[JBoss JIRA] (TEIID-4539) Reduce memory footprint of DatabaseStore
by Steven Hawkins (JIRA)
Steven Hawkins created TEIID-4539:
-------------------------------------
Summary: Reduce memory footprint of DatabaseStore
Key: TEIID-4539
URL: https://issues.jboss.org/browse/TEIID-4539
Project: Teiid
Issue Type: Sub-task
Components: Query Engine
Reporter: Steven Hawkins
Assignee: Steven Hawkins
The DatabaseStore holds an in-memory copy of Databases and there is the functional VDBRepository copy as well. String canonicalization in the metadata objects should help with reducing the memory footprint, but it may be good to go further and use clones of the functional metadata on demand.
--
This message was sent by Atlassian JIRA
(v7.2.2#72004)
8 years, 2 months
[JBoss JIRA] (TEIID-4538) Enforce authorizations
by Steven Hawkins (JIRA)
Steven Hawkins created TEIID-4538:
-------------------------------------
Summary: Enforce authorizations
Key: TEIID-4538
URL: https://issues.jboss.org/browse/TEIID-4538
Project: Teiid
Issue Type: Sub-task
Components: Query Engine
Reporter: Steven Hawkins
Assignee: Steven Hawkins
For the new ddl statement types, they are executed without checking authorizations. We have talked about several strategies including allowing vdb edit only if authorizing with an admin security domain.
--
This message was sent by Atlassian JIRA
(v7.2.2#72004)
8 years, 2 months
[JBoss JIRA] (TEIID-4455) Impala Translator - Change planning step for from_unixtime() pushdown
by Steven Hawkins (JIRA)
[ https://issues.jboss.org/browse/TEIID-4455?page=com.atlassian.jira.plugin... ]
Steven Hawkins resolved TEIID-4455.
-----------------------------------
Resolution: Done
Merged Kylin's pull request. Thanks Kylin.
> Impala Translator - Change planning step for from_unixtime() pushdown
> ---------------------------------------------------------------------
>
> Key: TEIID-4455
> URL: https://issues.jboss.org/browse/TEIID-4455
> Project: Teiid
> Issue Type: Feature Request
> Components: JDBC Connector
> Reporter: Don Krapohl
> Assignee: Kylin Soong
> Priority: Minor
> Labels: Impala_Translator
> Fix For: 9.2
>
>
> Impala and Teiid both have from_unixtime() functions and per the forum reference the mapping to timestampadd() appears to come before the test for pushdown support of the impala native function.
> As a query request we require the impala from_unixtime() function be executed instead of the Teiid-native version.
--
This message was sent by Atlassian JIRA
(v7.2.2#72004)
8 years, 2 months
[JBoss JIRA] (TEIID-4499) OData Kerberos cannot access VDB
by Steven Hawkins (JIRA)
[ https://issues.jboss.org/browse/TEIID-4499?page=com.atlassian.jira.plugin... ]
Steven Hawkins commented on TEIID-4499:
---------------------------------------
It's expected, but it may not be spelled out in the documentation. For any of the web layer authentications to propagate PassthroughAuthentication must be true (which is the default). Using the false value implies you either want no authentication or that you are putting static credentials in the init-params as well.
> OData Kerberos cannot access VDB
> --------------------------------
>
> Key: TEIID-4499
> URL: https://issues.jboss.org/browse/TEIID-4499
> Project: Teiid
> Issue Type: Bug
> Components: OData
> Affects Versions: 8.12.6.6_3
> Reporter: Jan Stastny
> Assignee: Ramesh Reddy
> Priority: Critical
> Fix For: 9.2, 9.0.5, 9.1.1
>
>
> When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_thr... an error occurs when accessing a vdb, which is also secured by Kerberos.
