[JBoss JIRA] (TEIID-4499) OData Kerberos cannot access VDB
by Jan Stastny (JIRA)
Jan Stastny created TEIID-4499:
----------------------------------
Summary: OData Kerberos cannot access VDB
Key: TEIID-4499
URL: https://issues.jboss.org/browse/TEIID-4499
Project: Teiid
Issue Type: Bug
Components: OData
Affects Versions: 8.12.6.6_3
Reporter: Jan Stastny
Assignee: Steven Hawkins
Priority: Critical
When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_thr... an error occurs when accessing a vdb, which is also secured by Kerberos.
The error is following:
{code:plain}
11:44:53,360 WARN [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55)
at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105)
at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
... 16 more
Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53)
at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60)
at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50)
... 20 more
Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
... 23 more
Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146)
at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102]
at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
... 24 more
Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180)
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260)
at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178)
at com.sun.proxy.$Proxy81.logon(Unknown Source)
at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142)
... 30 more
{code}
Authentication of the user succeeded:
{code:plain}
principal is dv(a)EXAMPLE.COM
Will use keytab
Commit Succeeded
{code}
Authentication of the server succeeded:
{code:plain}
11:44:52,873 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost(a)EXAMPLE.COM
11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost(a)EXAMPLE.COM
11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab
11:44:53,236 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded
{code}
Initial request:
{code:plain}
12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080
12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080
12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080
12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED
12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
{code}
Negotiate request from server:
{code:plain}
12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>"
12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized
12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1
12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache
12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache
12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00
12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate
12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8
12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996
12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT
{code}
Response to auth server:
{code:plain}
Found ticket for dv(a)EXAMPLE.COM to go to krbtgt/EXAMPLE.COM(a)EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server
12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp
12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"
{code}
Last server logs before error:
{code:plain}
11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext
11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext.
11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true
11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true
11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv(a)EXAMPLE.COM
11:44:53,284 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout
11:44:53,285 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject
11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv(a)EXAMPLE.COM' and empty password
11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)]
{code}
VDB used:
{code:xml}
<vdb name="kerberos_teiid" version="1">
<property name="security-domain" value="EXAMPLE.COM"/>
<property name="authentication-type" value="GSS"/>
.
.
.
</vdb>
{code}
Request URL:
{code:plain}
http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla
{code}
Server configuration:
{code:xml}
<security-domain name="host">
<authentication>
<login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
<module-option name="storeKey" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/>
<module-option name="principal" value="HTTP/localhost(a)EXAMPLE.COM"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="useTicketCache" value="true"/>
<module-option name="debug" value="true"/>
<module-option name="refreshKrb5Config" value="false"/>
<module-option name="isInitiator" value="true"/>
<module-option name="addGSSCredential" value="true"/>
<module-option name="delegationCredential" value="USE"/>
<module-option name="ticketCache" value="/tmp/krb5cc_1000"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="EXAMPLE.COM">
<authentication>
<login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="serverSecurityDomain" value="host"/>
</login-module>
</authentication>
<mapping>
<mapping-module code="SimpleRoles" type="role">
<module-option name="dv(a)EXAMPLE.COM" value="user,odata"/>
</mapping-module>
</mapping>
</security-domain>
{code}
Kerberos client configuration:
{code:plain}
ClientDV {
com.sun.security.auth.module.Krb5LoginModule required
storeKey="true"
useKeyTab="true"
keyTab="${dv.test.krb.dir}/dv.keytab"
principal="dv(a)EXAMPLE.COM"
doNotPrompt="true"
refreshKrb5Config="false"
useTicketCache="true"
ticketCache="/tmp/krb5cc_1000"
debug="true";
};
{code}
KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf:
{code:xml}
<system-properties>
<property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/>
<property name="java.security.krb5.debug" value="true"/>
</system-properties>
{code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months
[JBoss JIRA] (TEIID-4455) Impala Translator - Change planning step for from_unixtime() pushdown
by Kylin Soong (JIRA)
[ https://issues.jboss.org/browse/TEIID-4455?page=com.atlassian.jira.plugin... ]
Kylin Soong reassigned TEIID-4455:
----------------------------------
Assignee: Kylin Soong
> Impala Translator - Change planning step for from_unixtime() pushdown
> ---------------------------------------------------------------------
>
> Key: TEIID-4455
> URL: https://issues.jboss.org/browse/TEIID-4455
> Project: Teiid
> Issue Type: Feature Request
> Components: JDBC Connector
> Reporter: Don Krapohl
> Assignee: Kylin Soong
> Priority: Minor
> Labels: Impala_Translator
> Fix For: 9.2
>
>
> Impala and Teiid both have from_unixtime() functions and per the forum reference the mapping to timestampadd() appears to come before the test for pushdown support of the impala native function.
