Unable to check Database. java.lang.SecurityException: PBOX000016: Access denied: authentication failed
2 years ago
Originally Published: 2016-05-05
Article Number
000051022
Applies To
RSA Product Set: RSA Via Lifecycle and Governance, Identity Management and Governance
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.0
Issue
The error (Unable to check Database. java.lang.SecurityException: PBOX000016: Access denied: authentication failed) is displayed both on the screen when attempting to access the Web Administration page for RSA Via Lifecycle and Governance and in the /home/oracle/wildfly/standalone/log/server.log.

In the UI, the error shows as:
User-added image

Below is a snippet from the /home/oracle/wildfly/standalone/log/server.log: 
2016-05-05 10:04:41,660 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] 
(MSC service thread 1-2) Exception during createSubject()PBOX000016: Access denied: authentication failed: 
java.lang.SecurityException: PBOX000016: Access denied: authentication failed
	at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1184)
	at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1179)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_79]
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1178)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:637)
	at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:283)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:310)
	at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:124)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_79]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_79]
	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79]


 
Cause
This error is caused when one or more passwords are either corrupt or incorrect in the following configuration file:

/home/oracle/wildfly/standalone/configuration/aveksa-standalone-full.xml
Workaround
The steps below show how to check current passwords that are encrypted within the Aveksa_System.cfg against what is within the aveksa-standalone-full.xml:
  1. Login or change user to oracle.
cd deploy
./generateLoginKey <username>
  1. Check the return value against the password stored in aveksa-standalone-full.xml.Here is an example of the process:
        User-added image
  1. If an entry that was from the generateLoginKey does not match the output of the grep command, edit the aveksa-standalone-full.xml for the given username/password pair and update the value to match.  Here is a grep of the username/password value pairs from the aveksa-standalone-full.xml.
       User-added image

 
Notes
If the passwords match and the error still displays, the issue may be that the encrypted password is inaccurate within the Aveksa_System.cfg.

Steps for changing or updating the password are documented in the RSA Via Lifecycle and Governance Installation Guide V7.0.  Here is a snippet.
Use sqlplus to verify the username / password combination.  Edit the /home/oracle/Aveksa_System.cfg and replace the encrypted password with a clear-text password.
Running generateLoginKey will replace the clear-text password with its encrypted equivalent and echo the password that would be used in the aveksa-standalone-full.xml.

Related Articles

Trending Articles

Don't see what you're looking for?