> The error is following:
> {code:plain}
> 11:44:53,360 WARN [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1]
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
> Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55)
> at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105)
> at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 16 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53)
> at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50)
> ... 20 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 23 more
> Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146)
> at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102]
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 24 more
> Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
> at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
> at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260)
> at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178)
> at com.sun.proxy.$Proxy81.logon(Unknown Source)
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142)
> ... 30 more
> {code}
> Authentication of the user succeeded:
> {code:plain}
> principal is dv(a)EXAMPLE.COM
> Will use keytab
> Commit Succeeded
> {code}
> Authentication of the server succeeded:
> {code:plain}
> 11:44:52,873 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost(a)EXAMPLE.COM
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost(a)EXAMPLE.COM
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab
> 11:44:53,236 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded
> {code}
> Initial request:
> {code:plain}
> 12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080
> 12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080
> 12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080
> 12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED
> 12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Negotiate request from server:
> {code:plain}
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>"
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT
> {code}
> Response to auth server:
> {code:plain}
> Found ticket for dv(a)EXAMPLE.COM to go to krbtgt/EXAMPLE.COM(a)EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Service ticket not found in the subject
> 12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server
> 12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Last server logs before error:
> {code:plain}
> 11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext
> 11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext.
> 11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv(a)EXAMPLE.COM
> 11:44:53,284 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout
> 11:44:53,285 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject
> 11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv(a)EXAMPLE.COM' and empty password
> 11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)]
> {code}
> VDB used:
> {code:xml}
> <vdb name="kerberos_teiid" version="1">
> <property name="security-domain" value="EXAMPLE.COM"/>
> <property name="authentication-type" value="GSS"/>
> .
> .
> .
> </vdb>
> {code}
> Request URL:
> {code:plain}
> http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla
> {code}
> Server configuration:
> {code:xml}
> <security-domain name="host">
> <authentication>
> <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
> <module-option name="storeKey" value="true"/>
> <module-option name="useKeyTab" value="true"/>
> <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/>
> <module-option name="principal" value="HTTP/localhost(a)EXAMPLE.COM"/>
> <module-option name="doNotPrompt" value="true"/>
> <module-option name="useTicketCache" value="true"/>
> <module-option name="debug" value="true"/>
> <module-option name="refreshKrb5Config" value="false"/>
> <module-option name="isInitiator" value="true"/>
> <module-option name="addGSSCredential" value="true"/>
> <module-option name="delegationCredential" value="USE"/>
> <module-option name="ticketCache" value="/tmp/krb5cc_1000"/>
> </login-module>
> </authentication>
> </security-domain>
> <security-domain name="EXAMPLE.COM">
> <authentication>
> <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation">
> <module-option name="password-stacking" value="useFirstPass"/>
> <module-option name="serverSecurityDomain" value="host"/>
> </login-module>
> </authentication>
> <mapping>
> <mapping-module code="SimpleRoles" type="role">
> <module-option name="dv(a)EXAMPLE.COM" value="user,odata"/>
> </mapping-module>
> </mapping>
> </security-domain>
> {code}
> Kerberos client configuration:
> {code:plain}
> ClientDV {
> com.sun.security.auth.module.Krb5LoginModule required
> storeKey="true"
> useKeyTab="true"
> keyTab="${dv.test.krb.dir}/dv.keytab"
> principal="dv(a)EXAMPLE.COM"
> doNotPrompt="true"
> refreshKrb5Config="false"
> useTicketCache="true"
> ticketCache="/tmp/krb5cc_1000"
> debug="true";
> };
> {code}
> KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf:
> {code:xml}
> <system-properties>
> <property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/>
> <property name="java.security.krb5.debug" value="true"/>
> </system-properties>
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.2#72004)
8 years, 2 months
[JBoss JIRA] (TEIID-4515) Phoenix/Hbase should support offset
by Kylin Soong (JIRA)
[ https://issues.jboss.org/browse/TEIID-4515?page=com.atlassian.jira.plugin... ]
Kylin Soong edited comment on TEIID-4515 at 10/25/16 4:14 AM:
--------------------------------------------------------------
The offset support start from version 4.8.0 as linked apache jira.
