[teiid-issues] [JBoss JIRA] (TEIID-4499) OData Kerberos cannot access VDB
Jan Stastny (JIRA)
issues at jboss.org
Wed Nov 2 07:38:01 EDT 2016
[ https://issues.jboss.org/browse/TEIID-4499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13315984#comment-13315984 ]
Jan Stastny commented on TEIID-4499:
------------------------------------
[~shawkins]
I tried the datasource definition you proposed. And I got:
{code:plain}
12:22:34,247 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (Worker0_QueryProcessorQueue0) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: Could not create connection
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:351)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.access$200(LocalManagedConnectionFactory.java:60)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:274)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:265)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_102]
at javax.security.auth.Subject.doAs(Subject.java:422) [rt.jar:1.8.0_102]
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:264)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:858)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:413)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:457)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:429)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:344)
at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:367)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:499)
at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:143)
at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:69)
at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:270) [translator-jdbc-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:68) [translator-jdbc-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.translator.ExecutionFactory.getConnection(ExecutionFactory.java:202) [teiid-api-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.dqp.internal.datamgr.ConnectorWorkItem.execute(ConnectorWorkItem.java:330)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
at org.teiid.dqp.internal.datamgr.ConnectorManager$1.invoke(ConnectorManager.java:211)
at com.sun.proxy.$Proxy83.execute(Unknown Source)
at org.teiid.dqp.internal.process.DataTierTupleSource.getResults(DataTierTupleSource.java:306)
at org.teiid.dqp.internal.process.DataTierTupleSource$1.call(DataTierTupleSource.java:112)
at org.teiid.dqp.internal.process.DataTierTupleSource$1.call(DataTierTupleSource.java:108)
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
at org.teiid.dqp.internal.process.FutureWork.run(FutureWork.java:65)
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
at org.teiid.dqp.internal.process.ThreadReuseExecutor$RunnableWrapper.run(ThreadReuseExecutor.java:119)
at org.teiid.dqp.internal.process.ThreadReuseExecutor$3.run(ThreadReuseExecutor.java:210)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_102]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_102]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
Caused by: java.sql.SQLException: ORA-01017: invalid username/password; logon denied
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:447)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:675)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:448)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:513)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:227)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:383)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:776)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:432)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:554)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:254)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:528)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:323)
... 36 more
{code}
Together with server+krb logs:
{code:plain}
12:22:24,643 INFO [org.jboss.as.server] (management-handler-thread - 4) JBAS015859: Deployed "teiid-odata-kerberos-1.0.war" (runtime-name : "teiid-odata-kerberos-1.0.war")
12:22:25,562 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Header - null
