[teiid-issues] [JBoss JIRA] (TEIID-4571) Kerberos secured OData - delegation of credentials to datasource using PassthroughLoginModule doesn't work
Jan Stastny (JIRA)
issues at jboss.org
Fri Nov 11 02:57:00 EST 2016
[ https://issues.jboss.org/browse/TEIID-4571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13320793#comment-13320793 ]
Jan Stastny commented on TEIID-4571:
------------------------------------
Here is server log with both categories in TRACE level:
{code:plain}
08:51:45,605 INFO [org.jboss.web] (ServerService Thread Pool -- 25) JBAS018210: Register web context: /odata4
08:51:45,634 INFO [org.jboss.as.server] (management-handler-thread - 2) JBAS015859: Deployed "teiid-odata-kerberos-1.0.war" (runtime-name : "teiid-odata-kerberos-1.0.war")
08:51:46,679 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Authenticating user
08:51:46,680 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Header - null
08:51:46,680 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) No Authorization Header, initiating negotiation
08:51:47,158 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Authenticating user
08:51:47,161 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Header - Negotiate YIIEzQYGKwYBBQUCoIIEwTCCBL2gDTALBgkqhkiG9xIBAgKhBAMCAfaiggSkBIIEoGCCBJwGCSqGSIb3EgECAgEAboIEizCCBIegAwIBBaEDAgEOogcDBQAgAAAAo4IBDWGCAQkwggEFoAMCAQWhGxsZTVcuTEFCLkVORy5CT1MuUkVESEFULkNPTaIcMBqgAwIBAKETMBEbBEhUVFAbCWxvY2FsaG9zdKOBwjCBv6ADAgERoQMCAQSigbIEga+3y/QUWKkNv10GG0OaKgVMVx21kgNLOlFY/sPLfRKoQT4y2c4TnKCq0CspU8hWyJzQYjs2i7ODjvnMqdmrRBnHe8aNSvNbMaa3Q+tp9zx3MDvvFBG/h04j3IJfwywixodIGLbKw+L8dK01vvKE0tDIsaVgFz+Ubs9jX/bq8yTn2755yvAzU6DR8YIoWBP09DAgC2Z02kBH/TdYBK0grC9YF+JkYLNT1c32Wv+kWTnupIIDXzCCA1ugAwIBEaKCA1IEggNOuvuBuucm+yhnC0DCWiEG/W2liVik1fHfJIVnyr7sNERJMIKbfQJEuT/Q3w/l4gWnOcKHV7IEoawuNZssaXxqY8iuayF7V9W7aT9709R1VY6VeHu6eXaeHq1L2dIxWrtJe0IsU5ySsIpG4ddc6vQ6Deh73ELMUnmp63JS3aGysTEziNA4IOSoJmMm4mGeRJTThH5pdFwiCkUvikme0mV7wsoHEK34Mmfd6UxtYpZNH/CFKmnuw+qYvGBvhqoz37qrPSU+93ro4T3FkkbkmXLHxQm6EtYDlZ7CeoHNpyYmQ948NSnJjGuWDkPFbHlTNj4gVpsFGuXOva71EX4YT5Uo8Evd68S1K8x+dMy1dyJjgN3KMu6HtDFAHH79jy1gr1VuZlj7rgq9LjOsAXPyP/wI875i+cZC/loUzT9IzPhl2BGzy1Nb+yfv/vduUHdJ3hngJxQLbZvMSk5AXyMeqMqp0sFVuNhULbL3ipnXDJaxXWCNvwn/vpx3enaNgxBPsdMuT8El44nTPOMjeHZ4JUGAhLzx90NdxWUn33eo47lCuI5cY3RWAI+J0t7Rda9llyipr3AK5ne//f2klqgqDMSoTyPqNKnCGw8ZaoYGqk1p697BGfm8ckNr/DTHhWoHhueykKJdA8lslQQSA3TbvV5XnPpr1pJ3zAsMJDDbPxhHKf7Dkm0YyMJG0dyMNdaQQDqFYZIpuWaTxclIwp6PY5Ekd08mSI4tpHOnvPsJY2UhklSdx4ECD6nZO0QCWkE6bOExKDdJeikEVEMmScUeIu+zza7PboAmU/8eOxyYaLUKpYN0wV68sQnxWIUB912kr+aB4l2Eb4e1lYa4dreLrnZzz+Mm+B+HriAa6TUP3eH+zB57c3IRTaIQJ/nfqPZhX6bekCPi/PYOHnw81lF8OHXBbFMaQHmRZNc9GusQVwTPY6Rkik4VSkh20z81YepRxl8M181JgcnP7NwUm/b7YW+XEu4iyE9iKXbuWRIA8qRa3sVM5ILfG2DWzVY86PF9kF9jaj5hp0pYGMv5KKTLMdgh10goLejyk5mSY8TUwF0PkO7ZwcbA8Hp1vF1cie09JtMwyoBkwqs9mvWxzYxIvuYFYSzKBzGSCiNzyvMFcCDQ
08:51:47,165 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (http-127.0.0.1:8080-1) YIIEzQYGKwYBBQUCoIIEwTCCBL2gDTALBgkqhkiG9xIBAgKhBAMCAfaiggSkBIIEoGCCBJwGCSqGSIb3EgECAgEAboIEizCCBIegAwIBBaEDAgEOogcDBQAgAAAAo4IBDWGCAQkwggEFoAMCAQWhGxsZTVcuTEFCLkVORy5CT1MuUkVESEFULkNPTaIcMBqgAwIBAKETMBEbBEhUVFAbCWxvY2FsaG9zdKOBwjCBv6ADAgERoQMCAQSigbIEga+3y/QUWKkNv10GG0OaKgVMVx21kgNLOlFY/sPLfRKoQT4y2c4TnKCq0CspU8hWyJzQYjs2i7ODjvnMqdmrRBnHe8aNSvNbMaa3Q+tp9zx3MDvvFBG/h04j3IJfwywixodIGLbKw+L8dK01vvKE0tDIsaVgFz+Ubs9jX/bq8yTn2755yvAzU6DR8YIoWBP09DAgC2Z02kBH/TdYBK0grC9YF+JkYLNT1c32Wv+kWTnupIIDXzCCA1ugAwIBEaKCA1IEggNOuvuBuucm+yhnC0DCWiEG/W2liVik1fHfJIVnyr7sNERJMIKbfQJEuT/Q3w/l4gWnOcKHV7IEoawuNZssaXxqY8iuayF7V9W7aT9709R1VY6VeHu6eXaeHq1L2dIxWrtJe0IsU5ySsIpG4ddc6vQ6Deh73ELMUnmp63JS3aGysTEziNA4IOSoJmMm4mGeRJTThH5pdFwiCkUvikme0mV7wsoHEK34Mmfd6UxtYpZNH/CFKmnuw+qYvGBvhqoz37qrPSU+93ro4T3FkkbkmXLHxQm6EtYDlZ7CeoHNpyYmQ948NSnJjGuWDkPFbHlTNj4gVpsFGuXOva71EX4YT5Uo8Evd68S1K8x+dMy1dyJjgN3KMu6HtDFAHH79jy1gr1VuZlj7rgq9LjOsAXPyP/wI875i+cZC/loUzT9IzPhl2BGzy1Nb+yfv/vduUHdJ3hngJxQLbZvMSk5AXyMeqMqp0sFVuNhULbL3ipnXDJaxXWCNvwn/vpx3enaNgxBPsdMuT8El44nTPOMjeHZ4JUGAhLzx90NdxWUn33eo47lCuI5cY3RWAI+J0t7Rda9llyipr3AK5ne//f2klqgqDMSoTyPqNKnCGw8ZaoYGqk1p697BGfm8ckNr/DTHhWoHhueykKJdA8lslQQSA3TbvV5XnPpr1pJ3zAsMJDDbPxhHKf7Dkm0YyMJG0dyMNdaQQDqFYZIpuWaTxclIwp6PY5Ekd08mSI4tpHOnvPsJY2UhklSdx4ECD6nZO0QCWkE6bOExKDdJeikEVEMmScUeIu+zza7PboAmU/8eOxyYaLUKpYN0wV68sQnxWIUB912kr+aB4l2Eb4e1lYa4dreLrnZzz+Mm+B+HriAa6TUP3eH+zB57c3IRTaIQJ/nfqPZhX6bekCPi/PYOHnw81lF8OHXBbFMaQHmRZNc9GusQVwTPY6Rkik4VSkh20z81YepRxl8M181JgcnP7NwUm/b7YW+XEu4iyE9iKXbuWRIA8qRa3sVM5ILfG2DWzVY86PF9kF9jaj5hp0pYGMv5KKTLMdgh10goLejyk5mSY8TUwF0PkO7ZwcbA8Hp1vF1cie09JtMwyoBkwqs9mvWxzYxIvuYFYSzKBzGSCiNzyvMFcCDQ