In addition, http://phoenix.apache.org/joins.html hints join is now supported by Phoenix, also http://phoenix.apache.org/language/functions.html are functions that Phoenix supported, we may do some more enhancement including:
* adjust hbase translator for support offset, join, etc.
* add supported function and pushdown functions.
was (Author: kylin):
http://phoenix.apache.org/joins.html hints join is now supported by Phoenix, also http://phoenix.apache.org/language/functions.html are functions that Phoenix supported, we may do some more enhancement including:
* adjust hbase translator for support offset, join, etc.
* add supported function and pushdown functions.
> Phoenix/Hbase should support offset
> -----------------------------------
>
> Key: TEIID-4515
> URL: https://issues.jboss.org/browse/TEIID-4515
> Project: Teiid
> Issue Type: Enhancement
> Components: JDBC Connector
> Reporter: Steven Hawkins
> Assignee: Kylin Soong
> Fix For: 9.2
>
>
> http://phoenix.apache.org/language/index.html indicates that offset is supported, but wasn't added in the initial implementation of the translator. Need to see if that is version dependent behavior.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months
[JBoss JIRA] (TEIID-4499) OData Kerberos cannot access VDB
by Jan Stastny (JIRA)
[ https://issues.jboss.org/browse/TEIID-4499?page=com.atlassian.jira.plugin... ]
Jan Stastny commented on TEIID-4499:
------------------------------------
I had following in my web.xml all the time:
{code:xml}
<init-param>
<param-name>PassthroughAuthentication</param-name>
<param-value>false</param-value>
</init-param>
{code}
But when I switch it to true
{code:xml}
<init-param>
<param-name>PassthroughAuthentication</param-name>
<param-value>true</param-value>
</init-param>
{code}
then this described scenario (odata krb secured, vdb krb secured) starts working.
Is it expected?
> OData Kerberos cannot access VDB
> --------------------------------
>
> Key: TEIID-4499
> URL: https://issues.jboss.org/browse/TEIID-4499
> Project: Teiid
> Issue Type: Bug
> Components: OData
> Affects Versions: 8.12.6.6_3
> Reporter: Jan Stastny
> Assignee: Ramesh Reddy
> Priority: Critical
> Fix For: 9.2, 9.0.5, 9.1.1
>
>
> When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_thr... an error occurs when accessing a vdb, which is also secured by Kerberos.
> The error is following:
> {code:plain}
> 11:44:53,360 WARN [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1]
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
> Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55)
> at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105)
> at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 16 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53)
> at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50)
> ... 20 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 23 more
> Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146)
> at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102]
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 24 more
> Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
> at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
> at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260)
> at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178)
> at com.sun.proxy.$Proxy81.logon(Unknown Source)
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142)
> ... 30 more
> {code}
> Authentication of the user succeeded:
> {code:plain}
> principal is dv(a)EXAMPLE.COM
> Will use keytab
> Commit Succeeded
> {code}
> Authentication of the server succeeded:
> {code:plain}
> 11:44:52,873 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost(a)EXAMPLE.COM
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost(a)EXAMPLE.COM
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab
> 11:44:53,236 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded
> {code}
> Initial request:
> {code:plain}
> 12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080
> 12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080
> 12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080
> 12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED
> 12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Negotiate request from server:
> {code:plain}
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>"
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT
> {code}
> Response to auth server:
> {code:plain}
> Found ticket for dv(a)EXAMPLE.COM to go to krbtgt/EXAMPLE.COM(a)EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Service ticket not found in the subject
> 12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server
> 12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Last server logs before error:
> {code:plain}
> 11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext
> 11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext.
> 11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv(a)EXAMPLE.COM
> 11:44:53,284 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout
> 11:44:53,285 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject
> 11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv(a)EXAMPLE.COM' and empty password
> 11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)]
> {code}
> VDB used:
> {code:xml}
> <vdb name="kerberos_teiid" version="1">
> <property name="security-domain" value="EXAMPLE.COM"/>
> <property name="authentication-type" value="GSS"/>
> .
