modules/enterprise/gui/installer-war/pom.xml | 17 - modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ConfigurationBean.java | 60 +++ modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ServerInformation.java | 25 + modules/enterprise/server/container-lib/pom.xml | 7 modules/enterprise/server/container-lib/src/main/java/org/rhq/jbossatx/jta/recovery/AppServerJDBCXARecovery.java | 144 ++++++++ modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.bat | 112 ++++++ modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh | 165 ++++++++++ modules/enterprise/server/container/src/main/resources/jbossas/server/default/conf/login-config.xml | 22 + modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.h2.rej | 9 modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.oracle.rej | 13 modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.postgres.rej | 9 modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.sqlserver.rej | 9 12 files changed, 547 insertions(+), 45 deletions(-)
New commits: commit a32db89465af384df8d30b3667f4f545d9893105 Merge: 9f3981b... 002b86a... Author: Heiko W. Rupp hwr@redhat.com Date: Fri Mar 26 13:50:03 2010 +0100
Merge branch 'master' of ssh://git.fedorahosted.org/git/rhq/rhq
commit 9f3981b21e128316ff39cbd5fe54e998e9002af4 Author: Heiko W. Rupp hwr@redhat.com Date: Fri Mar 26 13:49:55 2010 +0100
First cut of a Windows script to generate the passwords.
diff --git a/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.bat b/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.bat new file mode 100644 index 0000000..3b85102 --- /dev/null +++ b/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.bat @@ -0,0 +1,112 @@ +@echo off + +rem =========================================================================== +rem RHQ Server Windows Generate db password script +rem +rem This file is used to execute the generate a new encrypted db password. +rem +rem This script is customizable by setting the following environment variables: +rem +rem RHQ_SERVER_DEBUG - If this is defined, the script will emit debug +rem messages. +rem If not set or set to "false", debug is turned off. +rem +rem RHQ_SERVER_HOME - Defines where the Server's home install directory is. +rem If not defined, it will be assumed to be the parent +rem directory of the directory where this script lives. +rem +rem RHQ_SERVER_JAVA_HOME - The location of the JRE that the Server will +rem use. This will be ignored if +rem RHQ_SERVER_JAVA_EXE_FILE_PATH is set. +rem If this and RHQ_SERVER_JAVA_EXE_FILE_PATH are +rem not set, the Server's embedded JRE will be used. +rem +rem RHQ_SERVER_JAVA_EXE_FILE_PATH - Defines the full path to the Java +rem executable to use. If this is set, +rem RHQ_SERVER_JAVA_HOME is ignored. +rem If this is not set, then +rem %RHQ_SERVER_JAVA_HOME%\bin\java.exe +rem is used. If this and +rem RHQ_SERVER_JAVA_HOME are not set, the +rem Server's embedded JRE will be used. +rem +rem +rem Note that you cannot define custom Java VM parameters or command line +rem arguments to pass to the RHQ Server run.sh. If you wish to pass in +rem specific arguments, modify the rhq-server-wrapper.conf file. +rem +rem If the embedded JRE is to be used but is not available, the fallback +rem JRE to be used will be determined by the JAVA_HOME environment variable. +rem +rem =========================================================================== + +setlocal + +rem if debug variable is set, it is assumed to be on, unless its value is false +if "%RHQ_SERVER_DEBUG%" == "false" ( + set RHQ_SERVER_DEBUG= +) + +rem ---------------------------------------------------------------------- +rem Change directory so the current directory is the Server home. +rem ---------------------------------------------------------------------- + +set RHQ_SERVER_BIN_DIR_PATH=%~dp0 + +if not defined RHQ_SERVER_HOME ( + cd "%RHQ_SERVER_BIN_DIR_PATH%.." +) else ( + cd "%RHQ_SERVER_HOME%" || ( + echo Cannot go to the RHQ_SERVER_HOME directory: %RHQ_SERVER_HOME% + exit /B 1 + ) +) + +set RHQ_SERVER_HOME=%CD% + +if defined RHQ_SERVER_DEBUG echo RHQ_SERVER_HOME: %RHQ_SERVER_HOME% + +rem ---------------------------------------------------------------------- +rem Find the Java executable and verify we have a VM available. +rem ---------------------------------------------------------------------- + +if not defined RHQ_SERVER_JAVA_EXE_FILE_PATH ( + if not defined RHQ_SERVER_JAVA_HOME call :prepare_embedded_jre +) + +if not defined RHQ_SERVER_JAVA_EXE_FILE_PATH set RHQ_SERVER_JAVA_EXE_FILE_PATH=%RHQ_SERVER_JAVA_HOME%\bin\java.exe + +if defined RHQ_SERVER_DEBUG echo RHQ_SERVER_JAVA_HOME: %RHQ_SERVER_JAVA_HOME% +if defined RHQ_SERVER_DEBUG echo RHQ_SERVER_JAVA_EXE_FILE_PATH: %RHQ_SERVER_JAVA_EXE_FILE_PATH% + +if not exist "%RHQ_SERVER_JAVA_EXE_FILE_PATH%" ( + echo There is no JVM available. + echo Please set RHQ_SERVER_JAVA_HOME or RHQ_SERVER_JAVA_EXE_FILE_PATH appropriately. + exit /B 1 +) + +set _JB_DIR = %RHQ_SERVER_HOME%\jbossas +%RHQ_SERVER_JAVA_EXE_FILE_PATH% -cp %_JB_DIR%\lib\jboss-common.jar;%_JB_DIR%\lib\jboss-jmx.jar;%_JB_DIR%\server\default\lib\jbosssx.jar;%_JB_DIR%\server\default\lib\jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule %1 + + +goto :done + +rem ---------------------------------------------------------------------- +rem CALL subroutine that prepares to use the embedded JRE +rem ---------------------------------------------------------------------- + +:prepare_embedded_jre +set RHQ_SERVER_JAVA_HOME=%RHQ_SERVER_HOME%\jre +if defined RHQ_SERVER_DEBUG echo Using the embedded JRE +if not exist "%RHQ_SERVER_JAVA_HOME%" ( + if defined RHQ_SERVER_DEBUG echo No embedded JRE found - will try to use JAVA_HOME: %JAVA_HOME% + set RHQ_SERVER_JAVA_HOME=%JAVA_HOME% +) +goto :eof + +rem ---------------------------------------------------------------------- +rem CALL subroutine that exits this script normally +rem ---------------------------------------------------------------------- + +:done +endlocal