08:51:47,166 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (http-127.0.0.1:8080-1) 0x60 0x82 0x04 0xcd 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0xa0 0x82 0x04 0xc1 0x30 0x82 0x04 0xbd 0xa0 0x0d 0x30 0x0b 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x12 0x01 0x02 0x02 0xa1 0x04 0x03 0x02 0x01 0xf6 0xa2 0x82 0x04 0xa4 0x04 0x82 0x04 0xa0 0x60 0x82 0x04 0x9c 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x12 0x01 0x02 0x02 0x01 0x00 0x6e 0x82 0x04 0x8b 0x30 0x82 0x04 0x87 0xa0 0x03 0x02 0x01 0x05 0xa1 0x03 0x02 0x01 0x0e 0xa2 0x07 0x03 0x05 0x00 0x20 0x00 0x00 0x00 0xa3 0x82 0x01 0x0d 0x61 0x82 0x01 0x09 0x30 0x82 0x01 0x05 0xa0 0x03 0x02 0x01 0x05 0xa1 0x1b 0x1b 0x19 0x4d 0x57 0x2e 0x4c 0x41 0x42 0x2e 0x45 0x4e 0x47 0x2e 0x42 0x4f 0x53 0x2e 0x52 0x45 0x44 0x48 0x41 0x54 0x2e 0x43 0x4f 0x4d 0xa2 0x1c 0x30 0x1a 0xa0 0x03 0x02 0x01 0x00 0xa1 0x13 0x30 0x11 0x1b 0x04 0x48 0x54 0x54 0x50 0x1b 0x09 0x6c 0x6f 0x63 0x61 0x6c 0x68 0x6f 0x73 0x74 0xa3 0x81 0xc2 0x30 0x81 0xbf 0xa0 0x03 0x02 0x01 0x11 0xa1 0x03 0x02 0x01 0x04 0xa2 0x81 0xb2 0x04 0x81 0xaf 0xb7 0xcb 0xf4 0x14 0x58 0xa9 0x0d 0xbf 0x5d 0x06 0x1b 0x43 0x9a 0x2a 0x05 0x4c 0x57 0x1d 0xb5 0x92 0x03 0x4b 0x3a 0x51 0x58 0xfe 0xc3 0xcb 0x7d 0x12 0xa8 0x41 0x3e 0x32 0xd9 0xce 0x13 0x9c 0xa0 0xaa 0xd0 0x2b 0x29 0x53 0xc8 0x56 0xc8 0x9c 0xd0 0x62 0x3b 0x36 0x8b 0xb3 0x83 0x8e 0xf9 0xcc 0xa9 0xd9 0xab 0x44 0x19 0xc7 0x7b 0xc6 0x8d 0x4a 0xf3 0x5b 0x31 0xa6 0xb7 0x43 0xeb 0x69 0xf7 0x3c 0x77 0x30 0x3b 0xef 0x14 0x11 0xbf 0x87 0x4e 0x23 0xdc 0x82 0x5f 0xc3 0x2c 0x22 0xc6 0x87 0x48 0x18 0xb6 0xca 0xc3 0xe2 0xfc 0x74 0xad 0x35 0xbe 0xf2 0x84 0xd2 0xd0 0xc8 0xb1 0xa5 0x60 0x17 0x3f 0x94 0x6e 0xcf 0x63 0x5f 0xf6 0xea 0xf3 0x24 0xe7 0xdb 0xbe 0x79 0xca 0xf0 0x33 0x53 0xa0 0xd1 0xf1 0x82 0x28 0x58 0x13 0xf4 0xf4 0x30 0x20 0x0b 0x66 0x74 0xda 0x40 0x47 0xfd 0x37 0x58 0x04 0xad 0x20 0xac 0x2f 0x58 0x17 0xe2 0x64 0x60 0xb3 0x53 0xd5 0xcd 0xf6 0x5a 0xff 0xa4 0x59 0x39 0xee 0xa4 0x82 0x03 0x5f 0x30 0x82 0x03 0x5b 0xa0 0x03 0x02 0x01 0x11 0xa2 0x82 0x03 0x52 0x04 0x82 0x03 0x4e 0xba 0xfb 0x81 0xba 0xe7 0x26 0xfb 0x28 0x67 0x0b 0x40 0xc2 0x5a 0x21 0x06 0xfd 0x6d 0xa5 0x89 0x58 0xa4 0xd5 0xf1 0xdf 0x24 0x85 0x67 0xca 0xbe 0xec 0x34 0x44 0x49 0x30 0x82 0x9b 0x7d 0x02 0x44 0xb9 0x3f 0xd0 0xdf 0x0f 0xe5 0xe2 0x05 0xa7 0x39 0xc2 0x87 0x57 0xb2 0x04 0xa1 0xac 0x2e 0x35 0x9b 0x2c 0x69 0x7c 0x6a 0x63 0xc8 0xae 0x6b 0x21 0x7b 0x57 0xd5 0xbb 0x69 0x3f 0x7b 0xd3 0xd4 0x75 0x55 0x8e 0x95 0x78 0x7b 0xba 0x79 0x76 0x9e 0x1e 0xad 0x4b 0xd9 0xd2 0x31 0x5a 0xbb 0x49 0x7b 0x42 0x2c 0x53 0x9c 0x92 0xb0 0x8a 0x46 0xe1 0xd7 0x5c 0xea 0xf4 0x3a 0x0d 0xe8 0x7b 0xdc 0x42 0xcc 0x52 0x79 0xa9 0xeb 0x72 0x52 0xdd 0xa1 0xb2 0xb1 0x31 0x33 0x88 0xd0 0x38 0x20 0xe4 0xa8 0x26 0x63 0x26 0xe2 0x61 0x9e 0x44 0x94 0xd3 0x84 0x7e 0x69 0x74 0x5c 0x22 0x0a 0x45 0x2f 0x8a 0x49 0x9e 0xd2 0x65 0x7b 0xc2 0xca 0x07 0x10 0xad 0xf8 0x32 0x67 0xdd 0xe9 0x4c 0x6d 0x62 0x96 0x4d 0x1f 0xf0 0x85 0x2a 0x69 0xee 0xc3 0xea 0x98 0xbc 0x60 0x6f 0x86 0xaa 0x33 0xdf 0xba 0xab 0x3d 0x25 0x3e 0xf7 0x7a 0xe8 0xe1 0x3d 0xc5 0x92 0x46 0xe4 0x99 0x72 0xc7 0xc5 0x09 0xba 0x12 0xd6 0x03 0x95 0x9e 0xc2 0x7a 0x81 0xcd 0xa7 0x26 0x26 0x43 0xde 0x3c 0x35 0x29 0xc9 0x8c 0x6b 0x96 0x0e 0x43 0xc5 0x6c 0x79 0x53 0x36 0x3e 0x20 0x56 0x9b 0x05 0x1a 0xe5 0xce 0xbd 0xae 0xf5 0x11 0x7e 0x18 0x4f 0x95 0x28 0xf0 0x4b 0xdd 0xeb 0xc4 0xb5 0x2b 0xcc 0x7e 0x74 0xcc 0xb5 0x77 0x22 0x63 0x80 0xdd 0xca 