1, JBoss 4.0.2, Report Engine Api 2.1.
I am using the Report Engine API to generate the report within my
jboss-webapplication. So far so good. All works fine with a jdbc connection.
Now i want to change the datasource from jdbc to jndi.
This works fine, when i use the same user and password for the jdbc
source and jndi source.
My foo-ds.xml file looks like this:
..............
<no-tx-datasource>
<jndi-name>cro24.xtrial.ds.foo.read-only</jndi-name>
<connection-url>jdbc:postgresql://localhost/foo</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<user-name>foo_user</user-name>
<password>foo_pw</password>
<min-pool-size>5</min-pool-size>
<max-pool-size>10</max-pool-size>
<idle-timeout-minutes>5</idle-timeout-minutes>
<!--<track-statements>true</track-statements>-->
</no-tx-datasource>
............
My birt-xml-file looks like this:
............
<data-sources>
<oda-data-source extensionID="org.eclipse.birt.report.data.oda.jdbc"
name="Data Source" id="39">
<text-property name="displayName">Data Source</text-property>
<property name="odaDriverClass">org.postgresql.Driver</property>
<property name="odaURL">jdbc:postgresql://localhost:5432/foo</property>
<property name="odaUser">foo-foo</property>
<encrypted-property name="odaPassword">ZXRtc191c2VyXzAx</encrypted-property>
<property name="odaJndiName">java:cro24.xtrial.ds.tabulator</property >
</oda-data-source>
</data-sources>
...........
All works fine, while the username and password of jdbc connection and
jndi is the same.
When i change the jdbc-connection to an not existing user (e.g. foo-foo)
then, i get a error:
INFO: getJndiDSConnection: Unable to get JNDI data source connection;
org.jboss.util.NestedSQLException: Could not create connection; - nested
throwable: (org.postgresql.util.PSQLException: FATAL:
Passwort-Authentifizierung f??r Benutzer ??foo-foo?? fehlgeschlagen); -
nested throwable: (org.jboss.resource.JBossResourceException: Could not
create connection; - nested throwable:
(org.postgresql.util.PSQLException: FATAL: Passwort-Authentifizierung
f??r Benutzer ??foo-foo?? fehlgeschlagen))
Jul 10, 2006 2:47:07 PM
org.eclipse.birt.report.data.oda.jdbc.JDBCDriverManager doConnect
FINER: Calling DriverManager.getConnection.
url=jdbc:postgresql://localhost:5432/foo
Jul 10, 2006 2:47:07 PM
org.eclipse.birt.report.data.oda.jdbc.JDBCException JDBCException
FINE: odajdbc.CannotGetConn
Jul 10, 2006 2:47:07 PM
org.eclipse.birt.report.data.oda.jdbc.JDBCException logSQLException
FINE: SQL Exception #1
org.postgresql.util.PSQLException: FATAL: Passwort-Authentifizierung
f??r Benutzer ??foo-foo?? fehlgeschlagen
When i change the host to an nonexisting host (in my birt-xml-file),
birt gets the correct host from the foo-ds.xml file.
Why does birt not read the username and password also from foo-ds.xml?
Is this a Bug?
Best regrads
orkus9
|
|
|
| Re: JNDI and Username-Password [message #176537 is a reply to message #176192] |
Wed, 12 July 2006 02:35  |
Linda Chan
Messages: 845
Registered: July 2009 |
Senior Member |
|
|
It's up to your JNDI resource factory (jboss) to determine how and when it uses
its own configuration, e.g. your foo-ds.xml . In other words, BIRT never reads
a JNDI resource configuration directly.
To control the value of the BIRT jdbc username and password used at runtime...
the recommended way is to bind the username/password property to a report
parameter. This way, the username and password used at design-time can be
different from those used at runtime when deployed in a web application.
Orkus wrote:
> Hello,
>
> i use Eclipse 3.2, Birt 2.1, JBoss 4.0.2, Report Engine Api 2.1.
> I am using the Report Engine API to generate the report within my
> jboss-webapplication. So far so good. All works fine with a jdbc connection.
>
> Now i want to change the datasource from jdbc to jndi.
> This works fine, when i use the same user and password for the jdbc
> source and jndi source.
>
> My foo-ds.xml file looks like this:
>
> ..............