commit 73626e4146d1acf382dca898748227475755afec Author: Heiko W. Rupp hwr@redhat.com Date: Fri Mar 26 13:42:37 2010 +0100
Fix comments
diff --git a/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh b/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh index c515e4c..d3fd715 100755 --- a/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh +++ b/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh @@ -6,20 +6,12 @@ # processname: java
# ============================================================================= -# RHQ Server UNIX Startup Script +# RHQ Server UNIX Generate db password script # -# This file is used to execute the RHQ Server on a UNIX platform as part of -# the platform's bootup sequence or as a foreground console process. -# Run this script without any command line options for the syntax help. +# This file is used to execute the generate a new encrypted db password. # # This script is customizable by setting the following environment variables: # -# Note that if this script is to be used as an init.d script, you must set -# RHQ_SERVER_HOME so this script knows where to find the Server installation. -# -# RHQ_SERVER_DEBUG - If this is defined, the script will emit debug -# messages. If this is not defined or set to "false" -# debug messages are not emitted. # # RHQ_SERVER_HOME - Defines where the server's home install directory is. # If not defined, it will be assumed to be the parent @@ -40,44 +32,9 @@ # RHQ_SERVER_JAVA_HOME are not set, the # Server's embedded JRE will be used. # -# RHQ_SERVER_JAVA_OPTS - Java VM command line options to be -# passed into the Server's VM. If this is not defined -# this script will pass in a default set of options. -# If this is set, it completely overrides the -# Server's defaults. If you only want to add options -# to the Server's defaults, then you will want to -# use RHQ_SERVER_ADDITIONAL_JAVA_OPTS instead. -# -# RHQ_SERVER_ADDITIONAL_JAVA_OPTS - additional Java VM command line options -# to be passed into the Server's VM. This -# is added to RHQ_SERVER_JAVA_OPTS; it -# is mainly used to augment the Server's -# default set of options. This can be -# left unset if it is not needed. -# -# RHQ_SERVER_CMDLINE_OPTS - If this is defined, these are the command line -# arguments that will be passed to the RHQ Server -# JBossAS run.sh. If you only want to add options -# to the Server's defaults, then you will want to -# use RHQ_SERVER_ADDITIONAL_CMDLINE_OPTS instead. -# -# RHQ_SERVER_ADDITIONAL_CMDLINE_OPTS - additional command line arguments to -# be passed to the RHQ Server JBossAS -# run.sh. This is added to -# RHQ_SERVER_CMDLINE_OPTS; it is mainly -# used to augment the Server's default -# set of options. This can be left unset -# if it is not needed. -# -# RHQ_SERVER_PIDFILE_DIR - a full path to a writable directory where this -# script can write its pidfile to. -# If not defined, this defaults to the Server's -# bin directory. -# # If the embedded JRE is to be used but is not available, the fallback # JRE to be used will be determined by the JAVA_HOME environment variable. # -# This script calls run.sh when starting the underlying JBossAS server. # =============================================================================
# ---------------------------------------------------------------------- @@ -88,11 +45,6 @@ # RHQ_SERVER_DEBUG=true # JAVA_HOME=/path/to/java/installation # RHQ_SERVER_JAVA_EXE_FILE_PATH=/path/directly/to/java/executable -# RHQ_SERVER_JAVA_OPTS=VM options -# RHQ_SERVER_ADDITIONAL_JAVA_OPTS=additional VM options -# RHQ_SERVER_CMDLINE_OPTS=run.sh options -# RHQ_SERVER_ADDITIONAL_CMDLINE_OPTS=additional run.sh options - # ---------------------------------------------------------------------- # Make sure we unset any lingering JBossAS environment variables that # were set in the user's environment. This might happen if the user
commit ec5d610a0c9849073bba5547bd2464e0a7004796 Author: Heiko W. Rupp hwr@redhat.com Date: Fri Mar 26 12:34:23 2010 +0100
BZ 535601 - Optimize the generate password script
diff --git a/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh b/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh index 6c170b3..c515e4c 100755 --- a/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh +++ b/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh @@ -1,9 +1,213 @@ #!/bin/sh
-# the sleep is important to prevent a race condition when called from the installer -sleep 2 +# chkconfig: 2345 92 26 +# description: Starts and stops the RHQ Server +# +# processname: java