12:22:25,563 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) No Authorization Header, initiating negotiation
12:22:26,009 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Header - Negotiate YIIEpwYGKwYBBQUCoIIEmzCCBJegDTALBgkqhkiG9xIBAgKhBAMCAfaiggR+BIIEemCCBHYGCSqGSIb3EgECAgEAboIEZTCCBGGgAwIBBaEDAgEOogcDBQAgAAAAo4IBDWGCAQkwggEFoAMCAQWhGxsZTVcuTEFCLkVORy5CT1MuUkVESEFULkNPTaIcMBqgAwIBAKETMBEbBEhUVFAbCWxvY2FsaG9zdKOBwjCBv6ADAgERoQMCAQSigbIEga+0k/CWfpwA5fTxQlK59AzVtvkp6benQIfUdLCkr+fgz5Xmgk+mWPRb75BKRGgT5MOkUV+cp94LqIvyHyjScq4TXf5AaHDi7htzdMXYrAFxjfnA67VuYAuU4jEjf0NJz3aI69sluCp0Ik5k1ay/zozSZJYDmgzmJjwdeu4MhN73sazE8HBj4M4cp6PGjTRc977XDzny7uzBbkp1+vn/B5l75gadij0A7x/e2+ZfsY6fpIIDOTCCAzWgAwIBEaKCAywEggMogwmrTTAC9/ZtZkFKY4oP791oVhWLEdFgOUkOBZzL0mj8/DklmVlwFE6jv4Tylq8iwTyk1sqh/LA0rksck6BRdspfYLPoz++REAfQhnKqGHMAX4uOVoBUx/hsZaYV911jU8n9p/1qlhkncPc+QKxwVvlohFL/Q522RP7sfRfXVqUCal0YyQEFzdcnkhUxn3Su4xjtSmo3Vd/dHgnfKIQUDms5kaPTNU9ORhJuS6ULpWqVl1Mu7YLscWvHtp+idPhOTBjNWPmH3nzvid5S0EAuoyzcKNPlmnIJyMy76KX9XsA2+pJDbJN/n9K432VWo4Qu1JTKJzLQZ04EOmO1PgRXM9q3dTw+QT4lzK6bTCCBX4HYx5N/kDEv15i78aQOmiB5QwG0OTk1ntH2jPJoJjCFZqbQi2NB+mEz3EKHc4b3US9fiO2h26gTA75FbKv3o/Z5fxWIrahZiWJSj6bo2Eu0U2eNc2l6TSw0jXZLhpDv3fBmcWioRJwGD5tIQpb2BDzYJDxtoTXiV4crWCk8LdMbTbt+cgwEPF/9swxjn12Lk+wtcK8E3RjY1vE6RKhoeoZqJSvOxljtWAkVjnNIaoWImGMAWLbFnvlzZ137/u89EauWwU3EGwQwpcjKgfW60YMWTNOTya8e3Cm9BUzc+Q6KUArU7DwqBaGRinUsRsZmMGLQ+8R4KJ7A57WhzILU7W0YE8TFocRCg8760vsBVLSXKBNKBRxpJlBxyGQL58eEWYfwqfJPIJ5UljNZHuGZl5TyM5hUQVCU9gZYC5bhHIJ0/0Y5zsEup+ZWA+S7W/r9+Y60tImv7Ehm6B6KyaCJJeqSOa3r9p2HnLDHGkX00pjG9vvZdVPYY4ry7u+e5KzD7nGICjRNU2LkmsNfIUXtmE0ZVUpwwwSksyNqRZbZa9vfrIycZExaBElQfKzHrAihYaZggRFe2tpgQOYCUwneWbNzfSwxiZbMUK7lXhQSifjk1kBZ9S9bbJ+wv6WQ1mj3iBSN5ZyeRqidhXvzHhXkhqaYI0z9Crc3+x8FrF28KStUyQbEmvCjPONIeCgIsAaGdHWXQkE6J7qSdg==
12:22:26,019 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Creating new NegotiationContext
12:22:26,024 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) removeRealmFromPrincipal=false
12:22:26,024 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) serverSecurityDomain=host
12:22:26,025 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) usernamePasswordDomain=null
12:22:26,025 INFO [stdout] (http-127.0.0.1:8080-1) Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is /tmp/krb5cc_1000 isInitiator true KeyTab is /home/jstastny/tmp-workspaces/workspace/HTTP_localhost refreshKrb5Config is false principal is HTTP/localhost at EXAMPLE.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
12:22:26,025 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
12:22:26,026 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost at EXAMPLE.COM
12:22:26,026 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
12:22:26,413 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost at EXAMPLE.COM
12:22:26,414 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab
12:22:26,414 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded
12:22:26,414 INFO [stdout] (http-127.0.0.1:8080-1)
12:22:26,417 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Subject = Subject:
Principal: HTTP/localhost at EXAMPLE.COM
Private Credential: Ticket (hex) =
...
Client Principal = HTTP/localhost at EXAMPLE.COM
Server Principal = krbtgt/EXAMPLE.COM at EXAMPLE.COM
Session Key = EncryptionKey: keyType=17 keyBytes (hex dump)=
0000: 24 3B FA CC DF 70 77 5E 1B 3E F5 A5 9F F6 53 85 $;...pw^.>....S.
Forwardable Ticket true
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Wed Nov 02 12:22:26 GMT+01:00 2016
Start Time = Wed Nov 02 12:22:26 GMT+01:00 2016
End Time = Wed Nov 02 20:22:26 GMT+01:00 2016
Renew Till = null
Client Addresses Null
Private Credential: /home/jstastny/tmp-workspaces/workspace/HTTP_localhost for HTTP/localhost at EXAMPLE.COM
Private Credential: [GSSCredential:
HTTP/localhost at EXAMPLE.COM 1.2.840.113554.1.2.2 Initiate [class sun.security.jgss.krb5.Krb5InitCredential]]
12:22:26,418 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext
12:22:26,419 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext.