> <no-tx-datasource>
> <jndi-name>cro24.xtrial.ds.foo.read-only</jndi-name>
> <connection-url>jdbc:postgresql://localhost/foo</connection-url>
> <driver-class>org.postgresql.Driver</driver-class>
> <user-name>foo_user</user-name>
> <password>foo_pw</password>
> <min-pool-size>5</min-pool-size>
> <max-pool-size>10</max-pool-size>
> <idle-timeout-minutes>5</idle-timeout-minutes>
> <!--<track-statements>true</track-statements>-->
> </no-tx-datasource>
> ............
>
> My birt-xml-file looks like this:
>
> ...........
> <data-sources>
> <oda-data-source extensionID="org.eclipse.birt.report.data.oda.jdbc"
> name="Data Source" id="39">
> <text-property name="displayName">Data Source</text-property>
> <property name="odaDriverClass">org.postgresql.Driver</property>
> <property name="odaURL">jdbc:postgresql://localhost:5432/foo</property>
> <property name="odaUser">foo-foo</property>
> <encrypted-property name="odaPassword">ZXRtc191c2VyXzAx</encrypted-property>
> <property name="odaJndiName">java:cro24.xtrial.ds.tabulator</property >
> </oda-data-source>
> </data-sources>
> ..........
>
> All works fine, while the username and password of jdbc connection and
> jndi is the same.
> When i change the jdbc-connection to an not existing user (e.g. foo-foo)
> then, i get a error:
>
> INFO: getJndiDSConnection: Unable to get JNDI data source connection;
> org.jboss.util.NestedSQLException: Could not create connection; - nested
> throwable: (org.postgresql.util.PSQLException: FATAL:
> Passwort-Authentifizierung f??r Benutzer ??foo-foo?? fehlgeschlagen); -
> nested throwable: (org.jboss.resource.JBossResourceException: Could not
> create connection; - nested throwable:
> (org.postgresql.util.PSQLException: FATAL: Passwort-Authentifizierung
> f??r Benutzer ??foo-foo?? fehlgeschlagen))
> Jul 10, 2006 2:47:07 PM
> org.eclipse.birt.report.data.oda.jdbc.JDBCDriverManager doConnect
> FINER: Calling DriverManager.getConnection.
> url=jdbc:postgresql://localhost:5432/foo
> Jul 10, 2006 2:47:07 PM
> org.eclipse.birt.report.data.oda.jdbc.JDBCException JDBCException
> FINE: odajdbc.CannotGetConn
> Jul 10, 2006 2:47:07 PM
> org.eclipse.birt.report.data.oda.jdbc.JDBCException logSQLException
> FINE: SQL Exception #1
> org.postgresql.util.PSQLException: FATAL: Passwort-Authentifizierung
> f??r Benutzer ??foo-foo?? fehlgeschlagen
>
> When i change the host to an nonexisting host (in my birt-xml-file),
> birt gets the correct host from the foo-ds.xml file.
> Why does birt not read the username and password also from foo-ds.xml?
> Is this a Bug?
>
> Best regrads
>
> orkus9
|
|
|
| Re: JNDI and Username-Password [message #178462 is a reply to message #176537] |
Tue, 18 July 2006 15:46 |
George Handin
Messages: 109
Registered: July 2009 |
Senior Member |
|
|
Exposing the username and password via report parameters is unacceptable
and dangerous security risk.
It appears that BIRT has a bug in that even though JBoss is loading the
JNDI resource, the BIRT report engine is not querying for the configured
JNDI configuration each time a report is executed. I've logged a defect
requesting this behavior:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=150965
Linda Chan wrote:
> It's up to your JNDI resource factory (jboss) to determine how and when it uses
> its own configuration, e.g. your foo-ds.xml . In other words, BIRT never reads
> a JNDI resource configuration directly.
>
> To control the value of the BIRT jdbc username and password used at runtime...
> the recommended way is to bind the username/password property to a report
> parameter. This way, the username and password used at design-time can be
> different from those used at runtime when deployed in a web application.
>
> Orkus wrote:
>
>> Hello,
>>
>> i use Eclipse 3.2, Birt 2.1, JBoss 4.0.2, Report Engine Api 2.1.
>> I am using the Report Engine API to generate the report within my
>> jboss-webapplication. So far so good. All works fine with a jdbc connection.
>>
>> Now i want to change the datasource from jdbc to jndi.
>> This works fine, when i use the same user and password for the jdbc
>> source and jndi source.
>>
>> My foo-ds.xml file looks like this:
>>
>> ..............