-# We stand in $RHQ/bin when called from the installer -cd ../jbossas/ +# ============================================================================= +# RHQ Server UNIX Startup Script +# +# This file is used to execute the RHQ Server on a UNIX platform as part of +# the platform's bootup sequence or as a foreground console process. +# Run this script without any command line options for the syntax help. +# +# This script is customizable by setting the following environment variables: +# +# Note that if this script is to be used as an init.d script, you must set +# RHQ_SERVER_HOME so this script knows where to find the Server installation. +# +# RHQ_SERVER_DEBUG - If this is defined, the script will emit debug +# messages. If this is not defined or set to "false" +# debug messages are not emitted. +# +# RHQ_SERVER_HOME - Defines where the server's home install directory is. +# If not defined, it will be assumed to be the parent +# directory of the directory where this script lives. +# +# RHQ_SERVER_JAVA_HOME - The location of the JRE that the server will +# use. This will be ignored if +# RHQ_SERVER_JAVA_EXE_FILE_PATH is set. +# If this and RHQ_SERVER_JAVA_EXE_FILE_PATH are +# not set, the Server's embedded JRE will be used. +# +# RHQ_SERVER_JAVA_EXE_FILE_PATH - Defines the full path to the Java +# executable to use. If this is set, +# RHQ_SERVER_JAVA_HOME is ignored. +# If this is not set, then +# $RHQ_SERVER_JAVA_HOME/bin/java +# is used. If this and +# RHQ_SERVER_JAVA_HOME are not set, the +# Server's embedded JRE will be used. +# +# RHQ_SERVER_JAVA_OPTS - Java VM command line options to be +# passed into the Server's VM. If this is not defined +# this script will pass in a default set of options. +# If this is set, it completely overrides the +# Server's defaults. If you only want to add options +# to the Server's defaults, then you will want to +# use RHQ_SERVER_ADDITIONAL_JAVA_OPTS instead. +# +# RHQ_SERVER_ADDITIONAL_JAVA_OPTS - additional Java VM command line options +# to be passed into the Server's VM. This +# is added to RHQ_SERVER_JAVA_OPTS; it +# is mainly used to augment the Server's +# default set of options. This can be +# left unset if it is not needed. +# +# RHQ_SERVER_CMDLINE_OPTS - If this is defined, these are the command line +# arguments that will be passed to the RHQ Server +# JBossAS run.sh. If you only want to add options +# to the Server's defaults, then you will want to +# use RHQ_SERVER_ADDITIONAL_CMDLINE_OPTS instead. +# +# RHQ_SERVER_ADDITIONAL_CMDLINE_OPTS - additional command line arguments to +# be passed to the RHQ Server JBossAS +# run.sh. This is added to +# RHQ_SERVER_CMDLINE_OPTS; it is mainly +# used to augment the Server's default +# set of options. This can be left unset +# if it is not needed. +# +# RHQ_SERVER_PIDFILE_DIR - a full path to a writable directory where this +# script can write its pidfile to. +# If not defined, this defaults to the Server's +# bin directory. +# +# If the embedded JRE is to be used but is not available, the fallback +# JRE to be used will be determined by the JAVA_HOME environment variable. +# +# This script calls run.sh when starting the underlying JBossAS server. +# =============================================================================
-java -cp lib/jboss-common.jar:lib/jboss-jmx.jar:server/default/lib/jbosssx.jar:server/default/lib/jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule $* +# ---------------------------------------------------------------------- +# Environment variables you can set to customize the launch of the RHQ Server. +# ---------------------------------------------------------------------- + +# RHQ_SERVER_HOME=/path/to/server/home +# RHQ_SERVER_DEBUG=true +# JAVA_HOME=/path/to/java/installation +# RHQ_SERVER_JAVA_EXE_FILE_PATH=/path/directly/to/java/executable +# RHQ_SERVER_JAVA_OPTS=VM options +# RHQ_SERVER_ADDITIONAL_JAVA_OPTS=additional VM options +# RHQ_SERVER_CMDLINE_OPTS=run.sh options +# RHQ_SERVER_ADDITIONAL_CMDLINE_OPTS=additional run.sh options + +# ---------------------------------------------------------------------- +# Make sure we unset any lingering JBossAS environment variables that +# were set in the user's environment. This might happen if the user +# has an external JBossAS configured. +# ---------------------------------------------------------------------- + +unset JBOSS_HOME +unset RUN_CONF +unset JAVAC_JAR +unset JBOSS_CLASSPATH + +# ---------------------------------------------------------------------- +# Dumps a message iff debug mode is enabled +# ---------------------------------------------------------------------- + +debug_msg () +{ + # if debug variable is set, it is assumed to be on, unless its value is false + if [ "x$RHQ_SERVER_DEBUG" != "x" ]; then + if [ "$RHQ_SERVER_DEBUG" != "false" ]; then + echo $1 + fi + fi +} + + +# ---------------------------------------------------------------------- +# Determine what specific platform we are running on. +# Set some platform-specific variables. +# ---------------------------------------------------------------------- + +case "`uname`" in + CYGWIN*) _CYGWIN=true + ;; + Darwin*) _DARWIN=true + ;; + SunOS*) _SOLARIS=true + ;; + AIX*) _AIX=true + ;; +esac + +# ---------------------------------------------------------------------- +# Determine the RHQ Server installation directory. +# If RHQ_SERVER_HOME is not defined, we will assume we are running +# directly from the server installation's bin directory. +# ---------------------------------------------------------------------- + +if [ -z "$RHQ_SERVER_HOME" ]; then + _DOLLARZERO=`readlink "$0" 2>/dev/null || echo "$0"` + RHQ_SERVER_HOME=`dirname "$_DOLLARZERO"`/.. +else + if [ ! -d "$RHQ_SERVER_HOME" ]; then + echo "ERROR! RHQ_SERVER_HOME is not pointing to a valid directory" + echo "RHQ_SERVER_HOME: $RHQ_SERVER_HOME" + exit 1 + fi +fi + +cd "$RHQ_SERVER_HOME" +RHQ_SERVER_HOME=`pwd` + +debug_msg "RHQ_SERVER_HOME: $RHQ_SERVER_HOME" + +if [ ! -f "${RHQ_SERVER_HOME}/jbossas/bin/run.jar" ]; then + echo "ERROR! RHQ_SERVER_HOME is not pointing to a valid RHQ Server" + echo "Missing ${RHQ_SERVER_HOME}/jbossas/bin/run.jar" + exit 1 +fi + +# ---------------------------------------------------------------------- +# if we are on a Mac and JAVA_HOME is not set, then set it to /usr +# as this is the default location. +# ---------------------------------------------------------------------- +if [ -z "$JAVA_HOME" ]; then + if [ -n "$_DARWIN" ]; then + debug_msg "Running on Mac OS