12:22:26,456 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true
12:22:26,456 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true
12:22:26,457 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv at EXAMPLE.COM
12:22:26,457 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout
12:22:26,457 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject
12:22:26,457 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv at EXAMPLE.COM' and empty password
12:22:26,464 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[m-YBpy5MZWGoDo0xX4dX-D49_1478085746020(odata,user,)]
12:22:26,494 DEBUG [org.teiid.SECURITY] (http-127.0.0.1:8080-1) authenticateUser anonymous JDBC
12:22:26,495 DEBUG [org.teiid.SECURITY] (http-127.0.0.1:8080-1) Logon successful, created session: sessionid=ym49O+v9Tdbx; userName=dv\@EXAMPLE.COM at EXAMPLE.COM; vdbName=oracle_kerberos; vdbVersion=1; createdTime=Wed Nov 02 12:22:26 GMT+01:00 2016; applicationName=JDBC; clientHostName=null; clientHardwareAddress=null; IPAddress=null; securityDomain=EXAMPLE.COM; lastPingTime=Wed Nov 02 12:22:26 GMT+01:00 2016
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) Successfully obtained a session.
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) Connection Url=
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) ApplicationName=JDBC
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) PassthroughAuthentication=true
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) local-transport-name=odata
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) waitForLoad=0
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) batch-size=256
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) VirtualDatabaseName=oracle_kerberos.1
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) transportName=odata
12:22:26,504 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) skiptoken-cache-time=300000
12:22:26,505 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) The JDBC Driver successfully obtained a connection.
12:22:26,642 DEBUG [org.teiid.ODATA] (http-127.0.0.1:8080-1) Teiid-Query: /*+ cache(ttl:300000 scope:USER) */ SELECT g0."user" FROM BQT1.dual AS g0 ORDER BY g0."user" LIMIT 1 /* ym49O+v9Tdbx */
12:22:26,655 DEBUG [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) Request Thread ym49O+v9Tdbx.0 with state NEW
12:22:26,656 DEBUG [org.teiid.TXN_LOG] (http-127.0.0.1:8080-1) before getOrCreateTransactionContext:org.teiid.dqp.internal.process.TransactionServerImpl at 44740096(ym49O+v9Tdbx)
12:22:26,656 DEBUG [org.teiid.TXN_LOG] (http-127.0.0.1:8080-1) after getOrCreateTransactionContext : ym49O+v9Tdbx NONE ID:NONE
12:22:26,660 DEBUG [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) ym49O+v9Tdbx.0 executing prepared /*+ cache(ttl:300000 scope:USER) */ SELECT g0."user" FROM BQT1.dual AS g0 ORDER BY g0."user" LIMIT 1 /* ym49O+v9Tdbx */
12:22:26,748 INFO [stdout] (http-127.0.0.1:8080-1) Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is /tmp/krb5cc_1000 isInitiator true KeyTab is /home/jstastny/tmp-workspaces/workspace/HTTP_localhost refreshKrb5Config is false principal is HTTP/localhost at EXAMPLE.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
12:22:30,069 INFO [org.teiid.CONNECTOR] (http-127.0.0.1:8080-1) OracleExecutionFactory Commit=true;DatabaseProductName=Oracle;DatabaseProductVersion=Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options;DriverMajorVersion=11;DriverMajorVersion=2;DriverName=Oracle JDBC driver;DriverVersion=11.2.0.4.0;IsolationLevel=2
12:22:30,070 DEBUG [org.teiid.CONNECTOR] (http-127.0.0.1:8080-1) Initializing the capabilities for oracle
12:22:30,070 DEBUG [org.teiid.CONNECTOR] (http-127.0.0.1:8080-1) Setting the database version to Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
12:22:30,083 DEBUG [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) ProcessTree for ym49O+v9Tdbx.0 AccessNode(0) output=[g0."user"] SELECT g_0."user" AS c_0 FROM BQT1.dual AS g_0 ORDER BY c_0 LIMIT 1
12:22:30,096 DEBUG [org.teiid.TXN_LOG] (http-127.0.0.1:8080-1) before getOrCreateTransactionContext:org.teiid.dqp.internal.process.TransactionServerImpl at 44740096(ym49O+v9Tdbx)
12:22:30,097 DEBUG [org.teiid.TXN_LOG] (http-127.0.0.1:8080-1) after getOrCreateTransactionContext : ym49O+v9Tdbx NONE ID:NONE
12:22:30,106 DEBUG [org.teiid.BUFFER_MGR] (http-127.0.0.1:8080-1) Creating TupleBuffer: 0 [g0."user"] [class java.lang.String] batch size 1024 of type PROCESSOR
12:22:30,111 DEBUG [org.teiid.CONNECTOR] (http-127.0.0.1:8080-1) ym49O+v9Tdbx.0.0.0 Create State
12:22:30,127 DEBUG [org.teiid.BUFFER_MGR] (http-127.0.0.1:8080-1) ym49O+v9Tdbx.0.0.0 Blocking on source query ym49O+v9Tdbx.0.0.0
12:22:30,128 DEBUG [org.teiid.BUFFER_MGR] (http-127.0.0.1:8080-1) ym49O+v9Tdbx.0 Blocking on source request(s).