>> <no-tx-datasource>
>> <jndi-name>cro24.xtrial.ds.foo.read-only</jndi-name>
>> <connection-url>jdbc:postgresql://localhost/foo</connection-url>
>> <driver-class>org.postgresql.Driver</driver-class>
>> <user-name>foo_user</user-name>
>> <password>foo_pw</password>
>> <min-pool-size>5</min-pool-size>
>> <max-pool-size>10</max-pool-size>
>> <idle-timeout-minutes>5</idle-timeout-minutes>
>> <!--<track-statements>true</track-statements>-->
>> </no-tx-datasource>
>> ............
>>
>> My birt-xml-file looks like this:
>>
>> ...........
>> <data-sources>
>> <oda-data-source extensionID="org.eclipse.birt.report.data.oda.jdbc"
>> name="Data Source" id="39">
>> <text-property name="displayName">Data Source</text-property>
>> <property name="odaDriverClass">org.postgresql.Driver</property>
>> <property name="odaURL">jdbc:postgresql://localhost:5432/foo</property>
>> <property name="odaUser">foo-foo</property>
>> <encrypted-property name="odaPassword">ZXRtc191c2VyXzAx</encrypted-property>
>> <property name="odaJndiName">java:cro24.xtrial.ds.tabulator</property >
>> </oda-data-source>
>> </data-sources>
>> ..........
>>
>> All works fine, while the username and password of jdbc connection and
>> jndi is the same.
>> When i change the jdbc-connection to an not existing user (e.g. foo-foo)
>> then, i get a error:
>>
>> INFO: getJndiDSConnection: Unable to get JNDI data source connection;
>> org.jboss.util.NestedSQLException: Could not create connection; - nested
>> throwable: (org.postgresql.util.PSQLException: FATAL:
>> Passwort-Authentifizierung f??r Benutzer ??foo-foo?? fehlgeschlagen); -
>> nested throwable: (org.jboss.resource.JBossResourceException: Could not
>> create connection; - nested throwable:
>> (org.postgresql.util.PSQLException: FATAL: Passwort-Authentifizierung
>> f??r Benutzer ??foo-foo?? fehlgeschlagen))
>> Jul 10, 2006 2:47:07 PM
>> org.eclipse.birt.report.data.oda.jdbc.JDBCDriverManager doConnect
>> FINER: Calling DriverManager.getConnection.
>> url=jdbc:postgresql://localhost:5432/foo
>> Jul 10, 2006 2:47:07 PM
>> org.eclipse.birt.report.data.oda.jdbc.JDBCException JDBCException
>> FINE: odajdbc.CannotGetConn
>> Jul 10, 2006 2:47:07 PM
>> org.eclipse.birt.report.data.oda.jdbc.JDBCException logSQLException
>> FINE: SQL Exception #1
>> org.postgresql.util.PSQLException: FATAL: Passwort-Authentifizierung
>> f??r Benutzer ??foo-foo?? fehlgeschlagen
>>
>> When i change the host to an nonexisting host (in my birt-xml-file),
>> birt gets the correct host from the foo-ds.xml file.
>> Why does birt not read the username and password also from foo-ds.xml?
>> Is this a Bug?
>>
>> Best regrads
>>
>> orkus9
>
|
|
|
| Re: JNDI and Username-Password [message #178650 is a reply to message #178462] |
Wed, 19 July 2006 07:18 |
orkus9
Messages: 214
Registered: July 2009 |
Senior Member |
|
|
i fully agree to you!
Good luck with the bugzilla entry.
i tried this twice. My bugs were closed (set to invalid). Your bug will
be closed too.
I dont really know, why the jndi configuration is mixed up with the
jdbc configuration. This is a bug (in my view).
more information is here:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=150219
George Handin schrieb:
> Exposing the username and password via report parameters is unacceptable
> and dangerous security risk.
>
> It appears that BIRT has a bug in that even though JBoss is loading the
> JNDI resource, the BIRT report engine is not querying for the configured
> JNDI configuration each time a report is executed. I've logged a defect
> requesting this behavior:
>
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=150965
>
>
>
> Linda Chan wrote:
>> It's up to your JNDI resource factory (jboss) to determine how and
>> when it uses
>> its own configuration, e.g. your foo-ds.xml . In other words, BIRT
>> never reads
>> a JNDI resource configuration directly.