X, setting JAVA_HOME to /usr" + JAVA_HOME=/usr + fi +fi + + +# ---------------------------------------------------------------------- +# Find the Java executable and verify we have a VM available +# ---------------------------------------------------------------------- + +if [ -z "$RHQ_SERVER_JAVA_EXE_FILE_PATH" ]; then + if [ -z "$RHQ_SERVER_JAVA_HOME" ]; then + RHQ_SERVER_JAVA_HOME="${RHQ_SERVER_HOME}/jre" + debug_msg "Using the embedded JRE" + if [ ! -d "$RHQ_SERVER_JAVA_HOME" ]; then + debug_msg "No embedded JRE found - will try to use JAVA_HOME: $JAVA_HOME" + RHQ_SERVER_JAVA_HOME="$JAVA_HOME" + fi + fi + debug_msg "RHQ_SERVER_JAVA_HOME: $RHQ_SERVER_JAVA_HOME" + RHQ_SERVER_JAVA_EXE_FILE_PATH="${RHQ_SERVER_JAVA_HOME}/bin/java" +fi +debug_msg "RHQ_SERVER_JAVA_EXE_FILE_PATH: $RHQ_SERVER_JAVA_EXE_FILE_PATH" + +if [ ! -f "$RHQ_SERVER_JAVA_EXE_FILE_PATH" ]; then + echo "There is no JVM available." + echo "Please set RHQ_SERVER_JAVA_HOME or RHQ_SERVER_JAVA_EXE_FILE_PATH appropriately." + exit 1 +fi + +# run.sh will use JAVA as the full java command +JAVA="$RHQ_SERVER_JAVA_EXE_FILE_PATH" +export JAVA + +if [ $# == 0 ] +then + echo "Usage generate-db-password <password>" + exit 1 +fi + +_JB_DIR=${RHQ_SERVER_HOME}/jbossas +$JAVA -cp $_JB_DIR/lib/jboss-common.jar:$_JB_DIR/lib/jboss-jmx.jar:$_JB_DIR/server/default/lib/jbosssx.jar:$_JB_DIR/server/default/lib/jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule $*
commit 1cda39acf128b40df403e212469c8f683875d11e Author: Heiko W. Rupp hwr@redhat.com Date: Fri Mar 26 12:15:11 2010 +0100
BZ 535601 - encrypt the db password by default when installing the server.
diff --git a/modules/enterprise/gui/installer-war/pom.xml b/modules/enterprise/gui/installer-war/pom.xml index 6c9121b..b500fb1 100644 --- a/modules/enterprise/gui/installer-war/pom.xml +++ b/modules/enterprise/gui/installer-war/pom.xml @@ -25,7 +25,7 @@ <war.dir>${basedir}/target/${final.name}</war.dir>
<!-- plugin versions --> - <jetty-jspc-maven-plugin.version>7.0.1.v20091125</jetty-jspc-maven-plugin.version> + <jetty-jspc-maven-plugin.version>7.0.1.v20091125</jetty-jspc-maven-plugin.version>
<product.shortName>RHQ</product.shortName> <product.name>RHQ</product.name> @@ -90,6 +90,21 @@ </dependency>
<dependency> + <groupId>jboss</groupId> + <artifactId>jbosssx</artifactId> + <version>4.2.3.GA</version> + <scope>provided</scope> <!-- by JBossAS --> + </dependency> + + <dependency> + <groupId>jboss.jbossas.core-libs</groupId> + <artifactId>jboss-jca</artifactId> + <version>4.2.2.GA</version> + <scope>provided</scope> <!-- by JBossAS --> + </dependency> + + + <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.4</version> diff --git a/modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ConfigurationBean.java b/modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ConfigurationBean.java index bca6381..3b47e95 100644 --- a/modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ConfigurationBean.java +++ b/modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ConfigurationBean.java @@ -18,6 +18,12 @@ */ package org.rhq.enterprise.installer;
+import java.io.BufferedInputStream; +import java.io.File; +import java.io.InputStream; +import java.io.OutputStream; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.net.InetAddress; import java.sql.Connection; import java.sql.Statement; @@ -36,14 +42,16 @@ import mazz.i18n.Msg; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory;
+import org.jboss.resource.security.SecureIdentityLoginModule; + import org.rhq.core.db.DatabaseTypeFactory; import org.rhq.core.util.exception.ThrowableUtil; import org.rhq.enterprise.installer.i18n.InstallerI18NResourceKeys;
/** - * Responisible for taking the settings the user selects in the installer window and saves them + * Responsible for taking the settings the user selects in the installer window and saves them * as the server's initial configuration. - * + * * @author John Mazzitelli * @author Jay Shaughnessy */ @@ -195,7 +203,7 @@ public class ConfigurationBean { * so the caller will not see any of the hidden properties in the returned list. * * @return current server settings, minus database related settings and hidden settings. - * + * * @see #getDatabaseConfiguration() * @see #getConfiguration() */ @@ -218,7 +226,7 @@ public class ConfigurationBean { * Loads in the server's current configuration and returns only the database related properties. * * @return current database settings - * + * * @see #getNonDatabaseConfiguration() * @see #getConfiguration() */ @@ -240,7 +248,7 @@ public class ConfigurationBean { * Checks to see if the server has been preconfigured and should be auto-installed. If <code>true</code> * is returned, the installer webapp should not be needed to install the server and the installer should * immediately begin the installation process. - * + * * @return <code>true</code> if auto-install should occur; <code>false</code> means the user needs to use * the installer GUI before the installation can begin */ @@ -475,7 +483,7 @@ public class ConfigurationBean { path = path.replace('\', '/'); // in case we are on windows, we still want forward slashes return path; } catch (Exception e) { - throw new RuntimeException(e); // this should never happen unless the file system is out of wack + throw new RuntimeException(e); // this should never happen unless the file system is out of wack } }
@@ -722,6 +730,17 @@ public class ConfigurationBean { // Ensure the install server info is up to date and stored in the DB serverInfo.storeServer(configurationAsProperties, haServer);