> .
> .
> </vdb>
> {code}
> Request URL:
> {code:plain}
> http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla
> {code}
> Server configuration:
> {code:xml}
> <security-domain name="host">
> <authentication>
> <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
> <module-option name="storeKey" value="true"/>
> <module-option name="useKeyTab" value="true"/>
> <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/>
> <module-option name="principal" value="HTTP/localhost(a)EXAMPLE.COM"/>
> <module-option name="doNotPrompt" value="true"/>
> <module-option name="useTicketCache" value="true"/>
> <module-option name="debug" value="true"/>
> <module-option name="refreshKrb5Config" value="false"/>
> <module-option name="isInitiator" value="true"/>
> <module-option name="addGSSCredential" value="true"/>
> <module-option name="delegationCredential" value="USE"/>
> <module-option name="ticketCache" value="/tmp/krb5cc_1000"/>
> </login-module>
> </authentication>
> </security-domain>
> <security-domain name="EXAMPLE.COM">
> <authentication>
> <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation">
> <module-option name="password-stacking" value="useFirstPass"/>
> <module-option name="serverSecurityDomain" value="host"/>
> </login-module>
> </authentication>
> <mapping>
> <mapping-module code="SimpleRoles" type="role">
> <module-option name="dv(a)EXAMPLE.COM" value="user,odata"/>
> </mapping-module>
> </mapping>
> </security-domain>
> {code}
> Kerberos client configuration:
> {code:plain}
> ClientDV {
> com.sun.security.auth.module.Krb5LoginModule required
> storeKey="true"
> useKeyTab="true"
> keyTab="${dv.test.krb.dir}/dv.keytab"
> principal="dv(a)EXAMPLE.COM"
> doNotPrompt="true"
> refreshKrb5Config="false"
> useTicketCache="true"
> ticketCache="/tmp/krb5cc_1000"
> debug="true";
> };
> {code}
> KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf:
> {code:xml}
> <system-properties>
> <property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/>
> <property name="java.security.krb5.debug" value="true"/>
> </system-properties>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months
[JBoss JIRA] (TEIID-4499) OData Kerberos cannot access VDB
by Steven Hawkins (JIRA)
[ https://issues.jboss.org/browse/TEIID-4499?page=com.atlassian.jira.plugin... ]
Steven Hawkins commented on TEIID-4499:
---------------------------------------
Actually that first diagnosis is not correct. With that change we would issue a gss challenge, but that is only supported by socket connections. So the real issue here is that passthough must not be enabled. Jan, is the odata servlet configured to turn off passthrough authentication?
> OData Kerberos cannot access VDB
> --------------------------------
>
> Key: TEIID-4499
> URL: https://issues.jboss.org/browse/TEIID-4499
> Project: Teiid
> Issue Type: Bug
> Components: OData
> Affects Versions: 8.12.6.6_3
> Reporter: Jan Stastny
> Assignee: Ramesh Reddy
> Priority: Critical
> Fix For: 9.2, 9.0.5, 9.1.1
>
>
> When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_thr... an error occurs when accessing a vdb, which is also secured by Kerberos.
> The error is following:
> {code:plain}
> 11:44:53,360 WARN [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1]
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
> Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55)
> at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105)
> at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 16 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53)
> at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50)
> ... 20 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 23 more
> Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146)
> at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102]
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 24 more
> Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
> at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
> at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260)
> at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178)
> at com.sun.proxy.$Proxy81.logon(Unknown Source)
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142)
> ... 30 more
> {code}
> Authentication of the user succeeded:
> {code:plain}
> principal is dv(a)EXAMPLE.COM
> Will use keytab
> Commit Succeeded
> {code}
> Authentication of the server succeeded:
> {code:plain}
> 11:44:52,873 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost(a)EXAMPLE.COM
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost(a)EXAMPLE.COM
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab
> 11:44:53,236 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded
> {code}
> Initial request:
> {code:plain}
> 12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080
> 12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080
> 12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080
> 12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED
> 12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Negotiate request from server:
> {code:plain}
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>"
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT
> {code}
> Response to auth server:
> {code:plain}
> Found ticket for dv(a)EXAMPLE.COM to go to krbtgt/EXAMPLE.COM(a)EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Service ticket not found in the subject
> 12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server
> 12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Last server logs before error:
> {code:plain}
> 11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext
> 11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext.