0x32 0xee 0x87 0xb4 0x31 0x40 0x1c 0x7e 0xfd 0x8f 0x2d 0x60 0xaf 0x55 0x6e 0x66 0x58 0xfb 0xae 0x0a 0xbd 0x2e 0x33 0xac 0x01 0x73 0xf2 0x3f 0xfc 0x08 0xf3 0xbe 0x62 0xf9 0xc6 0x42 0xfe 0x5a 0x14 0xcd 0x3f 0x48 0xcc 0xf8 0x65 0xd8 0x11 0xb3 0xcb 0x53 0x5b 0xfb 0x27 0xef 0xfe 0xf7 0x6e 0x50 0x77 0x49 0xde 0x19 0xe0 0x27 0x14 0x0b 0x6d 0x9b 0xcc 0x4a 0x4e 0x40 0x5f 0x23 0x1e 0xa8 0xca 0xa9 0xd2 0xc1 0x55 0xb8 0xd8 0x54 0x2d 0xb2 0xf7 0x8a 0x99 0xd7 0x0c 0x96 0xb1 0x5d 0x60 0x8d 0xbf 0x09 0xff 0xbe 0x9c 0x77 0x7a 0x76 0x8d 0x83 0x10 0x4f 0xb1 0xd3 0x2e 0x4f 0xc1 0x25 0xe3 0x89 0xd3 0x3c 0xe3 0x23 0x78 0x76 0x78 0x25 0x41 0x80 0x84 0xbc 0xf1 0xf7 0x43 0x5d 0xc5 0x65 0x27 0xdf 0x77 0xa8 0xe3 0xb9 0x42 0xb8 0x8e 0x5c 0x63 0x74 0x56 0x00 0x8f 0x89 0xd2 0xde 0xd1 0x75 0xaf 0x65 0x97 0x28 0xa9 0xaf 0x70 0x0a 0xe6 0x77 0xbf 0xfd 0xfd 0xa4 0x96 0xa8 0x2a 0x0c 0xc4 0xa8 0x4f 0x23 0xea 0x34 0xa9 0xc2 0x1b 0x0f 0x19 0x6a 0x86 0x06 0xaa 0x4d 0x69 0xeb 0xde 0xc1 0x19 0xf9 0xbc 0x72 0x43 0x6b 0xfc 0x34 0xc7 0x85 0x6a 0x07 0x86 0xe7 0xb2 0x90 0xa2 0x5d 0x03 0xc9 0x6c 0x95 0x04 0x12 0x03 0x74 0xdb 0xbd 0x5e 0x57 0x9c 0xfa 0x6b 0xd6 0x92 0x77 0xcc 0x0b 0x0c 0x24 0x30 0xdb 0x3f 0x18 0x47 0x29 0xfe 0xc3 0x92 0x6d 0x18 0xc8 0xc2 0x46 0xd1 0xdc 0x8c 0x35 0xd6 0x90 0x40 0x3a 0x85 0x61 0x92 0x29 0xb9 0x66 0x93 0xc5 0xc9 0x48 0xc2 0x9e 0x8f 0x63 0x91 0x24 0x77 0x4f 0x26 0x48 0x8e 0x2d 0xa4 0x73 0xa7 0xbc 0xfb 0x09 0x63 0x65 0x21 0x92 0x54 0x9d 0xc7 0x81 0x02 0x0f 0xa9 0xd9 0x3b 0x44 0x02 0x5a 0x41 0x3a 0x6c 0xe1 0x31 0x28 0x37 0x49 0x7a 0x29 0x04 0x54 0x43 0x26 0x49 0xc5 0x1e 0x22 0xef 0xb3 0xcd 0xae 0xcf 0x6e 0x80 0x26 0x53 0xff 0x1e 0x3b 0x1c 0x98 0x68 0xb5 0x0a 0xa5 0x83 0x74 0xc1 0x5e 0xbc 0xb1 0x09 0xf1 0x58 0x85 0x01 0xf7 0x5d 0xa4 0xaf 0xe6 0x81 0xe2 0x5d 0x84 0x6f 0x87 0xb5 0x95 0x86 0xb8 0x76 0xb7 0x8b 0xae 0x76 0x73 0xcf 0xe3 0x26 0xf8 0x1f 0x87 0xae 0x20 0x1a 0xe9 0x35 0x0f 0xdd 0xe1 0xfe 0xcc 0x1e 0x7b 0x73 0x72 0x11 0x4d 0xa2 0x10 0x27 0xf9 0xdf 0xa8 0xf6 0x61 0x5f 0xa6 0xde 0x90 0x23 0xe2 0xfc 0xf6 0x0e 0x1e 0x7c 0x3c 0xd6 0x51 0x7c 0x38 0x75 0xc1 0x6c 0x53 0x1a 0x40 0x79 0x91 0x64 0xd7 0x3d 0x1a 0xeb 0x10 0x57 0x04 0xcf 0x63 0xa4 0x64 0x8a 0x4e 0x15 0x4a 0x48 0x76 0xd3 0x3f 0x35 0x61 0xea 0x51 0xc6 0x5f 0x0c 0xd7 0xcd 0x49 0x81 0xc9 0xcf 0xec 0xdc 0x14 0x9b 0xf6 0xfb 0x61 0x6f 0x97 0x12 0xee 0x22 0xc8 0x4f 0x62 0x29 0x76 0xee 0x59 0x12 0x00 0xf2 0xa4 0x5a 0xde 0xc5 0x4c 0xe4 0x82 0xdf 0x1b 0x60 0xd6 0xcd 0x56 0x3c 0xe8 0xf1 0x7d 0x90 0x5f 0x63 0x6a 0x3e 0x61 0xa7 0x4a 0x58 0x18 0xcb 0xf9 0x28 0xa4 0xcb 0x31 0xd8 0x21 0xd7 0x48 0x28 0x2d 0xe8 0xf2 0x93 0x99 0x92 0x63 0xc4 0xd4 0xc0 0x5d 0x0f 0x90 0xee 0xd9 0xc1 0xc6 0xc0 0xf0 0x7a 0x75 0xbc 0x5d 0x5c 0x89 0xed 0x3d 0x26 0xd3 0x30 0xca 0x80 0x64 0xc2 0xab 0x3d 0x9a 0xf5 0xb1 0xcd 0x8c 0x48 0xbe 0xe6 0x05 0x61 0x2c 0xca 0x07 0x31 0x92 0x0a 0x23 0x73 0xca 0xf3 0x05 0x70 0x20 0xd0
08:51:47,171 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Creating new NegotiationContext
08:51:47,171 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-127.0.0.1:8080-1) associate 279696544
08:51:47,176 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) removeRealmFromPrincipal=false
08:51:47,176 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) serverSecurityDomain=host
08:51:47,176 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) usernamePasswordDomain=null
08:51:47,178 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Wrapped Krb5LoginModule is 'com.sun.security.auth.module.Krb5LoginModule'
08:51:47,179 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) delegationCredential=USE
08:51:47,182 INFO [stdout] (http-127.0.0.1:8080-1) Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is /tmp/krb5cc_100e0 isInitiator true KeyTab is /home/jstastny/tmp-workspaces/workspace/HTTP_localhost refreshKrb5Config is false principal is HTTP/localhost at EXAMPLE.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
08:51:47,182 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Initialised wrapped login module.