+ // encode database password and set updated properties + String pass = configurationAsProperties.getProperty(ServerProperties.PROP_DATABASE_PASSWORD); + pass = encryptPassword(pass); + configurationAsProperties.setProperty(ServerProperties.PROP_DATABASE_PASSWORD,pass); + + serverInfo.setServerProperties(configurationAsProperties); + + // We have changed the password of the database connection, so we need to + // tell the login config about it + serverInfo.restartLoginConfig(); + // build a keystore whose cert has a CN of this server's public endpoint address serverInfo.createKeystore(haServer);
@@ -739,6 +758,29 @@ public class ConfigurationBean { return StartPageResults.SUCCESS; }
+ private String encryptPassword(String password) throws Exception { + + // We need to do some mumbo jumbo, as the interesting method is private + // in SecureIdentityLoginModule + + try { + SecureIdentityLoginModule lm = new SecureIdentityLoginModule(); + Class clazz = SecureIdentityLoginModule.class; + Method m = clazz.getDeclaredMethod("encode",String.class); + m.setAccessible(true); + String res = (String) m.invoke(lm,"rhqadmin"); + return res; + } catch (Exception e) { + throw new Exception("Encoding db password failed: " , e); + } + } + + private boolean isWindows() { + String osName = System.getProperty("os.name").toLowerCase(Locale.US); + + return osName.indexOf("windows") > -1; + } + private Properties getConfigurationAsProperties(List<PropertyItemWithValue> config) { Properties props = new Properties();
@@ -839,7 +881,7 @@ public class ConfigurationBean {
this.haServerName = serverName;
- // try pulling info from the database for this server name + // try pulling info from the database for this server name if (isRegisteredServers()) { Properties configurationAsProperties = getConfigurationAsProperties(configuration); setHaServer(serverInfo.getServerDetail(configurationAsProperties, serverName)); @@ -881,10 +923,10 @@ public class ConfigurationBean { /** * This method will set the HA Server information based solely on the server configuration * properties. It does not rely on any database access. - * + * * This is used by the auto-installation process - see {@link AutoInstallServlet}. * - * @throws Exception + * @throws Exception */ public void setHaServerFromPropertiesOnly() throws Exception {
diff --git a/modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ServerInformation.java b/modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ServerInformation.java index 0896ace..5af10d0 100644 --- a/modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ServerInformation.java +++ b/modules/enterprise/gui/installer-war/src/main/java/org/rhq/enterprise/installer/ServerInformation.java @@ -49,6 +49,8 @@ import org.apache.tools.ant.helper.ProjectHelper2;
import org.jboss.mx.util.MBeanServerLocator; import org.jboss.mx.util.ObjectNameFactory; +import org.jboss.security.auth.login.XMLLoginConfig; +import org.jboss.security.auth.login.XMLLoginConfigMBean; import org.jboss.system.server.ServerConfig;
import org.rhq.core.db.DatabaseType; @@ -128,7 +130,7 @@ public class ServerInformation {
/** * Call this when you need to confirm that the database is supported. - * + * * @param props set of properties where the connection information is found * * @throws Exception if the database is not supported @@ -208,7 +210,7 @@ public class ServerInformation { * data/tables and recreated.</p> * * @param props - * + * * @throws Exception if failed to create the new schema for some reason */ public void createNewDatabaseSchema(Properties props) throws Exception { @@ -246,7 +248,7 @@ public class ServerInformation { * occur.</p> * * @param props - * + * * @throws Exception if the upgrade failed for some reason */ public void upgradeExistingDatabaseSchema(Properties props) throws Exception { @@ -527,7 +529,7 @@ public class ServerInformation { return deployDirectory; }
- private File getBinDirectory() { + protected File getBinDirectory() { if (binDirectory == null) { MBeanServer mbs = getMBeanServer(); ObjectName name = ObjectNameFactory.create("jboss.system:type=ServerConfig"); @@ -788,8 +790,8 @@ public class ServerInformation { * Clean up messages in the JMS message table. Make sure you call this when no other Servers * are communicating with the database, otherwise, its possible in-flight messages will get lost * or go into a bad state. - * - * @param props + * + * @param props */ public void cleanJmsTables(Properties props) {
@@ -818,6 +820,17 @@ public class ServerInformation { } }
+ public void restartLoginConfig() throws Exception { + + MBeanServer mbs = getMBeanServer(); + ObjectName name = ObjectNameFactory.create("jboss.security:service=XMLLoginConfig"); + Object mbean = MBeanServerInvocationHandler.newProxyInstance(mbs, name,XMLLoginConfigMBean.class,false); + + XMLLoginConfigMBean conf = (XMLLoginConfigMBean) mbean; + conf.stop(); + conf.start(); + } + public static class Server { public static final String DEFAULT_AFFINITY_GROUP = ""; public static final int DEFAULT_ENDPOINT_PORT = 7080; diff --git a/modules/enterprise/server/container-lib/pom.xml b/modules/enterprise/server/container-lib/pom.xml index cd58ba5..2c98817 100644 --- a/modules/enterprise/server/container-lib/pom.xml +++ b/modules/enterprise/server/container-lib/pom.xml @@ -40,6 +40,13 @@ <scope>provided</scope> <!-- by JBossAS --> </dependency>
+ <dependency> + <groupId>jboss</groupId> + <artifactId>jbosssx</artifactId> + <version>4.2.3.GA</version> + <scope>provided</scope> <!-- by JBossAS --> + </dependency> + </dependencies>