> 11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv(a)EXAMPLE.COM
> 11:44:53,284 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout
> 11:44:53,285 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject
> 11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv(a)EXAMPLE.COM' and empty password
> 11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)]
> {code}
> VDB used:
> {code:xml}
> <vdb name="kerberos_teiid" version="1">
> <property name="security-domain" value="EXAMPLE.COM"/>
> <property name="authentication-type" value="GSS"/>
> .
> .
> .
> </vdb>
> {code}
> Request URL:
> {code:plain}
> http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla
> {code}
> Server configuration:
> {code:xml}
> <security-domain name="host">
> <authentication>
> <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
> <module-option name="storeKey" value="true"/>
> <module-option name="useKeyTab" value="true"/>
> <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/>
> <module-option name="principal" value="HTTP/localhost(a)EXAMPLE.COM"/>
> <module-option name="doNotPrompt" value="true"/>
> <module-option name="useTicketCache" value="true"/>
> <module-option name="debug" value="true"/>
> <module-option name="refreshKrb5Config" value="false"/>
> <module-option name="isInitiator" value="true"/>
> <module-option name="addGSSCredential" value="true"/>
> <module-option name="delegationCredential" value="USE"/>
> <module-option name="ticketCache" value="/tmp/krb5cc_1000"/>
> </login-module>
> </authentication>
> </security-domain>
> <security-domain name="EXAMPLE.COM">
> <authentication>
> <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation">
> <module-option name="password-stacking" value="useFirstPass"/>
> <module-option name="serverSecurityDomain" value="host"/>
> </login-module>
> </authentication>
> <mapping>
> <mapping-module code="SimpleRoles" type="role">
> <module-option name="dv(a)EXAMPLE.COM" value="user,odata"/>
> </mapping-module>
> </mapping>
> </security-domain>
> {code}
> Kerberos client configuration:
> {code:plain}
> ClientDV {
> com.sun.security.auth.module.Krb5LoginModule required
> storeKey="true"
> useKeyTab="true"
> keyTab="${dv.test.krb.dir}/dv.keytab"
> principal="dv(a)EXAMPLE.COM"
> doNotPrompt="true"
> refreshKrb5Config="false"
> useTicketCache="true"
> ticketCache="/tmp/krb5cc_1000"
> debug="true";
> };
> {code}
> KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf:
> {code:xml}
> <system-properties>
> <property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/>
> <property name="java.security.krb5.debug" value="true"/>
> </system-properties>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months
[JBoss JIRA] (TEIID-4499) OData Kerberos cannot access VDB
by Steven Hawkins (JIRA)
[ https://issues.jboss.org/browse/TEIID-4499?page=com.atlassian.jira.plugin... ]
Steven Hawkins updated TEIID-4499:
----------------------------------
Fix Version/s: 9.2
9.0.5
9.1.1
The issue here is that the client version on local connections is not being set, so it defaults to an older version and doesn't enter the appropriate logic for gss handling. Other usage of the version check affects serialization, so this wasn't seen as an issue until here. I'll commit a fix to the upstream versions.
> OData Kerberos cannot access VDB
> --------------------------------
>
> Key: TEIID-4499
> URL: https://issues.jboss.org/browse/TEIID-4499
> Project: Teiid
> Issue Type: Bug
> Components: OData
> Affects Versions: 8.12.6.6_3
> Reporter: Jan Stastny
> Assignee: Ramesh Reddy
> Priority: Critical
> Fix For: 9.2, 9.0.5, 9.1.1
>
>
> When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_thr... an error occurs when accessing a vdb, which is also secured by Kerberos.