08:51:47,182 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) addGssCredential=true
08:51:47,182 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) wrapGssCredential=false
08:51:47,183 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) No delegation credential so falling through to use wrapped login module.
08:51:47,184 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
08:51:47,186 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost at EXAMPLE.COM
08:51:47,186 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
08:51:47,662 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost at EXAMPLE.COM
08:51:47,662 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab
08:51:47,663 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded
08:51:47,663 INFO [stdout] (http-127.0.0.1:8080-1)
08:51:47,663 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Called wrapped login module respone=true
08:51:47,663 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Adding GSSCredential to populated Subject
08:51:47,665 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Creating GSSName for Principal 'HTTP/localhost at EXAMPLE.COM'
08:51:47,668 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Added private credential.
08:51:47,670 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Subject = Subject:
Principal: HTTP/localhost at EXAMPLE.COM
Private Credential: Ticket (hex) =
0000: 61 82 01 22 30 82 01 1E A0 03 02 01 05 A1 1B 1B a.."0...........
.
.
.
.
0060: A0 03 02 01 11 A1 03 02 01 01 A2 81 B9 04 81 B6 ................
0070: 36 ED D6 8A 0A 0B 3E 9E BC 46 23 82 32 51 01 2C 6.....>..F#.2Q.,
0080: D1 2D A9 77 35 CD EC 03 81 0E 20 24 85 72 52 8A .-.w5..... $.rR.
0090: BD BF F6 9E 3D 20 18 5C 6F 8D A1 D9 20 F5 D4 53 ....= .\o... ..S
00A0: E1 EC 90 D7 65 24 1F 1B 98 42 96 3E 5C FF 00 49 ....e$...B.>\..I
00B0: B4 FC 07 3C AC 4A 37 22 FA 9C 4C FC 2B F0 D3 B3 ...<.J7"..L.+...
00C0: FB 1C 0A D5 29 A0 AD 39 C5 58 F7 65 81 06 3C 81 ....)..9.X.e..<.
00D0: 48 83 54 E6 62 B4 2F 54 C6 0B DF F2 13 8C 2F 5D H.T.b./T....../]
00E0: DE 6D B7 A7 AE 5B DC 9A B9 F4 E4 98 BB 2D E3 C9 .m...[.......-..
00F0: 42 60 2C 06 9A 47 6C DD 80 31 52 F8 ED 00 AB 4F B`,..Gl..1R....O
0100: 16 EB AD 5D F5 5D F3 B0 5A D2 A2 73 E5 41 63 56 ...].]..Z..s.AcV
0110: EC 1D FE C4 69 E9 8F E5 B7 BC 1E 9E 78 10 0B 39 ....i.......x..9
0120: 47 95 7F 8C B4 72 G....r
Client Principal = HTTP/localhost at EXAMPLE.COM
Server Principal = krbtgt/EXAMPLE.COM at EXAMPLE.COM
Session Key = EncryptionKey: keyType=17 keyBytes (hex dump)=
0000: F2 56 B2 92 DC E4 01 63 68 F2 73 C9 94 C0 E4 66 .V.....ch.s....f
Forwardable Ticket true
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Fri Nov 11 08:51:47 GMT+01:00 2016
Start Time = Fri Nov 11 08:51:47 GMT+01:00 2016
End Time = Fri Nov 11 16:51:47 GMT+01:00 2016
Renew Till = null
Client Addresses Null
Private Credential: /home/jstastny/tmp-workspaces/workspace/HTTP_localhost for HTTP/localhost at EXAMPLE.COM
Private Credential: [GSSCredential:
HTTP/localhost at EXAMPLE.COM 1.2.840.113554.1.2.2 Initiate [class sun.security.jgss.krb5.Krb5InitCredential]]
08:51:47,670 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext
08:51:47,671 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext.
08:51:47,685 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true
08:51:47,685 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true
08:51:47,686 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = KRBUSR05 at EXAMPLE.COM
08:51:47,686 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Removing GSSCredential added to subject during authentication.
08:51:47,686 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Passing to wrapped login module to logout.
08:51:47,686 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout
08:51:47,686 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject
08:51:47,686 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Disposing of GSSCredential
08:51:47,686 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Result - true
08:51:47,686 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'KRBUSR05 at EXAMPLE.COM' and empty password
08:51:47,687 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) super.loginOk true
08:51:47,693 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[44-SCjMU3RDwMuAXi8Uza6uE_1478850707171(odata,user,)]
08:51:47,694 TRACE [org.jboss.security.negotiation.common.MessageTrace.Response.Base64] (http-127.0.0.1:8080-1) oXIwcKJuBGxgagYJKoZIhvcSAQICAgBvWzBZoAMCAQWhAwIBD6JNMEugAwIBEaJEBELkZbbkPkbT
6Pm89VYdXOJZatRIEM70TaV1CkcqkHLxuwbPslkkb31FEs3YDRXPhCkXvQy10U4o40NzGuhvK1Hx
F0o=
08:51:47,694 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-127.0.0.1:8080-1) clear 279696544
08:51:47,711 DEBUG [org.teiid.SECURITY] (http-127.0.0.1:8080-1) authenticateUser anonymous JDBC
08:51:47,712 DEBUG [org.teiid.SECURITY] (http-127.0.0.1:8080-1) Logon successful, created session: sessionid=T8F+PY/m1teq; userName=KRBUSR05\@EXAMPLE.COM at EXAMPLE.COM; vdbName=oracle_kerberos; vdbVersion=1; createdTime=Fri Nov 11 08:51:47 GMT+01:00 2016; applicationName=JDBC; clientHostName=null; clientHardwareAddress=null; IPAddress=null; securityDomain=EXAMPLE.COM; lastPingTime=Fri Nov 11 08:51:47 GMT+01:00 2016
08:51:47,723 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) Successfully obtained a session.
08:51:47,723 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) Connection Url=
08:51:47,723 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) ApplicationName=JDBC
08:51:47,723 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) PassthroughAuthentication=true
08:51:47,724 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) local-transport-name=odata
08:51:47,724 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) waitForLoad=0
08:51:47,724 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) batch-size=256
08:51:47,724 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) VirtualDatabaseName=oracle_kerberos.1
08:51:47,724 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) transportName=odata
08:51:47,724 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) skiptoken-cache-time=300000
08:51:47,724 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) The JDBC Driver successfully obtained a connection.