<profiles> diff --git a/modules/enterprise/server/container-lib/src/main/java/org/rhq/jbossatx/jta/recovery/AppServerJDBCXARecovery.java b/modules/enterprise/server/container-lib/src/main/java/org/rhq/jbossatx/jta/recovery/AppServerJDBCXARecovery.java index 72083b5..3c87183 100644 --- a/modules/enterprise/server/container-lib/src/main/java/org/rhq/jbossatx/jta/recovery/AppServerJDBCXARecovery.java +++ b/modules/enterprise/server/container-lib/src/main/java/org/rhq/jbossatx/jta/recovery/AppServerJDBCXARecovery.java @@ -23,11 +23,22 @@ import java.beans.PropertyEditorManager; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.lang.reflect.Method; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; import java.sql.Connection; import java.sql.SQLException; import java.util.Iterator; import java.util.Properties; - +import java.util.StringTokenizer; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.SecretKeySpec; import javax.management.InstanceNotFoundException; import javax.management.MBeanException; import javax.management.MBeanServerConnection; @@ -42,12 +53,14 @@ import javax.transaction.xa.XAResource; import com.arjuna.ats.jta.recovery.XAResourceRecovery;
import org.jboss.logging.Logger; +import org.jboss.security.SecurityAssociation; +import org.jboss.security.SimplePrincipal;
/** * This is an enhanced version of JBossTM's AppServerJDBCXARecovery implementation. * The only thing this implementation does differently is it becomes tolerant of * the times when the data source is not yet deployed. - * + * * This provides recovery for compliant JDBC drivers accessed via datasources deployed in JBossAS 4.2 * It is not meant to be db driver specific. * @@ -100,6 +113,8 @@ public class AppServerJDBCXARecovery implements XAResourceRecovery { if (parameter == null) return false;
+ retrieveData(parameter, _DELIMITER); + // don't create the datasource yet, we'll do it lazily. Just keep its id. _dataSourceId = parameter;
@@ -150,6 +165,13 @@ public class AppServerJDBCXARecovery implements XAResourceRecovery { MBeanServerConnection server = (MBeanServerConnection) context.lookup("jmx/invoker/RMIAdaptor"); ObjectName objectName = new ObjectName("jboss.jca:name=" + _dataSourceId + ",service=ManagedConnectionFactory"); + + if(_username !=null && _password !=null) + { + SecurityAssociation.setPrincipal(new SimplePrincipal(_username)); + SecurityAssociation.setCredential(_password); + } + String className = (String) server.invoke(objectName, "getManagedConnectionFactoryAttribute", new Object[] { "XADataSourceClass" }, new String[] { "java.lang.String" }); log.debug("AppServerJDBCXARecovery datasource classname = " + className); @@ -158,6 +180,29 @@ public class AppServerJDBCXARecovery implements XAResourceRecovery { // debug disabled due to security paranoia - it may log datasource password in cleartext. // log.debug("AppServerJDBCXARecovery.result="+properties);
+ ObjectName txCmObjectName = new ObjectName("jboss.jca:name=" +_dataSourceId + ",service=XATxCM"); + String securityDomainName = (String) server.getAttribute(txCmObjectName, "SecurityDomainJndiName"); + log.debug("Security domain name associated with JCA ConnectionManager jboss.jca:name=" +_dataSourceId + ",service=XATxCM"+" is:"+securityDomainName); + + if(securityDomainName != null && !securityDomainName.equals("")) + { + ObjectName _objectName = new ObjectName("jboss.security:service=XMLLoginConfig"); + String config = (String)server.invoke(_objectName, "displayAppConfig", new Object[] {securityDomainName}, new String[] {"java.lang.String"}); + String loginModuleClass = getValueForLoginModuleClass(config); + _dbUsername = getValueForKey(config, _USERNAME); + String _encryptedPassword = getValueForKey(config, _PASSWORD); + if (loginModuleClass.trim().equals("org.jboss.resource.security.SecureIdentityLoginModule")) + { + _dbPassword = new String (decode(_encryptedPassword)); + } + else if (loginModuleClass.trim().equals("org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule")) + { + String jaasSecurityDomain = getValueForKey(config, "jaasSecurityDomain"); + _dbPassword = new String (decodePBE(server, _encryptedPassword, jaasSecurityDomain)); + } + _encrypted = true; + } + try { _dataSource = getXADataSource(className, properties); _supportsIsValidMethod = true; // assume it does; we'll lazily check the first time we try to connect @@ -230,7 +275,15 @@ public class AppServerJDBCXARecovery implements XAResourceRecovery { } }
- _connection = _dataSource.getXAConnection(); + // Check if the password is encrypted, the criteria should be the existence of <security-domain>EncryptDBPassword</security-domain> + // in the -ds.xml file. + + if(!_encrypted) { + _connection = _dataSource.getXAConnection(); + } + else { + _connection = _dataSource.getXAConnection(_dbUsername, _dbPassword); + } _connection.addConnectionEventListener(_connectionEventListener); log.debug("Created new XAConnection"); } @@ -305,13 +358,98 @@ public class AppServerJDBCXARecovery implements XAResourceRecovery { return xads; }
+ public void retrieveData(String parameter,String delimiter) + { + StringTokenizer st = new StringTokenizer(parameter,delimiter); + while (st.hasMoreTokens()) + { + String data = st.nextToken(); + if(data.length()>9) + { + if(_USERNAME.equalsIgnoreCase(data.substring(0,8))) + { + _username =data.substring(9); + } + if(_PASSWORD.equalsIgnoreCase(data.substring(0,8))) + { + _password =data.substring(9); + } + if(_JNDINAME.equalsIgnoreCase(data.substring(0,8))) + { + _dataSourceId=data.substring(9); + } + } + } + + if(_dataSourceId == null && parameter != null && parameter.indexOf('=') == -1) { + // try to fallback to old parameter format where only the dataSourceId is given, without jndiname= prefix + _dataSourceId = parameter; + } + } + + private String getValueForKey(String config, String key) + { + Pattern usernamePattern = Pattern.compile("(name=" + key + ", value=)(.