12:22:30,128 DEBUG [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) Request Thread ym49O+v9Tdbx.0 - processor blocked
12:22:30,128 DEBUG [org.teiid.PROCESSOR] (Worker0_QueryProcessorQueue0) Running task for parent thread http-127.0.0.1:8080-1
12:22:30,129 DEBUG [org.teiid.CONNECTOR] (Worker0_QueryProcessorQueue0) ym49O+v9Tdbx.0.0.0 Processing NEW request: SELECT g_0."user" AS c_0 FROM BQT1.dual AS g_0 ORDER BY c_0 LIMIT 1
12:22:30,129 INFO [stdout] (Worker0_QueryProcessorQueue0) Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is /tmp/krb5cc_1000 isInitiator true KeyTab is /home/jstastny/tmp-workspaces/workspace/HTTP_localhost refreshKrb5Config is false principal is HTTP/localhost at EXAMPLE.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
12:22:30,130 INFO [stdout] (Worker0_QueryProcessorQueue0) Acquire TGT from Cache
12:22:30,130 INFO [stdout] (Worker0_QueryProcessorQueue0) Principal is HTTP/localhost at EXAMPLE.COM
12:22:30,130 INFO [stdout] (Worker0_QueryProcessorQueue0) null credentials from Ticket Cache
12:22:30,487 INFO [stdout] (Worker0_QueryProcessorQueue0) principal is HTTP/localhost at EXAMPLE.COM
12:22:30,487 INFO [stdout] (Worker0_QueryProcessorQueue0) Will use keytab
12:22:30,487 INFO [stdout] (Worker0_QueryProcessorQueue0) Commit Succeeded
12:22:30,487 INFO [stdout] (Worker0_QueryProcessorQueue0)
12:22:34,247 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (Worker0_QueryProcessorQueue0) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: Could not create connection
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:351)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.access$200(LocalManagedConnectionFactory.java:60)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:274)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:265)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_102]
at javax.security.auth.Subject.doAs(Subject.java:422) [rt.jar:1.8.0_102]
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:264)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:858)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:413)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:457)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:429)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:344)
at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:367)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:499)
at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:143)
at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:69)
at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:270) [translator-jdbc-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:68) [translator-jdbc-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.translator.ExecutionFactory.getConnection(ExecutionFactory.java:202) [teiid-api-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.dqp.internal.datamgr.ConnectorWorkItem.execute(ConnectorWorkItem.java:330)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
at org.teiid.dqp.internal.datamgr.ConnectorManager$1.invoke(ConnectorManager.java:211)
at com.sun.proxy.$Proxy83.execute(Unknown Source)
at org.teiid.dqp.internal.process.DataTierTupleSource.getResults(DataTierTupleSource.java:306)
at org.teiid.dqp.internal.process.DataTierTupleSource$1.call(DataTierTupleSource.java:112)
at org.teiid.dqp.internal.process.DataTierTupleSource$1.call(DataTierTupleSource.java:108)
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
at org.teiid.dqp.internal.process.FutureWork.run(FutureWork.java:65)
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
at org.teiid.dqp.internal.process.ThreadReuseExecutor$RunnableWrapper.run(ThreadReuseExecutor.java:119)
at org.teiid.dqp.internal.process.ThreadReuseExecutor$3.run(ThreadReuseExecutor.java:210)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_102]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_102]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
Caused by: java.sql.SQLException: ORA-01017: invalid username/password; logon denied
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:447)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:675)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:448)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:513)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:227)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:383)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:776)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:432)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:554)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:254)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:528)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:323)
... 36 more
{code}
I can provide whole configuration if you need it.