> As a query request we require the impala from_unixtime() function be executed instead of the Teiid-native version.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months
[JBoss JIRA] (TEIID-4489) Adjust defaults and use of 1 to 10 data sources to recommend the SMALL size
by Kylin Soong (JIRA)
[ https://issues.jboss.org/browse/TEIID-4489?page=com.atlassian.jira.plugin... ]
Kylin Soong commented on TEIID-4489:
------------------------------------
[~van.halbert], If I understand correctly, the following 2 can be used as rules
* if sources are 5-10, federated query rows are in millions, then recommend small( 16 cores, with at least 32 GB RAM. 2 DV instance)
* if sources are 10-20, federated query rows are in multi-millions then recommend large(32 cores with 64 GB RAM, 4 DV instances)
* else base on formula, calculate the results
Note that, current RAM size and core size base on formula, if default recommend ( 16 cores, with at least 32 GB RAM. 2 DV instance), it may not accordant with formula.
> Adjust defaults and use of 1 to 10 data sources to recommend the SMALL size
> ---------------------------------------------------------------------------
>
> Key: TEIID-4489
> URL: https://issues.jboss.org/browse/TEIID-4489
> Project: Teiid
> Issue Type: Enhancement
> Components: Sizing Application
> Affects Versions: 9.x
> Reporter: Van Halbert
> Assignee: Kylin Soong
>
> Based on recommendations:
> small : 16 cores, with at least 32 GB RAM. 2 DV instances. (small means may be 5 ~10 sources, rows into millions, YMMV)
> medium : 32 cores with 64 GB RAM, 4 DV instances. (medium means may be 10 ~ 20 sources, rows into multi-millions, YMMV)
> Large: custom
> The defaults in the sizing applications, along with selecting 1 to 10 data sources, should result in the SMALL recommendation. It should be clear to indicate the number of instances and the size recommendation per instance.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months
[JBoss JIRA] (TEIID-4469) Insert with query expression does not apply source hint to target
by Lucie Fabrikova (JIRA)
[ https://issues.jboss.org/browse/TEIID-4469?page=com.atlassian.jira.plugin... ]
Lucie Fabrikova commented on TEIID-4469:
----------------------------------------
I simulated the query with two oracle databases on different machines, but the source hint doesn't seem to be applied ProjectIntoNode, contents of teiid-command.log and server.log:
21:03:54,633 DEBUG [org.teiid.COMMAND_LOG] (New I/O worker #4) wMQbVS84H1pO START USER COMMAND: startTime=2016-10-08 21:03:54.633 requestID=wMQbVS84H1pO.0 txID=null sessionID=wMQbVS84H1pO applicationName=JDBC principal=teiidUser@teiid-security vdbName=oracledba vdbVersion=1 sql=INSERT /*+ sh Source2:'append' */ INTO test (ID, myvalue) SELECT X.id AS ID, X.myvalue AS myvalue FROM (SELECT SMALLA.INTKEY AS id, SMALLA.INTNUM AS myvalue FROM SMALLA WHERE SMALLA.INTKEY = 1) AS X
21:03:58,070 DEBUG [org.teiid.COMMAND_LOG] (Worker1_QueryProcessorQueue1) wMQbVS84H1pO START DATA SRC COMMAND: startTime=2016-10-08 21:03:58.069 requestID=wMQbVS84H1pO.0 sourceCommandID=1 executionID=0 txID=null modelName=Source translatorName=oracle sessionID=wMQbVS84H1pO principal=teiidUser@teiid-security sql=SELECT /*+sh Source2:'append' */ g_0.intkey, g_0.intnum FROM Source.smalla AS g_0 WHERE g_0.intkey = 1
21:03:58,567 DEBUG [org.teiid.COMMAND_LOG] (Worker0_QueryProcessorQueue2) wMQbVS84H1pO END SRC COMMAND: endTime=2016-10-08 21:03:58.567 requestID=wMQbVS84H1pO.0 sourceCommandID=1 executionID=0 txID=null modelName=Source translatorName=oracle sessionID=wMQbVS84H1pO principal=teiidUser@teiid-security finalRowCount=1
21:04:01,127 DEBUG [org.teiid.COMMAND_LOG] (Worker1_QueryProcessorQueue3) wMQbVS84H1pO START DATA SRC COMMAND: startTime=2016-10-08 21:04:01.127 requestID=wMQbVS84H1pO.0 sourceCommandID=0 executionID=1 txID=null modelName=Source2 translatorName=oracle sessionID=wMQbVS84H1pO principal=teiidUser@teiid-security sql=INSERT INTO Source2.test (ID, myvalue) VALUES (...)