*)(</li>)"); + Matcher m = usernamePattern.matcher(config); + if(m.find()) + { + return m.group(2); + } + return ""; + } + + private String getValueForLoginModuleClass(String config) + { + Pattern usernamePattern = Pattern.compile("(" + _MODULE + ":)(.*)"); + Matcher m = usernamePattern.matcher(config); + if(m.find()) + { + return m.group(2); + } + return ""; + } + + private static String decode(String secret) throws NoSuchPaddingException, NoSuchAlgorithmException, + InvalidKeyException, BadPaddingException, IllegalBlockSizeException + { + byte[] kbytes = "jaas is the way".getBytes(); + SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish"); + + BigInteger n = new BigInteger(secret, 16); + byte[] encoding = n.toByteArray(); + + Cipher cipher = Cipher.getInstance("Blowfish"); + cipher.init(Cipher.DECRYPT_MODE, key); + byte[] decode = cipher.doFinal(encoding); + return new String(decode); + } + + private static String decodePBE(MBeanServerConnection server, String password, String jaasSecurityDomain) throws Exception + { + byte[] secret = (byte[]) server.invoke(new ObjectName(jaasSecurityDomain), "decode64", new Object[] {password}, new String[] {"java.lang.String"}); + return new String(secret, "UTF-8"); + } + + private boolean _supportsIsValidMethod;
private XAConnection _connection; private XADataSource _dataSource; private LocalConnectionEventListener _connectionEventListener; private boolean _hasMoreResources; + private boolean _encrypted;
private String _dataSourceId; + private String _username; + private String _password; + private String _dbUsername; + private String _dbPassword; + + private final String _JNDINAME = "jndiname"; + private final String _USERNAME = "username"; + private final String _PASSWORD = "password"; + private final String _MODULE = "LoginModule Class"; + private final String _DELIMITER = ","; + private Logger log = org.jboss.logging.Logger.getLogger(AppServerJDBCXARecovery.class); } diff --git a/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh b/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh new file mode 100755 index 0000000..6c170b3 --- /dev/null +++ b/modules/enterprise/server/container/src/main/bin-resources/bin/generate-db-password.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +# the sleep is important to prevent a race condition when called from the installer +sleep 2 + +# We stand in $RHQ/bin when called from the installer +cd ../jbossas/ + +java -cp lib/jboss-common.jar:lib/jboss-jmx.jar:server/default/lib/jbosssx.jar:server/default/lib/jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule $* diff --git a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/conf/login-config.xml b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/conf/login-config.xml index 256d419..8f6ca6d 100644 --- a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/conf/login-config.xml +++ b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/conf/login-config.xml @@ -14,6 +14,28 @@ </authentication> </application-policy>
+<!-- security domains for encrypted dataseouce passwords --> + <application-policy name = "XADSRealm"> + <authentication> + <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" + flag = "required"> + <module-option name = "username">${rhq.server.database.user-name}</module-option> + <module-option name = "password">${rhq.server.database.password}</module-option> + <module-option name = "managedConnectionFactoryName">jboss.jca:service=XATxCM,name=RHQDS</module-option> + </login-module> + </authentication> + </application-policy> + <application-policy name = "NONXADSRealm"> + <authentication> + <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" + flag = "required"> + <module-option name = "username">${rhq.server.database.user-name}</module-option> + <module-option name = "password">${rhq.server.database.password}</module-option> + <module-option name = "managedConnectionFactoryName">jboss.jca:service=NoTxCM,name=NoTxRHQDS</module-option> + </login-module> + </authentication> + </application-policy> + <!-- Security domain for JBossMQ --> <application-policy name = "jbossmq"> <authentication> diff --git a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.h2.rej b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.h2.rej index e6f18ac..612e0c1 100644 --- a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.h2.rej +++ b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.h2.rej @@ -7,16 +7,14 @@ <xa-datasource> <jndi-name>RHQDS</jndi-name> <xa-datasource-class>${rhq.server.database.xa-datasource-class}</xa-datasource-class> - <xa-datasource-property name="User">${rhq.server.database.user-name}</xa-datasource-property> - <xa-datasource-property name="Password">${rhq.server.database.password}</xa-datasource-property> <xa-datasource-property name="URL">${rhq.server.database.connection-url}</xa-datasource-property>
<no-tx-separate-pools/> <track-connection-by-tx/> <isSameRM-override-value>false</isSameRM-override-value> + + <security-domain>XADSRealm</security-domain>