> OData Kerberos cannot access VDB
> --------------------------------
>
> Key: TEIID-4499
> URL: https://issues.jboss.org/browse/TEIID-4499
> Project: Teiid
> Issue Type: Bug
> Components: OData
> Affects Versions: 8.12.6.6_3
> Reporter: Jan Stastny
> Assignee: Steven Hawkins
> Fix For: 9.2, 9.0.5, 9.1.1
>
>
> When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_through_GSSAPI.html an error occurs when accessing a vdb, which is also secured by Kerberos.
> The error is following:
> {code:plain}
> 11:44:53,360 WARN [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1]
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
> Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55)
> at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105)
> at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 16 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53)
> at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50)
> ... 20 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 23 more
> Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146)
> at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102]
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 24 more
> Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
> at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
> at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260)
> at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178)
> at com.sun.proxy.$Proxy81.logon(Unknown Source)
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142)
> ... 30 more
> {code}
> Authentication of the user succeeded:
> {code:plain}
> principal is dv at EXAMPLE.COM
> Will use keytab
> Commit Succeeded
> {code}
> Authentication of the server succeeded:
> {code:plain}
> 11:44:52,873 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost at EXAMPLE.COM
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost at EXAMPLE.COM
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab
> 11:44:53,236 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded
> {code}
> Initial request:
> {code:plain}
> 12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080
> 12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080
> 12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080
> 12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED
> 12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Negotiate request from server:
> {code:plain}
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>"
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT
> {code}
> Response to auth server:
> {code:plain}
> Found ticket for dv at EXAMPLE.COM to go to krbtgt/EXAMPLE.COM at EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Service ticket not found in the subject
> 12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server
> 12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Last server logs before error:
> {code:plain}
> 11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext
> 11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext.
> 11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv at EXAMPLE.COM
> 11:44:53,284 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout
> 11:44:53,285 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject
> 11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv at EXAMPLE.COM' and empty password
> 11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)]
> {code}
> VDB used:
> {code:xml}
> <vdb name="kerberos_teiid" version="1">
> <property name="security-domain" value="EXAMPLE.COM"/>
> <property name="authentication-type" value="GSS"/>
> .
> .
> .
> </vdb>
> {code}
> Request URL:
> {code:plain}
> http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla
> {code}
> Server configuration:
> {code:xml}
> <security-domain name="host">
> <authentication>
> <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
> <module-option name="storeKey" value="true"/>
> <module-option name="useKeyTab" value="true"/>
> <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/>
> <module-option name="principal" value="HTTP/localhost at EXAMPLE.COM"/>
> <module-option name="doNotPrompt" value="true"/>
> <module-option name="useTicketCache" value="true"/>
> <module-option name="debug" value="true"/>
> <module-option name="refreshKrb5Config" value="false"/>
> <module-option name="isInitiator" value="true"/>
> <module-option name="addGSSCredential" value="true"/>
> <module-option name="delegationCredential" value="USE"/>
> <module-option name="ticketCache" value="/tmp/krb5cc_1000"/>
> </login-module>
> </authentication>
> </security-domain>
> <security-domain name="EXAMPLE.COM">
> <authentication>
> <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation">
> <module-option name="password-stacking" value="useFirstPass"/>
> <module-option name="serverSecurityDomain" value="host"/>
> </login-module>
> </authentication>
> <mapping>
> <mapping-module code="SimpleRoles" type="role">
> <module-option name="dv at EXAMPLE.COM" value="user,odata"/>
> </mapping-module>
> </mapping>
> </security-domain>
> {code}
> Kerberos client configuration:
> {code:plain}
> ClientDV {
> com.sun.security.auth.module.Krb5LoginModule required
> storeKey="true"
> useKeyTab="true"
> keyTab="${dv.test.krb.dir}/dv.keytab"
> principal="dv at EXAMPLE.COM"
> doNotPrompt="true"
> refreshKrb5Config="false"
> useTicketCache="true"
> ticketCache="/tmp/krb5cc_1000"
> debug="true";
> };
> {code}
> KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf:
> {code:xml}
> <system-properties>
> <property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/>
> <property name="java.security.krb5.debug" value="true"/>
> </system-properties>
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the teiid-issues
mailing list