21:04:01,635 DEBUG [org.teiid.COMMAND_LOG] (Worker0_QueryProcessorQueue4) wMQbVS84H1pO END SRC COMMAND: endTime=2016-10-08 21:04:01.635 requestID=wMQbVS84H1pO.0 sourceCommandID=0 executionID=1 txID=null modelName=Source2 translatorName=oracle sessionID=wMQbVS84H1pO principal=teiidUser@teiid-security finalRowCount=1
21:04:01,697 DEBUG [org.teiid.COMMAND_LOG] (Worker0_QueryProcessorQueue5) wMQbVS84H1pO END USER COMMAND: endTime=2016-10-08 21:04:01.697 requestID=wMQbVS84H1pO.0 txID=null sessionID=wMQbVS84H1pO principal=teiidUser@teiid-security vdbName=oracledba vdbVersion=1 finalRowCount=1
Logging set to DEBUG, server.log:
DEBUG [org.teiid.CONNECTOR] (Worker1_QueryProcessorQueue3) wMQbVS84H1pO.0.0.1 Processing NEW request: INSERT INTO Source2.test (ID, myvalue) VALUES (...)
21:03:58,572 DEBUG [org.teiid.PROCESSOR] (Worker0_QueryProcessorQueue2) Request Thread wMQbVS84H1pO.0 - processor blocked
21:04:01,126 DEBUG [org.teiid.CONNECTOR] (Worker1_QueryProcessorQueue3) wMQbVS84H1pO.0.0.1 Obtained execution
21:04:01,127 DEBUG [org.teiid.CONNECTOR] (Worker1_QueryProcessorQueue3) Source-specific command: INSERT INTO test (ID, myvalue) VALUES (?, ?)
21:04:01,633 DEBUG [org.teiid.CONNECTOR] (Worker1_QueryProcessorQueue3) wMQbVS84H1pO.0.0.1 Executed command
> Insert with query expression does not apply source hint to target
> -----------------------------------------------------------------
>
> Key: TEIID-4469
> URL: https://issues.jboss.org/browse/TEIID-4469
> Project: Teiid
> Issue Type: Bug
> Components: Query Engine
> Affects Versions: 8.7.1.6_2
> Reporter: Marc Shirley
> Assignee: Steven Hawkins
> Fix For: 9.1, 9.0.5, 8.7.10_6.2
>
>
> "INSERT INTO ... SELECT ..." statements result in a ProjectIntoNode which seems to prevent any source hints from being passed down to the relevant source. These work correctly with an "INSERT INTO ... VALUES ..." statement. I've included example user and final query plan data below for the non-working [1] and working [2] insert statements.
> [1] source hint not applied to ProjectIntoNode:
> USER COMMAND:
> INSERT /*+sh test:'append' */ INTO test.TEST (ID, "VALUE") SELECT X.id AS ID, X."value" AS "VALUE" FROM (SELECT bqt.SMALLA.INTKEY AS id, bqt.SMALLA.INTNUM AS "value" FROM bqt.SMALLA WHERE bqt.SMALLA.INTKEY = 0) AS X
> ...
> OPTIMIZATION COMPLETE:
> PROCESSOR PLAN:
> ProjectIntoNode(0) output=[Count] test.TEST
> AccessNode(1) output=[bqt.SMALLA.INTKEY AS ID, bqt.SMALLA.INTNUM AS "VALUE"] SELECT /*+sh test:'append' */ g_0.INTKEY, g_0.INTNUM FROM bqt.SMALLA AS g_0 WHERE g_0.INTKEY = 0
> [2] source hint applied to AccessNode:
> USER COMMAND:
> INSERT /*+sh test:'append' */ INTO test.TEST (ID, "VALUE") VALUES ('-1', '-1')
> ...
