November 2016 - teiid-issues - Jboss List Archives

[JBoss JIRA] (TEIID-4558) Query Plan Analyzer

by Van Halbert (JIRA)

Van Halbert created TEIID-4558: ---------------------------------- Summary: Query Plan Analyzer Key: TEIID-4558 URL: https://issues.jboss.org/browse/TEIID-4558 Project: Teiid Issue Type: Feature Request Components: Tools Affects Versions: 9.2 Reporter: Van Halbert Assignee: Steven Hawkins Provide a tool that would take a query plan and provide feed back. Example: - indicate where there maybe a problem in the structure of the query that may impact performance - indicate in the plan where there maybe issues (like table scan, no rows, etc.) - provide recommendations for improving performance etc.. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (TEIID-4499) OData Kerberos cannot access VDB

by Steven Hawkins (JIRA)

[ https://issues.jboss.org/browse/TEIID-4499?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIID-4499: --------------------------------------- > Was that the reason, passthrough was originally set to false? I do not remember now. No, that was just what Jan was originally testing with. > may be not for the Kerberos, but handles others like user/password, oauth2 token modules too. It also duplicates the code from KerberosLoginModule for delegation. Ok, I saw the Kerberos duplication and extrapolated too much. So I think there is an understanding of why this scenario doesn't work in EAP 6.3 when the datasource is secured with the KerberosLoginModule security domain, but do you expect it to work when the datasource is secured with the PassthroughIdentityLoginModule? That scenario resulted in "No matching credentials in Subject!" > OData Kerberos cannot access VDB > -------------------------------- > > Key: TEIID-4499 > URL: https://issues.jboss.org/browse/TEIID-4499 > Project: Teiid > Issue Type: Bug > Components: OData > Affects Versions: 8.12.6.6_3 > Reporter: Jan Stastny > Assignee: Steven Hawkins > Fix For: 9.2, 9.0.5, 9.1.1 > > > When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_thr... an error occurs when accessing a vdb, which is also secured by Kerberos. > The error is following: > {code:plain} > 11:44:53,360 WARN [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1] > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2] > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102] > Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135) > at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71) > at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55) > at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105) > at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > ... 16 more > Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53) > at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60) > at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50) > ... 20 more > Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > ... 23 more > Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146) > at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102] > at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102] > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102] > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102] > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > ... 24 more > Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102] > at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102] > at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102] > at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276) > at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260) > at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178) > at com.sun.proxy.$Proxy81.logon(Unknown Source) > at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142) > ... 30 more > {code} > Authentication of the user succeeded: > {code:plain} > principal is dv(a)EXAMPLE.COM > Will use keytab > Commit Succeeded > {code} > Authentication of the server succeeded: > {code:plain} > 11:44:52,873 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache > 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost(a)EXAMPLE.COM > 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache > 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost(a)EXAMPLE.COM > 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab > 11:44:53,236 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded > {code} > Initial request: > {code:plain} > 12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080 > 12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080 > 12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080 > 12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1 > 12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED > 12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1 > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080 > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51) > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate > 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]" > 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]" > {code} > Negotiate request from server: > {code:plain} > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>" > 12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized > 12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1 > 12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00 > 12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8 > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996 > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT > {code} > Response to auth server: > {code:plain} > Found ticket for dv(a)EXAMPLE.COM to go to krbtgt/EXAMPLE.COM(a)EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016 > Entered Krb5Context.initSecContext with state=STATE_NEW > Service ticket not found in the subject > 12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server > 12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1 > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080 > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51) > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp > 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]" > 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]" > {code} > Last server logs before error: > {code:plain} > 11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext > 11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext. > 11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true > 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true > 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv(a)EXAMPLE.COM > 11:44:53,284 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout > 11:44:53,285 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject > 11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv(a)EXAMPLE.COM' and empty password > 11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)] > {code} > VDB used: > {code:xml} > <vdb name="kerberos_teiid" version="1"> > <property name="security-domain" value="EXAMPLE.COM"/> > <property name="authentication-type" value="GSS"/> > . > . > . > </vdb> > {code} > Request URL: > {code:plain} > http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla > {code} > Server configuration: > {code:xml} > <security-domain name="host"> > <authentication> > <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation"> > <module-option name="storeKey" value="true"/> > <module-option name="useKeyTab" value="true"/> > <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/> > <module-option name="principal" value="HTTP/localhost(a)EXAMPLE.COM"/> > <module-option name="doNotPrompt" value="true"/> > <module-option name="useTicketCache" value="true"/> > <module-option name="debug" value="true"/> > <module-option name="refreshKrb5Config" value="false"/> > <module-option name="isInitiator" value="true"/> > <module-option name="addGSSCredential" value="true"/> > <module-option name="delegationCredential" value="USE"/> > <module-option name="ticketCache" value="/tmp/krb5cc_1000"/> > </login-module> > </authentication> > </security-domain> > <security-domain name="EXAMPLE.COM"> > <authentication> > <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation"> > <module-option name="password-stacking" value="useFirstPass"/> > <module-option name="serverSecurityDomain" value="host"/> > </login-module> > </authentication> > <mapping> > <mapping-module code="SimpleRoles" type="role"> > <module-option name="dv(a)EXAMPLE.COM" value="user,odata"/> > </mapping-module> > </mapping> > </security-domain> > {code} > Kerberos client configuration: > {code:plain} > ClientDV { > com.sun.security.auth.module.Krb5LoginModule required > storeKey="true" > useKeyTab="true" > keyTab="${dv.test.krb.dir}/dv.keytab" > principal="dv(a)EXAMPLE.COM" > doNotPrompt="true" > refreshKrb5Config="false" > useTicketCache="true" > ticketCache="/tmp/krb5cc_1000" > debug="true"; > }; > {code} > KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf: > {code:xml} > <system-properties> > <property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/> > <property name="java.security.krb5.debug" value="true"/> > </system-properties> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (TEIID-4557) Enable memory management at the query level