08:51:47,844 DEBUG [org.teiid.ODATA] (http-127.0.0.1:8080-1) Teiid-Query: /*+ cache(ttl:300000 scope:USER) */ SELECT g0."user" FROM BQT1.dual AS g0 ORDER BY g0."user" LIMIT 1 /* T8F+PY/m1teq */
08:51:47,849 FINER [org.teiid.jdbc] (http-127.0.0.1:8080-1) Executing: requestID -1 commands: [/*+ cache(ttl:300000 scope:USER) */ SELECT g0."user" FROM BQT1.dual AS g0 ORDER BY g0."user" LIMIT 1 /* T8F+PY/m1teq */] expecting: RESULTSET
08:51:47,850 TRACE [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) before executeRequest:org.teiid.dqp.internal.process.DQPCore at 7423ed3d(0,org.teiid.client.RequestMessage at d690586)
08:51:47,858 TRACE [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) T8F+PY/m1teq.0 start processing MORE_WORK
08:51:47,858 DEBUG [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) Request Thread T8F+PY/m1teq.0 with state NEW
08:51:47,859 DEBUG [org.teiid.TXN_LOG] (http-127.0.0.1:8080-1) before getOrCreateTransactionContext:org.teiid.dqp.internal.process.TransactionServerImpl at 139cd75a(T8F+PY/m1teq)
08:51:47,860 DEBUG [org.teiid.TXN_LOG] (http-127.0.0.1:8080-1) after getOrCreateTransactionContext : T8F+PY/m1teq NONE ID:NONE
08:51:47,862 TRACE [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) Cache miss for Cache Entry<T8F+PY/m1teq=KRBUSR05\@EXAMPLE.COM at EXAMPLE.COM> params:null sql:/*+ cache(ttl:300000 scope:USER) */ SELECT g0."user" FROM BQT1.dual AS g0 ORDER BY g0."user" LIMIT 1 /* T8F+PY/m1teq */
08:51:47,863 DEBUG [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) T8F+PY/m1teq.0 executing prepared /*+ cache(ttl:300000 scope:USER) */ SELECT g0."user" FROM BQT1.dual AS g0 ORDER BY g0."user" LIMIT 1 /* T8F+PY/m1teq */
08:51:47,868 TRACE [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) Cache miss for Cache Entry<T8F+PY/m1teq=KRBUSR05\@EXAMPLE.COM at EXAMPLE.COM> params:null sql:/*+ cache(ttl:300000 scope:USER) */ SELECT g0."user" FROM BQT1.dual AS g0 ORDER BY g0."user" LIMIT 1 /* T8F+PY/m1teq */
08:51:47,869 TRACE [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) Query does not exist in cache: /*+ cache(ttl:300000 scope:USER) */ SELECT g0."user" FROM BQT1.dual AS g0 ORDER BY g0."user" LIMIT 1 /* T8F+PY/m1teq */
08:51:47,871 TRACE [org.teiid.PLANNER.RESOLVER] (http-127.0.0.1:8080-1) Resolving command /*+ cache(ttl:300000 scope:USER) */ SELECT g0."user" FROM BQT1.dual AS g0 ORDER BY g0."user" LIMIT 1
08:51:47,935 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) wrapGssCredential=false
08:51:47,936 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Adding module option properties as private credential
08:51:47,937 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (http-127.0.0.1:8080-1) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: No matching credentials in Subject!
at org.jboss.jca.adapters.jdbc.BaseWrapperManagedConnectionFactory.getConnectionProperties(BaseWrapperManagedConnectionFactory.java:965)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:233)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:858)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:413)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:457)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:429)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:344)
at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:367)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:499)
at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:143)
at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:69)
at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:270) [translator-jdbc-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:68) [translator-jdbc-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.translator.ExecutionFactory.getConnection(ExecutionFactory.java:202) [teiid-api-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.dqp.internal.datamgr.ConnectorManager.buildCapabilities(ConnectorManager.java:179)
at org.teiid.dqp.internal.datamgr.ConnectorManager.getCapabilities(ConnectorManager.java:163)
at org.teiid.dqp.internal.process.CachedFinder.findCapabilities(CachedFinder.java:108)
at org.teiid.query.metadata.TempCapabilitiesFinder.findCapabilities(TempCapabilitiesFinder.java:78)
at org.teiid.query.optimizer.relational.rules.CapabilitiesUtil.getCapabilities(CapabilitiesUtil.java:439)
at org.teiid.query.optimizer.relational.rules.CapabilitiesUtil.supports(CapabilitiesUtil.java:459)
at org.teiid.query.optimizer.relational.rules.CapabilitiesUtil.requiresCriteria(CapabilitiesUtil.java:444)
at org.teiid.query.optimizer.relational.rules.RulePlaceAccess.addAccessNode(RulePlaceAccess.java:196)
at org.teiid.query.optimizer.relational.rules.RulePlaceAccess.execute(RulePlaceAccess.java:86)
at org.teiid.query.optimizer.relational.RelationalPlanner.executeRules(RelationalPlanner.java:925)
at org.teiid.query.optimizer.relational.RelationalPlanner.optimize(RelationalPlanner.java:228)
at org.teiid.query.optimizer.QueryOptimizer.optimizePlan(QueryOptimizer.java:159)
at org.teiid.dqp.internal.process.Request.generatePlan(Request.java:442)
at org.teiid.dqp.internal.process.PreparedStatementRequest.generatePlan(PreparedStatementRequest.java:119)
at org.teiid.dqp.internal.process.Request.processRequest(Request.java:470)
at org.teiid.dqp.internal.process.PreparedStatementRequest.processRequest(PreparedStatementRequest.java:294)
at org.teiid.dqp.internal.process.RequestWorkItem.processNew(RequestWorkItem.java:642)
at org.teiid.dqp.internal.process.RequestWorkItem.process(RequestWorkItem.java:337)
at org.teiid.dqp.internal.process.AbstractWorkItem.run(AbstractWorkItem.java:51)
at org.teiid.dqp.internal.process.RequestWorkItem.run(RequestWorkItem.java:274)
at org.teiid.dqp.internal.process.DQPCore.executeRequest(DQPCore.java:306)
at org.teiid.dqp.internal.process.DQPCore.executeRequest(DQPCore.java:238)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
at org.teiid.logging.LogManager$LoggingProxy.invoke(LogManager.java:121) [teiid-api-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
at org.teiid.jboss.TransportService$2.invoke(TransportService.java:241)
at com.sun.proxy.$Proxy20.executeRequest(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180)
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260)
at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178)
at com.sun.proxy.$Proxy20.executeRequest(Unknown Source)
at org.teiid.jdbc.StatementImpl.execute(StatementImpl.java:688)
at org.teiid.jdbc.StatementImpl.executeSql(StatementImpl.java:554)
at org.teiid.jdbc.PreparedStatementImpl.executeQuery(PreparedStatementImpl.java:260)
at org.teiid.jdbc.PreparedStatementImpl.executeQuery(PreparedStatementImpl.java:73)
at org.teiid.olingo.service.LocalClient.executeSQL(LocalClient.java:234)
at org.teiid.olingo.service.TeiidServiceHandler.executeQuery(TeiidServiceHandler.java:349)
at org.teiid.olingo.service.TeiidServiceHandler.read(TeiidServiceHandler.java:172)
at org.apache.olingo.server.core.requests.DataRequest$EntityRequest.execute(DataRequest.java:332)
at org.apache.olingo.server.core.requests.DataRequest.execute(DataRequest.java:255)
at org.apache.olingo.server.core.ServiceDispatcher.internalExecute(ServiceDispatcher.java:160)
at org.apache.olingo.server.core.ServiceDispatcher.execute(ServiceDispatcher.java:98)
at org.apache.olingo.server.core.OData4HttpHandler.process(OData4HttpHandler.java:66)
at org.teiid.olingo.web.ODataServlet.service(ODataServlet.java:43)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:231)
at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512)
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
08:51:47,953 DEBUG [org.teiid.PROCESSOR] (http-127.0.0.1:8080-1) org.teiid.translator.TranslatorException: TEIID11009 java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/Oracle12_krb Could not obtain capabilities forlocal
{code}
> Kerberos secured OData - delegation of credentials to datasource using PassthroughLoginModule doesn't work
> ----------------------------------------------------------------------------------------------------------
>
> Key: TEIID-4571
> URL: https://issues.jboss.org/browse/TEIID-4571
> Project: Teiid
> Issue Type: Bug
> Components: OData
> Affects Versions: 8.12.7.6_3
> Reporter: Jan Stastny
> Assignee: Steven Hawkins
> Priority: Critical
>
> When OData war is secured by Kerberos there is issue with delegation of kerberos credentials from the web layer to configured datasource.