- <user-name>${rhq.server.database.user-name}</user-name> - <password>${rhq.server.database.password}</password> <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> <min-pool-size>5</min-pool-size> <max-pool-size>50</max-pool-size> @@ -31,8 +29,7 @@ <jndi-name>NoTxRHQDS</jndi-name> <connection-url>${rhq.server.database.connection-url}</connection-url> <driver-class>${rhq.server.database.driver-class}</driver-class> - <user-name>${rhq.server.database.user-name}</user-name> - <password>${rhq.server.database.password}</password> + <security-domain>NONXADSRealm</security-domain> <connection-property name="char.encoding">UTF-8</connection-property> <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> <min-pool-size>2</min-pool-size> diff --git a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.oracle.rej b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.oracle.rej index 2197386..5559b83 100644 --- a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.oracle.rej +++ b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.oracle.rej @@ -7,8 +7,6 @@ <xa-datasource> <jndi-name>RHQDS</jndi-name> <xa-datasource-class>${rhq.server.database.xa-datasource-class}</xa-datasource-class> - <xa-datasource-property name="User">${rhq.server.database.user-name}</xa-datasource-property> - <xa-datasource-property name="Password">${rhq.server.database.password}</xa-datasource-property> <xa-datasource-property name="URL">${rhq.server.database.connection-url}</xa-datasource-property>
<xa-datasource-property name="ConnectionProperties">SetBigStringTryClob=true</xa-datasource-property> @@ -18,10 +16,10 @@ <!-- Checks the Oracle error codes and messages for fatal errors --> <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name> <!-- Oracles XA datasource cannot reuse a connection outside a transaction once enlisted in a global transaction and vice-versa --> - <track-connection-by-tx/> - <user-name>${rhq.server.database.user-name}</user-name> - <password>${rhq.server.database.password}</password> + + <security-domain>XADSRealm</security-domain> + <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> <min-pool-size>5</min-pool-size> <max-pool-size>50</max-pool-size> @@ -43,8 +41,9 @@ <jndi-name>NoTxRHQDS</jndi-name> <connection-url>${rhq.server.database.connection-url}</connection-url> <driver-class>${rhq.server.database.driver-class}</driver-class> - <user-name>${rhq.server.database.user-name}</user-name> - <password>${rhq.server.database.password}</password> + + <security-domain>NONXADSRealm</security-domain> + <connection-property name="char.encoding">UTF-8</connection-property> <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> <min-pool-size>2</min-pool-size> diff --git a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.postgres.rej b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.postgres.rej index 242bfce..2a71733 100644 --- a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.postgres.rej +++ b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.postgres.rej @@ -7,15 +7,13 @@ <xa-datasource> <jndi-name>RHQDS</jndi-name> <xa-datasource-class>${rhq.server.database.xa-datasource-class}</xa-datasource-class> - <xa-datasource-property name="User">${rhq.server.database.user-name}</xa-datasource-property> - <xa-datasource-property name="Password">${rhq.server.database.password}</xa-datasource-property> <xa-datasource-property name="ServerName">${rhq.server.database.server-name}</xa-datasource-property> <xa-datasource-property name="PortNumber">${rhq.server.database.port}</xa-datasource-property> <xa-datasource-property name="DatabaseName">${rhq.server.database.db-name}</xa-datasource-property> + + <security-domain>XADSRealm</security-domain>
<track-connection-by-tx/> - <user-name>${rhq.server.database.user-name}</user-name> - <password>${rhq.server.database.password}</password> <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> <min-pool-size>5</min-pool-size> <max-pool-size>50</max-pool-size> @@ -30,8 +28,7 @@ <jndi-name>NoTxRHQDS</jndi-name> <connection-url>${rhq.server.database.connection-url}</connection-url> <driver-class>${rhq.server.database.driver-class}</driver-class> - <user-name>${rhq.server.database.user-name}</user-name> - <password>${rhq.server.database.password}</password> + <security-domain>NONXADSRealm</security-domain> <connection-property name="char.encoding">UTF-8</connection-property> <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> <min-pool-size>2</min-pool-size> diff --git a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.sqlserver.rej b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.sqlserver.rej index 61ccc08..c79418f 100644 --- a/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.sqlserver.rej +++ b/modules/enterprise/server/container/src/main/resources/jbossas/server/default/deploy/rhq-ds.xml.sqlserver.rej @@ -7,8 +7,6 @@ <xa-datasource> <jndi-name>RHQDS</jndi-name> <xa-datasource-class>${rhq.server.database.xa-datasource-class}</xa-datasource-class> - <xa-datasource-property name="User">${rhq.server.database.user-name}</xa-datasource-property> - <xa-datasource-property name="Password">${rhq.server.database.password}</xa-datasource-property> <xa-datasource-property name="ServerName">${rhq.server.database.server-name}</xa-datasource-property> <xa-datasource-property name="PortNumber">${rhq.server.database.port}</xa-datasource-property> <xa-datasource-property name="DatabaseName">${rhq.server.database.db-name}</xa-datasource-property> @@ -24,9 +22,7 @@
<xa-datasource-property name="XaEmulation">true</xa-datasource-property> --> - - <user-name>${rhq.server.database.user-name}</user-name> - <password>${rhq.server.database.password}</password> + <security-domain>XADSRealm</security-domain> <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> <min-pool-size>5</min-pool-size> <max-pool-size>50</max-pool-size> @@ -43,8 +39,7 @@ <jndi-name>NoTxRHQDS</jndi-name> <connection-url>${rhq.server.database.connection-url}</connection-url> <driver-class>${rhq.server.database.driver-class}</driver-class> - <user-name>${rhq.server.database.user-name}</user-name> - <password>${rhq.server.database.password}</password> + <security-domain>NONXADSRealm</security-domain>
<track-connection-by-tx></track-connection-by-tx>
rhq-commits@lists.fedorahosted.org