by Steven Hawkins (JIRA)

[ https://issues.jboss.org/browse/TEIID-4557?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIID-4557: --------------------------------------- Memory is too loosely defined here. Are we talking about heap, disk, or total. Also the notion of per view doesn't generally make sense as view layers are typically optimized out. If we are talking specifically about materialization, then this could apply to internal. You can currently give a preference on an internal materialized view pages being held in memory, but otherwise we don't currently have limits. I'd consider this a low priority given that global limits could be worked first. > Would it also be possible to set a global memory limit for the execution of any query in the server or in a particular VDB. I'm assuming this means disk consumption. There's no hard limit on disk consumption on a query/session basis. We currently track by operation (grouping/sort/etc.), which would an easy point to enforce in terms. Tracking on session or query will take more work. > This provides a simple and general setting to guarantee no query can monopolize server resources It should be noted that there's lots of code that enforces fair resource consumption in terms of heap memory that can be reserved, thread utilization (including time-slicing), etc. > Enable memory management at the query level > ------------------------------------------- > > Key: TEIID-4557 > URL: https://issues.jboss.org/browse/TEIID-4557 > Project: Teiid > Issue Type: Feature Request > Components: Server > Reporter: Van Halbert > Assignee: Steven Hawkins > Fix For: 9.2 > > > Allows managing (and limiting if needed) the memory consumed by the execution of a particular view. Maybe this can be done through a max. memory and swapping settings on the view. > Would it also be possible to set a global memory limit for the execution of any query in the server or in a particular VDB. This provides a simple and general setting to guarantee no query can monopolize server resources -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (TEIID-4555) Enable the limiting the number of concurrent connections that is sent to an internal cache.

by Steven Hawkins (JIRA)

[ https://issues.jboss.org/browse/TEIID-4555?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIID-4555: --------------------------------------- We just have to be clear what caches we are talking about. For result set / prepared plan, there's little to no benefit to justify limiting access. > Enable the limiting the number of concurrent connections that is sent to an internal cache. > ------------------------------------------------------------------------------------------- > > Key: TEIID-4555 > URL: https://issues.jboss.org/browse/TEIID-4555 > Project: Teiid > Issue Type: Feature Request > Components: Server > Affects Versions: 9.2 > Reporter: Van Halbert > Assignee: Steven Hawkins > > enable the limiting the number of concurrent connections that is sent to an internal cache. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (TEIID-4557) Enable memory management at the query level

by Van Halbert (JIRA)

[ https://issues.jboss.org/browse/TEIID-4557?page=com.atlassian.jira.plugin... ] Van Halbert updated TEIID-4557: ------------------------------- Summary: Enable memory management at the query level (was: Enable) > Enable memory management at the query level > ------------------------------------------- > > Key: TEIID-4557 > URL: https://issues.jboss.org/browse/TEIID-4557 > Project: Teiid > Issue Type: Feature Request > Components: Server > Reporter: Van Halbert > Assignee: Steven Hawkins > Fix For: 9.2 > > > Allows managing (and limiting if needed) the memory consumed by the execution of a particular view. Maybe this can be done through a max. memory and swapping settings on the view. > Would it also be possible to set a global memory limit for the execution of any query in the server or in a particular VDB. This provides a simple and general setting to guarantee no query can monopolize server resources -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (TEIID-4557) Enable

by Van Halbert (JIRA)

