000029994 - IMG server fails to start - java.io.IOException: No properties file: users.properties or defaults

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029994
Applies ToRSA Product Set: Identity Management and Governance
RSA Product/Service Type: Appliance / Enterprise Software
RSA Version/Condition: 5.x,6.x
Platform: UNIX / LINUX
Platform (Other): null
O/S Version: ANY
Product Name: IMG
Product Description: Identity Management And Governance
IssueThe application server fails to start properly and the following errors are observed during initialization phase:
INFO  (main) [com.aveksa.server.runtime.AveksaSystem] ******************** Aveksa System Initialization Start ********************
INFO  (main) [com.aveksa.migration.jdbctool.AveksaSystemCfg] Loaded Aveksa_System.cfg from AVEKSA_HOME directory:/home/oracle
ERROR (main) [org.jboss.security.auth.spi.UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
    at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315)
    at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
    at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
    at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
...
ERROR (main) [com.aveksa.init.InitServlet] init java.lang.SecurityException: Invalid authentication attempt, principal=null
    at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:589)
CauseThe security-domain tag listed in the aveksa-ds.xml does not match the application-policy tags in the login-config.xml when using encrypted passwords for the database connections.
The following
<security-domain>EncryptAVDBPassword</security-domain>
was not configured as
<application-policy name="EncryptAVDBPassword">
with the appropriate user properties hence the exception in SecureIdentityLoginModule.
For Appliances,  they have default passwords set. But in remote database case, there are high chances of seeing this if exact steps are not followed in installation guide.
Chapter : Installation and Maintenance Tasks &
Section : Changing Database User Passwords
 
ResolutionModify the current login-config.xml (default location: ..//jboss-4.2.2.GA/server/default/conf/) to include all user profiles and passwords for this instance
listed under the aveksa-ds.xml(default location: ../jboss-4.2.2.GA/server/default/deploy/)
and restart the server.
Example -
Sample user profile from aveksa-dx.xml :
<local-tx-datasource>
        <jndi-name>acmdb</jndi-name>
        <connection-url>jdbc:oracle:thin:@//localhost:1555/avdb</connection-url>
        <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
        <!-- See login-config.xml for how username and password are set -->
        <max-pool-size>15</max-pool-size>
        <blocking-timeout-millis>10000</blocking-timeout-millis>
        <idle-timeout-minutes>15</idle-timeout-minutes>
        <!-- Determines whether database exceptions are fatal. Our custom exception sorter delegates to org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter, but then marks certain exceptions "fatal" which the default sorter determind to be "non-fatal". -->
        <exception-sorter-class-name>com.aveksa.jdbc.OracleExceptionSorter</exception-sorter-class-name>
        <security-domain>EncryptACMDBPassword</security-domain>
        <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml -->
        <metadata>
            <type-mapping>Oracle9i</type-mapping>
        </metadata>
    </local-tx-datasource>

Sample user profile from login-config.xml :
<application-policy name="EncryptACMDBPassword">
        <authentication>
            <login-module code="org.jboss.resource.security.SecureIdentityLoginModuleAlt" flag="required">
                <module-option name="username">acmdb</module-option>
                <module-option name="password">-91f121c430503dd</module-option>
                <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=avdwdb</module-option>
            </login-module>
        </authentication>
    </application-policy>

NOTE : For password (encrypted value in above example 91f121c430503dd) refer to installation guide
Chapter : Installation and Maintenance Tasks &
Section : Changing Database User Passwords
 

Outcomes