> All the OData war, vdb and datasource are in the same realm.
> Exception logged on server:
> {code:plain}
> 07:58:37,965 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (http-127.0.0.1:8080-1) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: No matching credentials in Subject!
> at org.jboss.jca.adapters.jdbc.BaseWrapperManagedConnectionFactory.getConnectionProperties(BaseWrapperManagedConnectionFactory.java:965)
> at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:233)
> at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:858)
> at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:413)
> at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:457)
> at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:429)
> at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:344)
> at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:367)
> at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:499)
> at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:143)
> at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:69)
> at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:270) [translator-jdbc-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
> at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:68) [translator-jdbc-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
> at org.teiid.translator.ExecutionFactory.getConnection(ExecutionFactory.java:202) [teiid-api-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
> at org.teiid.dqp.internal.datamgr.ConnectorManager.buildCapabilities(ConnectorManager.java:179)
> at org.teiid.dqp.internal.datamgr.ConnectorManager.getCapabilities(ConnectorManager.java:163)
> at org.teiid.dqp.internal.process.CachedFinder.findCapabilities(CachedFinder.java:108)
> at org.teiid.query.metadata.TempCapabilitiesFinder.findCapabilities(TempCapabilitiesFinder.java:78)
> at org.teiid.query.optimizer.relational.rules.CapabilitiesUtil.getCapabilities(CapabilitiesUtil.java:439)
> at org.teiid.query.optimizer.relational.rules.CapabilitiesUtil.supports(CapabilitiesUtil.java:459)
> at org.teiid.query.optimizer.relational.rules.CapabilitiesUtil.requiresCriteria(CapabilitiesUtil.java:444)
> at org.teiid.query.optimizer.relational.rules.RulePlaceAccess.addAccessNode(RulePlaceAccess.java:196)
> at org.teiid.query.optimizer.relational.rules.RulePlaceAccess.execute(RulePlaceAccess.java:86)
> at org.teiid.query.optimizer.relational.RelationalPlanner.executeRules(RelationalPlanner.java:925)
> at org.teiid.query.optimizer.relational.RelationalPlanner.optimize(RelationalPlanner.java:228)
> at org.teiid.query.optimizer.QueryOptimizer.optimizePlan(QueryOptimizer.java:159)
> at org.teiid.dqp.internal.process.Request.generatePlan(Request.java:442)
> at org.teiid.dqp.internal.process.PreparedStatementRequest.generatePlan(PreparedStatementRequest.java:119)
> at org.teiid.dqp.internal.process.Request.processRequest(Request.java:470)
> at org.teiid.dqp.internal.process.PreparedStatementRequest.processRequest(PreparedStatementRequest.java:294)
> at org.teiid.dqp.internal.process.RequestWorkItem.processNew(RequestWorkItem.java:642)
> at org.teiid.dqp.internal.process.RequestWorkItem.process(RequestWorkItem.java:337)
> at org.teiid.dqp.internal.process.AbstractWorkItem.run(AbstractWorkItem.java:51)
> at org.teiid.dqp.internal.process.RequestWorkItem.run(RequestWorkItem.java:274)
> at org.teiid.dqp.internal.process.DQPCore.executeRequest(DQPCore.java:306)
> at org.teiid.dqp.internal.process.DQPCore.executeRequest(DQPCore.java:238)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
> at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
> at org.teiid.logging.LogManager$LoggingProxy.invoke(LogManager.java:121) [teiid-api-8.12.7.6_3-redhat-1.jar:8.12.7.6_3-redhat-1]
> at org.teiid.jboss.TransportService$2.invoke(TransportService.java:241)
> at com.sun.proxy.$Proxy20.executeRequest(Unknown Source)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
> at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
> at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260)
> at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178)
> at com.sun.proxy.$Proxy20.executeRequest(Unknown Source)
> at org.teiid.jdbc.StatementImpl.execute(StatementImpl.java:688)
> at org.teiid.jdbc.StatementImpl.executeSql(StatementImpl.java:554)
> at org.teiid.jdbc.PreparedStatementImpl.executeQuery(PreparedStatementImpl.java:260)
> at org.teiid.jdbc.PreparedStatementImpl.executeQuery(PreparedStatementImpl.java:73)