Van Halbert created TEIID-4557: ---------------------------------- Summary: Enable Key: TEIID-4557 URL: https://issues.jboss.org/browse/TEIID-4557 Project: Teiid Issue Type: Feature Request Reporter: Van Halbert Assignee: Steven Hawkins Allows managing (and limiting if needed) the memory consumed by the execution of a particular view. Maybe this can be done through a max. memory and swapping settings on the view. Would it also be possible to set a global memory limit for the execution of any query in the server or in a particular VDB. This provides a simple and general setting to guarantee no query can monopolize server resources -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (TEIID-4557) Enable

by Van Halbert (JIRA)

[ https://issues.jboss.org/browse/TEIID-4557?page=com.atlassian.jira.plugin... ] Van Halbert updated TEIID-4557: ------------------------------- Component/s: Server Fix Version/s: 9.2 > Enable > ------ > > Key: TEIID-4557 > URL: https://issues.jboss.org/browse/TEIID-4557 > Project: Teiid > Issue Type: Feature Request > Components: Server > Reporter: Van Halbert > Assignee: Steven Hawkins > Fix For: 9.2 > > > Allows managing (and limiting if needed) the memory consumed by the execution of a particular view. Maybe this can be done through a max. memory and swapping settings on the view. > Would it also be possible to set a global memory limit for the execution of any query in the server or in a particular VDB. This provides a simple and general setting to guarantee no query can monopolize server resources -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (TEIID-4555) Enable the limiting the number of concurrent connections that is sent to an internal cache.

by Van Halbert (JIRA)

[ https://issues.jboss.org/browse/TEIID-4555?page=com.atlassian.jira.plugin... ] Van Halbert commented on TEIID-4555: ------------------------------------ this is for internal caches, and is it rejected because there's no way to do it or that it just really doesn't make sense for the in-memory cache? > Enable the limiting the number of concurrent connections that is sent to an internal cache. > ------------------------------------------------------------------------------------------- > > Key: TEIID-4555 > URL: https://issues.jboss.org/browse/TEIID-4555 > Project: Teiid > Issue Type: Feature Request > Components: Server > Affects Versions: 9.2 > Reporter: Van Halbert > Assignee: Steven Hawkins > > enable the limiting the number of concurrent connections that is sent to an internal cache. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (TEIID-4499) OData Kerberos cannot access VDB

by Ramesh Reddy (JIRA)

