[
https://issues.jboss.org/browse/TEIID-4183?page=com.atlassian.jira.plugin...
]
Juraj Duráni commented on TEIID-4183:
-------------------------------------
(1) - I can see in the (trace) log of EAP's pool, that there is no available
connection in the pool before each query (Available (0), InUse (0)). I might be an issue
with connection pooling in EAP rather than MSSQL JDBC driver issue. I use code similar to
\[1\]. I am not talking about re-using MSSQL connection for different users.
As far as I know, there is some problem with connection pooling in case of kerberos
authentication. Without cache, EAP creates new connection pool for each _connect()_ call.
But according to ironjacamar's developer, this require change in the design, which
will probably not happen before WildFly 14
(
https://bugzilla.redhat.com/show_bug.cgi?id=1166719)
(2) - I did not set prefill parameter so it should be false by default. From the EAP
documentation: _Whether to try to prefill the connection pool. The default is false._
(3) - > _You mean this using the connection second time?_ - No I mean for the first
time. And the exception is not thrown from the driver \[2\].
(4) - >_BTW, this is specific to SQLServer again._ Seems to be. I tried Oracle and test
passed.
(5) - > _I do suspect this should NOT affect any of the current test scripts IMO, but
if you are seeing any variance please let me know, we will figure out the issue._ - I have
updated tests, so they use different pass-through login modules (for each data source -
What do you think? Shouldn't be pass-through module independent? I mean, that you
should be able to use one login module for every DS no matter what kind of authentication
it uses?). I believe, this is enough for now.
{code:java|title=\[1\] Test code}
for(int i = 0; i < COUNT; i++){
teiidConnection.createStatement().execute("SELECT * FROM us");
}
{code}
{code:plain|title=\[2\]}
08:36:20,142 INFO [MultiPlatformProcessRunner] at
org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
[picketbox-4.1.2.Final-redhat-1.jar:4.1.2.Final-redhat-1]
{code}
MSSQL JDBC driver invalidates kerberos ticket on Connection.close()
-------------------------------------------------------------------
Key: TEIID-4183
URL:
https://issues.jboss.org/browse/TEIID-4183
Project: Teiid
Issue Type: Bug
Affects Versions: 8.12.x, 8.7.5.6_2
Reporter: Juraj Duráni
Assignee: Ramesh Reddy
Fix For: 9.1, 8.12.5
MSSQL JDBC driver invalidate kerberos ticket on Connection.close() (related bugzilla
\[1\]).
If user creates kerberos connection, driver invalidates ticket on closing connection
(Connection.close()). Therefore ticket cannot be re-used. EAP team creates a workaround
for this by adding module option *wrapGSSCredential=true* with additional setting
*credentialLifetime=-1* \[2, 3, 4, 5\]. This works for static kerberos authentication.
However, passthrough authentication (org.teiid.jboss.PassthroughIdentityLoginModule) does
not work, because passed ticket is not managed by EAP but by client.
\[1\]
https://bugzilla.redhat.com/show_bug.cgi?id=1097276
\[2\]
https://bugzilla.redhat.com/show_bug.cgi?id=1097276#c58
\[3\]
https://issues.jboss.org/browse/SECURITY-905
\[4\]
https://issues.jboss.org/browse/JBEAP-843
\[5\]
https://github.com/wildfly-security/jboss-negotiation/commit/0c7e06f58a79...
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)