> at org.teiid.olingo.service.LocalClient.executeSQL(LocalClient.java:234)
> at org.teiid.olingo.service.TeiidServiceHandler.executeQuery(TeiidServiceHandler.java:349)
> at org.teiid.olingo.service.TeiidServiceHandler.read(TeiidServiceHandler.java:172)
> at org.apache.olingo.server.core.requests.DataRequest$EntityRequest.execute(DataRequest.java:332)
> at org.apache.olingo.server.core.requests.DataRequest.execute(DataRequest.java:255)
> at org.apache.olingo.server.core.ServiceDispatcher.internalExecute(ServiceDispatcher.java:160)
> at org.apache.olingo.server.core.ServiceDispatcher.execute(ServiceDispatcher.java:98)
> at org.apache.olingo.server.core.OData4HttpHandler.process(OData4HttpHandler.java:66)
> at org.teiid.olingo.web.ODataServlet.service(ODataServlet.java:43)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
> at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:231)
> at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
> at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512)
> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
> {code}
> Debug logs after war is deployed and accessed:
> {code:plain}
> 07:58:36,981 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Authenticating user
> 07:58:36,982 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Header - null
> 07:58:36,982 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) No Authorization Header, initiating negotiation
> 07:58:37,327 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Authenticating user
> 07:58:37,327 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Header - Negotiate YIIE4AYGKwYBBQUCoIIE1DCCBNCgDTALBgkqhkiG9xIBAgKhBAMCAfaiggS3BIIEs2CCBK8GCSqGSIb3EgECAgEAboIEnjCCBJqgAwIBBaEDAgEOogcDBQAgAAAAo4IBIGGCARwwggEYoAMCAQWhGxsZTVcuTEFCLkVORy5CT1MuUkVESEFULkNPTaIcMBqgAwIBAKETMBEbBEhUVFAbCWxvY2FsaG9zdKOB1TCB0qADAgERoQMCAQSigcUEgcK465BoUHrVQ0BUkECQudf6zEeCf5II5fdigc1feeqGKuL2ETqPjYO3jtghflu42UiXeWq8a5xSJXjQU5gFq6JPVCdvi2e0Fy75e1kQR1vE1Rw/iVfqeneJLfIN0yITvMLhtvZDB7DYdlROsW4M2awuUSdO4NgGrFoA8n46/V3lbfY4MlBQ+C4MYICebuz8flxcmXPre0lBmQ3gfJPTIQdDkU1x2dhQdGGHe0GIUX/dEMEkrVBluW9geTvpzBPR/XrdfaSCA18wggNboAMCARGiggNSBIIDThvjxRAkGUQ9cdb/CyogewYHdMRiCvhMyf/zMibr1PiKBwBC+SMs8vTVdziFvNGiNCL+h6YkDA0asANzGdI2I4jg3/H1QfxhEqrFECozatqMFdzi+0jaj5EPvkzSC6knyOdsFVJ6z8y1G00lNzwzNrjwvzNV54nJiQv+O5RLTGsY7b8bwo9sUk9LVHyNcFKDgZfMtHEhkzp1faeLuGv/xzslrZ3ADdykbVsqMvPEaPpyJEtR2Y0myWZdJn7hZUgSDJuQlh1aJc6sFu02+t5eA6IuxHUlahmLn+IfJ5ytu5FW/F7cwSY9HlfXY21TdtKsDWfs78LOkFUUMdEXjzeKeukY682j6g3zKQhCb272RmWnynOsakPuY0vH0nLe/d/H0wvhz/PPwMjTlyRNIsXy1D9OwlkcZIEy8KXkeFff6uOW3kG4h+63x7lC3KM3g1tztJPxmhEsFU40X9chYm+J0gakjAL6VCHkivp+GX0mEkA3ooDWCURBwr+mbxQnF3yDf9ofP4WAKWVVXqg4Q8vsnCxIYZlMgfuQp+7j5Dil5efUrds67bLiELboacy7+RfH3/RcFmYQ9/vqNjn0y5PXOyrUTGsSTUXmIFZvQDY6XCAFf3wBwP5tsBQOMHSjIXPj8vQR7kxn440CkSLRYSRLhY5pgIeGBZUuTviGxuL6D1+QQfDglYE1tcHqToMfL+NIHjqmCWu7AY6eGN4TAveQHIO9+BhDPqhFPgIr4Rh8vx9vY3vh9Y62b1Fkbv2sbADrgOHwZ9FN06jgdwvBhZfYvo4eNQvjDOaoMXZ4dy05g0kwAyGhNk7GEds8td1qUNTdryWGwCdm1zbxsH7cuoHKkH538jDacKPIdw2yewwgVnGfi0HT1+EtvaOfipVSLEgn6l06LemsjeS8UVAXNuO7upI6ekBpQzOWmDkoVFdv2Zy8aaAE4A29718yHWMkZhjkKkc/KjbmRFp1NxFpl30kLaVm4a2AZ/l6KB3gE8WmqbgF5NTCjXervCZPdjJnp5fbG6bK64SDiAWc+xnM0TlfRvZ4d1OhFktpkRTkNm6iSlSVeTZdokns1pCnu8wecXj+/oEVLkJ0t70drqG08p5rEVW001NTZAsKwqdN5ri79Q==
> 07:58:37,333 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (http-127.0.0.1:8080-1) YIIE4AYGKwYBBQUCoIIE1DCCBNCgDTALBgkqhkiG9xIBAgKhBAMCAfaiggS3BIIEs2CCBK8GCSqGSIb3EgECAgEAboIEnjCCBJqgAwIBBaEDAgEOogcDBQAgAAAAo4IBIGGCARwwggEYoAMCAQWhGxsZTVcuTEFCLkVORy5CT1MuUkVESEFULkNPTaIcMBqgAwIBAKETMBEbBEhUVFAbCWxvY2FsaG9zdKOB1TCB0qADAgERoQMCAQSigcUEgcK465BoUHrVQ0BUkECQudf6zEeCf5II5fdigc1feeqGKuL2ETqPjYO3jtghflu42UiXeWq8a5xSJXjQU5gFq6JPVCdvi2e0Fy75e1kQR1vE1Rw/iVfqeneJLfIN0yITvMLhtvZDB7DYdlROsW4M2awuUSdO4NgGrFoA8n46/V3lbfY4MlBQ+C4MYICebuz8flxcmXPre0lBmQ3gfJPTIQdDkU1x2dhQdGGHe0GIUX/dEMEkrVBluW9geTvpzBPR/XrdfaSCA18wggNboAMCARGiggNSBIIDThvjxRAkGUQ9cdb/CyogewYHdMRiCvhMyf/zMibr1PiKBwBC+SMs8vTVdziFvNGiNCL+h6YkDA0asANzGdI2I4jg3/H1QfxhEqrFECozatqMFdzi+0jaj5EPvkzSC6knyOdsFVJ6z8y1G00lNzwzNrjwvzNV54nJiQv+O5RLTGsY7b8bwo9sUk9LVHyNcFKDgZfMtHEhkzp1faeLuGv/xzslrZ3ADdykbVsqMvPEaPpyJEtR2Y0myWZdJn7hZUgSDJuQlh1aJc6sFu02+t5eA6IuxHUlahmLn+IfJ5ytu5FW/F7cwSY9HlfXY21TdtKsDWfs78LOkFUUMdEXjzeKeukY682j6g3zKQhCb272RmWnynOsakPuY0vH0nLe/d/H0wvhz/PPwMjTlyRNIsXy1D9OwlkcZIEy8KXkeFff6uOW3kG4h+63x7lC3KM3g1tztJPxmhEsFU40X9chYm+J0gakjAL6VCHkivp+GX0mEkA3ooDWCURBwr+mbxQnF3yDf9ofP4WAKWVVXqg4Q8vsnCxIYZlMgfuQp+7j5Dil5efUrds67bLiELboacy7+RfH3/RcFmYQ9/vqNjn0y5PXOyrUTGsSTUXmIFZvQDY6XCAFf3wBwP5tsBQOMHSjIXPj8vQR7kxn440CkSLRYSRLhY5pgIeGBZUuTviGxuL6D1+QQfDglYE1tcHqToMfL+NIHjqmCWu7AY6eGN4TAveQHIO9+BhDPqhFPgIr4Rh8vx9vY3vh9Y62b1Fkbv2sbADrgOHwZ9FN06jgdwvBhZfYvo4eNQvjDOaoMXZ4dy05g0kwAyGhNk7GEds8td1qUNTdryWGwCdm1zbxsH7cuoHKkH538jDacKPIdw2yewwgVnGfi0HT1+EtvaOfipVSLEgn6l06LemsjeS8UVAXNuO7upI6ekBpQzOWmDkoVFdv2Zy8aaAE4A29718yHWMkZhjkKkc/KjbmRFp1NxFpl30kLaVm4a2AZ/l6KB3gE8WmqbgF5NTCjXervCZPdjJnp5fbG6bK64SDiAWc+xnM0TlfRvZ4d1OhFktpkRTkNm6iSlSVeTZdokns1pCnu8wecXj+/oEVLkJ0t70drqG08p5rEVW001NTZAsKwqdN5ri79Q==