[ https://issues.jboss.org/browse/TEIID-4499?page=com.atlassian.jira.plugin... ] Ramesh Reddy commented on TEIID-4499: ------------------------------------- >In a web scenario with the Teiid connection set to passthroughauthentication=true, our MakeGSS is not involved. Was that the reason, passthrough was originally set to false? I do not remember now. >But that didn't originate with the web layer correct? true, it used the JDBC layer >A side question is whether the PassthroughIdentityLoginModule is necessary. Given that the KeberosLoginModule already supports delegation (delegationCredential as USE or >REQUIRE) should it be deprecated and/or removed from the docs? may be not for the Kerberos, but handles others like user/password, oauth2 token modules too. It also duplicates the code from KerberosLoginModule for delegation. > OData Kerberos cannot access VDB > -------------------------------- > > Key: TEIID-4499 > URL: https://issues.jboss.org/browse/TEIID-4499 > Project: Teiid > Issue Type: Bug > Components: OData > Affects Versions: 8.12.6.6_3 > Reporter: Jan Stastny > Assignee: Steven Hawkins > Fix For: 9.2, 9.0.5, 9.1.1 > > > When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_thr... an error occurs when accessing a vdb, which is also secured by Kerberos. > The error is following: > {code:plain} > 11:44:53,360 WARN [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1] > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2] > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102] > Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135) > at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71) > at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55) > at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105) > at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > ... 16 more > Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53) > at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60) > at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50) > ... 20 more > Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > ... 23 more > Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146) > at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102] > at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102] > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102] > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102] > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > ... 24 more > Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102] > at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102] > at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102] > at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276) > at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260) > at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178) > at com.sun.proxy.$Proxy81.logon(Unknown Source) > at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142) > ... 30 more > {code} > Authentication of the user succeeded: > {code:plain} > principal is dv(a)EXAMPLE.COM > Will use keytab > Commit Succeeded > {code} > Authentication of the server succeeded: > {code:plain} > 11:44:52,873 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache > 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost(a)EXAMPLE.COM > 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache > 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost(a)EXAMPLE.COM > 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab > 11:44:53,236 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded > {code} > Initial request: > {code:plain} > 12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080 > 12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080 > 12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080 > 12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1 > 12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED > 12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1 > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080 > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51) > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate > 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]" > 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]" > {code} > Negotiate request from server: > {code:plain} > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>" > 12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized > 12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1 > 12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00 > 12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8 > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996 > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT > {code} > Response to auth server: > {code:plain} > Found ticket for dv(a)EXAMPLE.COM to go to krbtgt/EXAMPLE.COM(a)EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016 > Entered Krb5Context.initSecContext with state=STATE_NEW > Service ticket not found in the subject > 12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server > 12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1 > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080 > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51) > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp > 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]" > 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]" > {code} > Last server logs before error: > {code:plain} > 11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext > 11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext. > 11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true > 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true > 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv(a)EXAMPLE.COM > 11:44:53,284 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout > 11:44:53,285 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject > 11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv(a)EXAMPLE.COM' and empty password > 11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)] > {code} > VDB used: > {code:xml} > <vdb name="kerberos_teiid" version="1"> > <property name="security-domain" value="EXAMPLE.COM"/> > <property name="authentication-type" value="GSS"/> > . > . > . > </vdb> > {code} > Request URL: > {code:plain} > http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla > {code} > Server configuration: > {code:xml} > <security-domain name="host"> > <authentication> > <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation"> > <module-option name="storeKey" value="true"/> > <module-option name="useKeyTab" value="true"/> > <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/> > <module-option name="principal" value="HTTP/localhost(a)EXAMPLE.COM"/> > <module-option name="doNotPrompt" value="true"/> > <module-option name="useTicketCache" value="true"/> > <module-option name="debug" value="true"/> > <module-option name="refreshKrb5Config" value="false"/> > <module-option name="isInitiator" value="true"/> > <module-option name="addGSSCredential" value="true"/> > <module-option name="delegationCredential" value="USE"/> > <module-option name="ticketCache" value="/tmp/krb5cc_1000"/> > </login-module> > </authentication> > </security-domain> > <security-domain name="EXAMPLE.COM"> > <authentication> > <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation"> > <module-option name="password-stacking" value="useFirstPass"/> > <module-option name="serverSecurityDomain" value="host"/> > </login-module> > </authentication> > <mapping> > <mapping-module code="SimpleRoles" type="role"> > <module-option name="dv(a)EXAMPLE.COM" value="user,odata"/> > </mapping-module> > </mapping> > </security-domain> > {code} > Kerberos client configuration: > {code:plain} > ClientDV { > com.sun.security.auth.module.Krb5LoginModule required > storeKey="true" > useKeyTab="true" > keyTab="${dv.test.krb.dir}/dv.keytab" > principal="dv(a)EXAMPLE.COM" > doNotPrompt="true" > refreshKrb5Config="false" > useTicketCache="true" > ticketCache="/tmp/krb5cc_1000" > debug="true"; > }; > {code} > KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf: > {code:xml} > <system-properties> > <property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/> > <property name="java.security.krb5.debug" value="true"/> > </system-properties> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (TEIID-4499) OData Kerberos cannot access VDB

by Steven Hawkins (JIRA)