> The error is following:
> {code:plain}
> 11:44:53,360 WARN [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1]
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
> Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
> at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55)
> at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105)
> at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 16 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53)
> at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60)
> at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50)
> ... 20 more
> Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 23 more
> Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146)
> at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102]
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102]
> at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
> ... 24 more
> Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
> at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
> at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
> at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260)
> at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178)
> at com.sun.proxy.$Proxy81.logon(Unknown Source)
> at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142)
> ... 30 more
> {code}
> Authentication of the user succeeded:
> {code:plain}
> principal is dv(a)EXAMPLE.COM
> Will use keytab
> Commit Succeeded
> {code}
> Authentication of the server succeeded:
> {code:plain}
> 11:44:52,873 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost(a)EXAMPLE.COM
> 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost(a)EXAMPLE.COM
> 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab
> 11:44:53,236 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded
> {code}
> Initial request:
> {code:plain}
> 12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080
> 12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080
> 12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080
> 12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED
> 12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Negotiate request from server:
> {code:plain}
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]"
> 12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>"
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1
> 12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996
> 12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT
> {code}
> Response to auth server:
> {code:plain}
> Found ticket for dv(a)EXAMPLE.COM to go to krbtgt/EXAMPLE.COM(a)EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Service ticket not found in the subject
> 12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server
> 12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
> 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
> 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]"
> 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
> {code}
> Last server logs before error:
> {code:plain}
> 11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext
> 11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext.
> 11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true
> 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv(a)EXAMPLE.COM
> 11:44:53,284 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout
> 11:44:53,285 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject
> 11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv(a)EXAMPLE.COM' and empty password
> 11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)]
> {code}
> VDB used:
> {code:xml}
> <vdb name="kerberos_teiid" version="1">
> <property name="security-domain" value="EXAMPLE.COM"/>
> <property name="authentication-type" value="GSS"/>
> .
> .
> .
> </vdb>
> {code}
> Request URL:
> {code:plain}
> http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla
> {code}
> Server configuration:
> {code:xml}
> <security-domain name="host">
> <authentication>
> <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
> <module-option name="storeKey" value="true"/>
> <module-option name="useKeyTab" value="true"/>
> <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/>
> <module-option name="principal" value="HTTP/localhost(a)EXAMPLE.COM"/>
> <module-option name="doNotPrompt" value="true"/>
> <module-option name="useTicketCache" value="true"/>
> <module-option name="debug" value="true"/>
> <module-option name="refreshKrb5Config" value="false"/>
> <module-option name="isInitiator" value="true"/>
> <module-option name="addGSSCredential" value="true"/>
> <module-option name="delegationCredential" value="USE"/>
> <module-option name="ticketCache" value="/tmp/krb5cc_1000"/>
> </login-module>
> </authentication>
> </security-domain>
> <security-domain name="EXAMPLE.COM">
> <authentication>
> <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation">
> <module-option name="password-stacking" value="useFirstPass"/>
> <module-option name="serverSecurityDomain" value="host"/>
> </login-module>
> </authentication>
> <mapping>
> <mapping-module code="SimpleRoles" type="role">
> <module-option name="dv(a)EXAMPLE.COM" value="user,odata"/>
> </mapping-module>
> </mapping>
> </security-domain>
> {code}
> Kerberos client configuration:
> {code:plain}
> ClientDV {
> com.sun.security.auth.module.Krb5LoginModule required
> storeKey="true"
> useKeyTab="true"
> keyTab="${dv.test.krb.dir}/dv.keytab"
> principal="dv(a)EXAMPLE.COM"
> doNotPrompt="true"
> refreshKrb5Config="false"
> useTicketCache="true"
> ticketCache="/tmp/krb5cc_1000"
> debug="true";
> };
> {code}
> KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf:
> {code:xml}
> <system-properties>
> <property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/>
> <property name="java.security.krb5.debug" value="true"/>
> </system-properties>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months