You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by Carsten Schinzer <c....@googlemail.com> on 2012/05/16 23:11:50 UTC

Multitenant, EncryptionKey

All,


I am migrating from a r10.4 codebase towards the trunk.

I do have a running and working Multi-Tenant setup in r10.4 base and was
always able to load data using the following command line:

java -jar ofbiz.jar -install -readers=seed -delegator=default#DCS

Now, when I run this on the trunk codebase, I do get the following error
message:
---- exception report
----------------------------------------------------------
Failure in findOne operation for entity [TenantKeyEncryptingKey]:
org.ofbiz.entity.GenericModelException: [GenericDelegator.findOne] Passed
primary key is not a valid primary key:
[GenericEntity:TenantKeyEncryptingKey][tenantId,DCS(java.lang.String)].
Rolling back transaction.

I checked the table tenant_key_encryption_key on the database and it is
empty.

Now I do have the following questions:
(1) Why is the data load now attempting to lookup the Tenant's
EncryptionKey? I do assume this is in order to allow for encrypted
passwords on the TenantDataSource data file. Can I switch that off? If so,
where?
(2) What is the typical encryption method used in OFBiz? Does anyone have
an example entry that defines a TenantKeyEntityKey entity?

I did check the Multitenancy page on the wiki, but that does not seem to
contain any change as compared to when I visited it last.

Any help will be much appreciated !
Kind regards


Carsten

Re: Multitenant, EncryptionKey

Posted by Scott Gray <sc...@hotwaxmedia.com>.

Hi Carsten,

That kek stuff is a very new addition done by Adam, I'm not sure how closely he follows the user list so you may want to raise this up on the dev list or in jira.  My understanding though was that kek was an optional feature so this most likely is a bug of some sort.

Regards
Scott

On 17/05/2012, at 7:58 PM, Carsten Schinzer wrote:

> The issue seems to be the following:
> 
> Table TenantKeyEncryptingKey has a combined primary key (TenantId,KeyName)
> while the GenericDelegator constructor attempts a findOne call as follows:
> 
> baseDelegator.findOne("TenantKeyEncryptingKey", true, "tenantId",
> getDelegatorTenantId())
> 
> Ie. in my understanding the primary key is incomplete and hence invalid.
> 
> Fix-attempt:
> (1) Convention required on the keyName: called it "jdbcpw" now, left
> keyText empty (as I do not use keys at this point)
> (2) adding the second primary key on the GenericDelegator constructor as
> follows
> 
> baseDelegator.findOne("TenantKeyEncryptingKey", true, "tenantId",
> getDelegatorTenantId(), "keyName", "jdbcpw");
> 
> ... and that works out.
> Hum. I presume this is then more for the dev list, is it ?
> 
> I shall open a ticket on JIRA in any case
> 
> 
> 2012/5/16 Carsten Schinzer <c....@googlemail.com>
> 
>> All,
>> 
>> 
>> I am migrating from a r10.4 codebase towards the trunk.
>> 
>> I do have a running and working Multi-Tenant setup in r10.4 base and was
>> always able to load data using the following command line:
>> 
>> java -jar ofbiz.jar -install -readers=seed -delegator=default#DCS
>> 
>> Now, when I run this on the trunk codebase, I do get the following error
>> message:
>> ---- exception report
>> ----------------------------------------------------------
>> Failure in findOne operation for entity [TenantKeyEncryptingKey]:
>> org.ofbiz.entity.GenericModelException: [GenericDelegator.findOne] Passed
>> primary key is not a valid primary key:
>> [GenericEntity:TenantKeyEncryptingKey][tenantId,DCS(java.lang.String)].
>> Rolling back transaction.
>> 
>> I checked the table tenant_key_encryption_key on the database and it is
>> empty.
>> 
>> Now I do have the following questions:
>> (1) Why is the data load now attempting to lookup the Tenant's
>> EncryptionKey? I do assume this is in order to allow for encrypted
>> passwords on the TenantDataSource data file. Can I switch that off? If so,
>> where?
>> (2) What is the typical encryption method used in OFBiz? Does anyone have
>> an example entry that defines a TenantKeyEntityKey entity?
>> 
>> I did check the Multitenancy page on the wiki, but that does not seem to
>> contain any change as compared to when I visited it last.
>> 
>> Any help will be much appreciated !
>> Kind regards
>> 
>> 
>> Carsten
>> 
> 
> 
> 
> -- 
> 
> Best
> 
> Carsten Schinzer
> 
> Plankstettenstr. 7
> 80638 München
> Germany

Re: Multitenant, EncryptionKey

Posted by Carsten Schinzer <c....@googlemail.com>.

The issue seems to be the following:

Table TenantKeyEncryptingKey has a combined primary key (TenantId,KeyName)
while the GenericDelegator constructor attempts a findOne call as follows:

baseDelegator.findOne("TenantKeyEncryptingKey", true, "tenantId",
getDelegatorTenantId())

Ie. in my understanding the primary key is incomplete and hence invalid.

Fix-attempt:
(1) Convention required on the keyName: called it "jdbcpw" now, left
keyText empty (as I do not use keys at this point)
(2) adding the second primary key on the GenericDelegator constructor as
follows

baseDelegator.findOne("TenantKeyEncryptingKey", true, "tenantId",
getDelegatorTenantId(), "keyName", "jdbcpw");

... and that works out.
Hum. I presume this is then more for the dev list, is it ?

I shall open a ticket on JIRA in any case


2012/5/16 Carsten Schinzer <c....@googlemail.com>

> All,
>
>
> I am migrating from a r10.4 codebase towards the trunk.
>
> I do have a running and working Multi-Tenant setup in r10.4 base and was
> always able to load data using the following command line:
>
> java -jar ofbiz.jar -install -readers=seed -delegator=default#DCS
>
> Now, when I run this on the trunk codebase, I do get the following error
> message:
> ---- exception report
> ----------------------------------------------------------
> Failure in findOne operation for entity [TenantKeyEncryptingKey]:
> org.ofbiz.entity.GenericModelException: [GenericDelegator.findOne] Passed
> primary key is not a valid primary key:
> [GenericEntity:TenantKeyEncryptingKey][tenantId,DCS(java.lang.String)].
> Rolling back transaction.
>
> I checked the table tenant_key_encryption_key on the database and it is
> empty.
>
> Now I do have the following questions:
> (1) Why is the data load now attempting to lookup the Tenant's
> EncryptionKey? I do assume this is in order to allow for encrypted
> passwords on the TenantDataSource data file. Can I switch that off? If so,
> where?
> (2) What is the typical encryption method used in OFBiz? Does anyone have
> an example entry that defines a TenantKeyEntityKey entity?
>
> I did check the Multitenancy page on the wiki, but that does not seem to
> contain any change as compared to when I visited it last.
>
> Any help will be much appreciated !
> Kind regards
>
>
> Carsten
>



-- 

Best

Carsten Schinzer

Plankstettenstr. 7
80638 München
Germany