[ https://issues.jboss.org/browse/TEIID-4499?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIID-4499: --------------------------------------- > I believe I added the GSSCredential to Subject in the Teiid layers(MakeGss.java), to be used later in pass-through scenarios. In a web scenario with the Teiid connection set to passthroughauthentication=true, our MakeGSS is not involved. Also associating the credential with the subject on our own is not enough to rely on the KeberosLogonModule delegationCredential=USE setting as it only checks the DelegationCredentialContext ThreadLocal. The code was changed with https://issues.jboss.org/projects/SECURITY/issues/SECURITY-910 to use the Subject. > This delegation we have tested with other sources too, like Oracle, Hive etc. But that didn't originate with the web layer correct? A side question is whether the PassthroughIdentityLoginModule is necessary. Given that the KeberosLoginModule already supports delegation (delegationCredential as USE or REQUIRE) should it be deprecated and/or removed from the docs? > OData Kerberos cannot access VDB > -------------------------------- > > Key: TEIID-4499 > URL: https://issues.jboss.org/browse/TEIID-4499 > Project: Teiid > Issue Type: Bug > Components: OData > Affects Versions: 8.12.6.6_3 > Reporter: Jan Stastny > Assignee: Steven Hawkins > Fix For: 9.2, 9.0.5, 9.1.1 > > > When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_thr... an error occurs when accessing a vdb, which is also secured by Kerberos. > The error is following: > {code:plain} > 11:44:53,360 WARN [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1] > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2] > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102] > Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135) > at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71) > at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55) > at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105) > at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > ... 16 more > Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53) > at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60) > at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50) > ... 20 more > Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > ... 23 more > Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146) > at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102] > at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102] > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102] > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102] > at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1] > ... 24 more > Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication. > at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102] > at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102] > at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102] > at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276) > at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260) > at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178) > at com.sun.proxy.$Proxy81.logon(Unknown Source) > at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142) > ... 30 more > {code} > Authentication of the user succeeded: > {code:plain} > principal is dv(a)EXAMPLE.COM > Will use keytab > Commit Succeeded > {code} > Authentication of the server succeeded: > {code:plain} > 11:44:52,873 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache > 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost(a)EXAMPLE.COM > 11:44:52,874 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache > 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost(a)EXAMPLE.COM > 11:44:53,234 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab > 11:44:53,236 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded > {code} > Initial request: > {code:plain} > 12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080 > 12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080 > 12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080 > 12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1 > 12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED > 12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1 > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080 > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51) > 12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate > 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]" > 12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]" > 12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]" > {code} > Negotiate request from server: > {code:plain} > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]" > 12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>" > 12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized > 12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1 > 12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00 > 12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8 > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996 > 12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT > {code} > Response to auth server: > {code:plain} > Found ticket for dv(a)EXAMPLE.COM to go to krbtgt/EXAMPLE.COM(a)EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016 > Entered Krb5Context.initSecContext with state=STATE_NEW > Service ticket not found in the subject > 12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server > 12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1 > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080 > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51) > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate > 12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp > 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]" > 12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]" > 12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]" > {code} > Last server logs before error: > {code:plain} > 11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext > 11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext. > 11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true > 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true > 11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv(a)EXAMPLE.COM > 11:44:53,284 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout > 11:44:53,285 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject > 11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv(a)EXAMPLE.COM' and empty password > 11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)] > {code} > VDB used: > {code:xml} > <vdb name="kerberos_teiid" version="1"> > <property name="security-domain" value="EXAMPLE.COM"/> > <property name="authentication-type" value="GSS"/> > . > . > . > </vdb> > {code} > Request URL: > {code:plain} > http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla > {code} > Server configuration: > {code:xml} > <security-domain name="host"> > <authentication> > <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation"> > <module-option name="storeKey" value="true"/> > <module-option name="useKeyTab" value="true"/> > <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/> > <module-option name="principal" value="HTTP/localhost(a)EXAMPLE.COM"/> > <module-option name="doNotPrompt" value="true"/> > <module-option name="useTicketCache" value="true"/> > <module-option name="debug" value="true"/> > <module-option name="refreshKrb5Config" value="false"/> > <module-option name="isInitiator" value="true"/> > <module-option name="addGSSCredential" value="true"/> > <module-option name="delegationCredential" value="USE"/> > <module-option name="ticketCache" value="/tmp/krb5cc_1000"/> > </login-module> > </authentication> > </security-domain> > <security-domain name="EXAMPLE.COM"> > <authentication> > <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation"> > <module-option name="password-stacking" value="useFirstPass"/> > <module-option name="serverSecurityDomain" value="host"/> > </login-module> > </authentication> > <mapping> > <mapping-module code="SimpleRoles" type="role"> > <module-option name="dv(a)EXAMPLE.COM" value="user,odata"/> > </mapping-module> > </mapping> > </security-domain> > {code} > Kerberos client configuration: > {code:plain} > ClientDV { > com.sun.security.auth.module.Krb5LoginModule required > storeKey="true" > useKeyTab="true" > keyTab="${dv.test.krb.dir}/dv.keytab" > principal="dv(a)EXAMPLE.COM" > doNotPrompt="true" > refreshKrb5Config="false" > useTicketCache="true" > ticketCache="/tmp/krb5cc_1000" > debug="true"; > }; > {code} > KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf: > {code:xml} > <system-properties> > <property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/> > <property name="java.security.krb5.debug" value="true"/> > </system-properties> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

teiid-issues November 2016