>>
>> To control the value of the BIRT jdbc username and password used at
>> runtime...
>> the recommended way is to bind the username/password property to a report
>> parameter. This way, the username and password used at design-time can be
>> different from those used at runtime when deployed in a web application.
>>
>> Orkus wrote:
>>
>>> Hello,
>>>
>>> i use Eclipse 3.2, Birt 2.1, JBoss 4.0.2, Report Engine Api 2.1.
>>> I am using the Report Engine API to generate the report within my
>>> jboss-webapplication. So far so good. All works fine with a jdbc
>>> connection.
>>>
>>> Now i want to change the datasource from jdbc to jndi.
>>> This works fine, when i use the same user and password for the jdbc
>>> source and jndi source.
>>>
>>> My foo-ds.xml file looks like this:
>>>
>>> ..............
>>> <no-tx-datasource>
>>> <jndi-name>cro24.xtrial.ds.foo.read-only</jndi-name>
>>> <connection-url>jdbc:postgresql://localhost/foo</connection-url>
>>> <driver-class>org.postgresql.Driver</driver-class>
>>> <user-name>foo_user</user-name>
>>> <password>foo_pw</password>
>>> <min-pool-size>5</min-pool-size>
>>> <max-pool-size>10</max-pool-size>
>>> <idle-timeout-minutes>5</idle-timeout-minutes>
>>> <!--<track-statements>true</track-statements>-->
>>> </no-tx-datasource>
>>> ............
>>>
>>> My birt-xml-file looks like this:
>>>
>>> ...........
>>> <data-sources>
>>> <oda-data-source extensionID="org.eclipse.birt.report.data.oda.jdbc"
>>> name="Data Source" id="39">
>>> <text-property name="displayName">Data Source</text-property>
>>> <property name="odaDriverClass">org.postgresql.Driver</property>
>>> <property name="odaURL">jdbc:postgresql://localhost:5432/foo</property>
>>> <property name="odaUser">foo-foo</property>
>>> <encrypted-property
>>> name="odaPassword">ZXRtc191c2VyXzAx</encrypted-property>
>>> <property name="odaJndiName">java:cro24.xtrial.ds.tabulator</property >
>>> </oda-data-source>
>>> </data-sources>
>>> ..........
>>>
>>> All works fine, while the username and password of jdbc connection and
>>> jndi is the same.
>>> When i change the jdbc-connection to an not existing user (e.g. foo-foo)
>>> then, i get a error:
>>>
>>> INFO: getJndiDSConnection: Unable to get JNDI data source connection;
>>> org.jboss.util.NestedSQLException: Could not create connection; - nested
>>> throwable: (org.postgresql.util.PSQLException: FATAL:
>>> Passwort-Authentifizierung f??r Benutzer ??foo-foo?? fehlgeschlagen); -
>>> nested throwable: (org.jboss.resource.JBossResourceException: Could not
>>> create connection; - nested throwable:
>>> (org.postgresql.util.PSQLException: FATAL: Passwort-Authentifizierung
>>> f??r Benutzer ??foo-foo?? fehlgeschlagen))
>>> Jul 10, 2006 2:47:07 PM
>>> org.eclipse.birt.report.data.oda.jdbc.JDBCDriverManager doConnect
>>> FINER: Calling DriverManager.getConnection.
>>> url=jdbc:postgresql://localhost:5432/foo
>>> Jul 10, 2006 2:47:07 PM
>>> org.eclipse.birt.report.data.oda.jdbc.JDBCException JDBCException
>>> FINE: odajdbc.CannotGetConn
>>> Jul 10, 2006 2:47:07 PM
>>> org.eclipse.birt.report.data.oda.jdbc.JDBCException logSQLException
>>> FINE: SQL Exception #1
>>> org.postgresql.util.PSQLException: FATAL: Passwort-Authentifizierung
>>> f??r Benutzer ??foo-foo?? fehlgeschlagen
>>>
>>> When i change the host to an nonexisting host (in my birt-xml-file),
>>> birt gets the correct host from the foo-ds.xml file.
>>> Why does birt not read the username and password also from foo-ds.xml?
>>> Is this a Bug?
>>>
>>> Best regrads
>>>
>>> orkus9
>>
|
|
|
Goto Forum:
Current Time: Wed Apr 24 17:39:20 GMT 2024
Powered by FUDForum. Page generated in 0.02600 seconds |
] 
Search
Help
Register
Login
Home