> OPTIMIZATION COMPLETE:
> PROCESSOR PLAN:
> AccessNode(0) output=[Count] INSERT /*+sh test:'append' */ INTO test.TEST (ID, "VALUE") VALUES ('-1', '-1')
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months
[JBoss JIRA] (TEIID-4492) When using annotations, add option that specifies all child classes to register as part of the JDG schema
by Steven Hawkins (JIRA)
[ https://issues.jboss.org/browse/TEIID-4492?page=com.atlassian.jira.plugin... ]
Steven Hawkins resolved TEIID-4492.
-----------------------------------
Fix Version/s: 9.2
Resolution: Done
Merged the pull requests.
> When using annotations, add option that specifies all child classes to register as part of the JDG schema
> ---------------------------------------------------------------------------------------------------------
>
> Key: TEIID-4492
> URL: https://issues.jboss.org/browse/TEIID-4492
> Project: Teiid
> Issue Type: Enhancement
> Components: Misc. Connectors
> Affects Versions: 9.2
> Reporter: Van Halbert
> Assignee: Van Halbert
> Fix For: 9.2
>
>
> When using protobuf annotations, need to specify all the child related (e.g, 1-to-1 relationship or 1-to-many relationship) pojo's that also need to be registered with the JDG schema. When these are registered, JDG will auto generate the .proto file and marshallers used by the schema. Which is the information used by the hot rod translator to create the source models.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months
[JBoss JIRA] (TEIID-3454) Dependent Join optimizations for Netezza and Hive
by Steven Hawkins (JIRA)
[ https://issues.jboss.org/browse/TEIID-3454?page=com.atlassian.jira.plugin... ]
Steven Hawkins updated TEIID-3454:
----------------------------------
Fix Version/s: 9.2
(was: 9.1)
Priority: Major (was: Minor)
Upping the priority for 9.2. We need to at least get the temp table creation validated, even if there isn't a dialect available.
> Dependent Join optimizations for Netezza and Hive
> -------------------------------------------------
>
> Key: TEIID-3454
> URL: https://issues.jboss.org/browse/TEIID-3454
> Project: Teiid
> Issue Type: Feature Request
> Components: Query Engine
> Affects Versions: 8.10
> Reporter: John Muller
> Assignee: Steven Hawkins
> Fix For: 9.2
>
>
> Currently, dependent joins create 1 or more IN clauses. Many MPP / NoSQL systems can have drastically better performance by creating temp tables that match key distributions. Two examples I know of would be Netezza and Hive.
> In Netezza, if the incoming dependent join (small dimension; here "Customer" using Northwind data model concepts) has a key that will be joined to to a big fact table that is DISTRIBUTED ON or ORGANIZED BY 'ed then creating a temp table that matches this distribution will result in ~100x query performance. Sometimes, if the dimension is small enough, this doesn't make a big difference as Netezza will perform a broadcast join, but it's never a bad idea to create the temp table.
> Similarly, Hive DDL has both partitions and buckets (pre-sorted).
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months
[JBoss JIRA] (TEIID-4403) Refine array_agg support
by Steven Hawkins (JIRA)
[ https://issues.jboss.org/browse/TEIID-4403?page=com.atlassian.jira.plugin... ]
Steven Hawkins resolved TEIID-4403.
-----------------------------------
Resolution: Done
Expanded/corrected sizeutility logic and will allow arrays of up to an 8MB estimated memory footprint.
Next steps from here include allowing for a serialized form, which may require extensive changes to ArrayImpl, and the ability for odata or other paths to set a session variable or other mechanism to temporary up the limit.
> Refine array_agg support
> ------------------------
>
> Key: TEIID-4403
> URL: https://issues.jboss.org/browse/TEIID-4403
> Project: Teiid
> Issue Type: Sub-task
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Fix For: 9.1
>
>
> There is currently a hard-coded limit of 1000 items in an array - because it is held fully in memory. This may need to be adjusted depending upon how many children are needed for expand.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 2 months