> 07:58:37,334 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (http-127.0.0.1:8080-1) 0x60 0x82 0x04 0xe0 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0xa0 0x82 0x04 0xd4 0x30 0x82 0x04 0xd0 0xa0 0x0d 0x30 0x0b 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x12 0x01 0x02 0x02 0xa1 0x04 0x03 0x02 0x01 0xf6 0xa2 0x82 0x04 0xb7 0x04 0x82 0x04 0xb3 0x60 0x82 0x04 0xaf 0x06 0x09 0x2a 0x86 0x48 0x86 0xf7 0x12 0x01 0x02 0x02 0x01 0x00 0x6e 0x82 0x04 0x9e 0x30 0x82 0x04 0x9a 0xa0 0x03 0x02 0x01 0x05 0xa1 0x03 0x02 0x01 0x0e 0xa2 0x07 0x03 0x05 0x00 0x20 0x00 0x00 0x00 0xa3 0x82 0x01 0x20 0x61 0x82 0x01 0x1c 0x30 0x82 0x01 0x18 0xa0 0x03 0x02 0x01 0x05 0xa1 0x1b 0x1b 0x19 0x4d 0x57 0x2e 0x4c 0x41 0x42 0x2e 0x45 0x4e 0x47 0x2e 0x42 0x4f 0x53 0x2e 0x52 0x45 0x44 0x48 0x41 0x54 0x2e 0x43 0x4f 0x4d 0xa2 0x1c 0x30 0x1a 0xa0 0x03 0x02 0x01 0x00 0xa1 0x13 0x30 0x11 0x1b 0x04 0x48 0x54 0x54 0x50 0x1b 0x09 0x6c 0x6f 0x63 0x61 0x6c 0x68 0x6f 0x73 0x74 0xa3 0x81 0xd5 0x30 0x81 0xd2 0xa0 0x03 0x02 0x01 0x11 0xa1 0x03 0x02 0x01 0x04 0xa2 0x81 0xc5 0x04 0x81 0xc2 0xb8 0xeb 0x90 0x68 0x50 0x7a 0xd5 0x43 0x40 0x54 0x90 0x40 0x90 0xb9 0xd7 0xfa 0xcc 0x47 0x82 0x7f 0x92 0x08 0xe5 0xf7 0x62 0x81 0xcd 0x5f 0x79 0xea 0x86 0x2a 0xe2 0xf6 0x11 0x3a 0x8f 0x8d 0x83 0xb7 0x8e 0xd8 0x21 0x7e 0x5b 0xb8 0xd9 0x48 0x97 0x79 0x6a 0xbc 0x6b 0x9c 0x52 0x25 0x78 0xd0 0x53 0x98 0x05 0xab 0xa2 0x4f 0x54 0x27 0x6f 0x8b 0x67 0xb4 0x17 0x2e 0xf9 0x7b 0x59 0x10 0x47 0x5b 0xc4 0xd5 0x1c 0x3f 0x89 0x57 0xea 0x7a 0x77 0x89 0x2d 0xf2 0x0d 0xd3 0x22 0x13 0xbc 0xc2 0xe1 0xb6 0xf6 0x43 0x07 0xb0 0xd8 0x76 0x54 0x4e 0xb1 0x6e 0x0c 0xd9 0xac 0x2e 0x51 0x27 0x4e 0xe0 0xd8 0x06 0xac 0x5a 0x00 0xf2 0x7e 0x3a 0xfd 0x5d 0xe5 0x6d 0xf6 0x38 0x32 0x50 0x50 0xf8 0x2e 0x0c 0x60 0x80 0x9e 0x6e 0xec 0xfc 0x7e 0x5c 0x5c 0x99 0x73 0xeb 0x7b 0x49 0x41 0x99 0x0d 0xe0 0x7c 0x93 0xd3 0x21 0x07 0x43 0x91 0x4d 0x71 0xd9 0xd8 0x50 0x74 0x61 0x87 0x7b 0x41 0x88 0x51 0x7f 0xdd 0x10 0xc1 0x24 0xad 0x50 0x65 0xb9 0x6f 0x60 0x79 0x3b 0xe9 0xcc 0x13 0xd1 0xfd 0x7a 0xdd 0x7d 0xa4 0x82 0x03 0x5f 0x30 0x82 0x03 0x5b 0xa0 0x03 0x02 0x01 0x11 0xa2 0x82 0x03 0x52 0x04 0x82 0x03 0x4e 0x1b 0xe3 0xc5 0x10 0x24 0x19 0x44 0x3d 0x71 0xd6 0xff 0x0b 0x2a 0x20 0x7b 0x06 0x07 0x74 0xc4 0x62 0x0a 0xf8 0x4c 0xc9 0xff 0xf3 0x32 0x26 0xeb 0xd4 0xf8 0x8a 0x07 0x00 0x42 0xf9 0x23 0x2c 0xf2 0xf4 0xd5 0x77 0x38 0x85 0xbc 0xd1 0xa2 0x34 0x22 0xfe 0x87 0xa6 0x24 0x0c 0x0d 0x1a 0xb0 0x03 0x73 0x19 0xd2 0x36 0x23 0x88 0xe0 0xdf 0xf1 0xf5 0x41 0xfc 0x61 0x12 0xaa 0xc5 0x10 0x2a 0x33 0x6a 0xda 0x8c 0x15 0xdc 0xe2 0xfb 0x48 0xda 0x8f 0x91 0x0f 0xbe 0x4c 0xd2 0x0b 0xa9 0x27 0xc8 0xe7 0x6c 0x15 0x52 0x7a 0xcf 0xcc 0xb5 0x1b 0x4d 0x25 0x37 0x3c 0x33 0x36 0xb8 0xf0 0xbf 0x33 0x55 0xe7 0x89 0xc9 0x89 0x0b 0xfe 0x3b 0x94 0x4b 0x4c 0x6b 0x18 0xed 0xbf 0x1b 0xc2 0x8f 0x6c 0x52 0x4f 0x4b 0x54 0x7c 0x8d 0x70 0x52 0x83 0x81 0x97 0xcc 0xb4 0x71 0x21 0x93 0x3a 0x75 0x7d 0xa7 0x8b 0xb8 0x6b 0xff 0xc7 0x3b 0x25 0xad 0x9d 0xc0 0x0d 0xdc 0xa4 0x6d 0x5b 0x2a 0x32 0xf3 0xc4 0x68 0xfa 0x72 0x24 0x4b 0x51 0xd9 0x8d 0x26 0xc9 0x66 0x5d 0x26 0x7e 0xe1 0x65 0x48 0x12 0x0c 0x9b 0x90 0x96 0x1d 0x5a 0x25 0xce 0xac 0x16 0xed 0x36 0xfa 0xde 0x5e 0x03 0xa2 0x2e 0xc4 0x75 0x25 0x6a 0x19 0x8b 0x9f 0xe2 0x1f 0x27 0x9c 0xad 0xbb 0x91 0x56 0xfc 0x5e 0xdc 0xc1 0x26 0x3d 0x1e 0x57 0xd7 0x63 0x6d 0x53 0x76 0xd2 0xac 0x0d 0x67 0xec 0xef 0xc2 0xce 0x90 0x55 0x14 0x31 0xd1 0x17 0x8f 0x37 0x8a 0x7a 0xe9 0x18 0xeb 0xcd 0xa3 0xea 0x0d 0xf3 0x29 0x08 0x42 0x6f 0x6e 0xf6 0x46 0x65 0xa7 0xca 0x73 0xac 0x6a 0x43 0xee 0x63 0x4b 0xc7 0xd2 0x72 0xde 0xfd 0xdf 0xc7 0xd3 0x0b 0xe1 0xcf 0xf3 0xcf 0xc0 0xc8 0xd3 0x97 0x24 0x4d 0x22 0xc5 0xf2 0xd4 0x3f 0x4e 0xc2 0x59 0x1c 0x64 0x81 0x32 0xf0 0xa5 0xe4 0x78 0x57 0xdf 0xea 0xe3 0x96 0xde 0x41 0xb8 0x87 0xee 0xb7 0xc7 0xb9 0x42 0xdc 0xa3 0x37 0x83 0x5b 0x73 0xb4 0x93 0xf1 0x9a 0x11 0x2c 0x15 0x4e 0x34 0x5f 0xd7 0x21 0x62 0x6f 0x89 0xd2 0x06 0xa4 0x8c 0x02 0xfa 0x54 0x21 0xe4 0x8a 0xfa 0x7e 0x19 0x7d 0x26 0x12 0x40 0x37 0xa2 0x80 0xd6 0x09 0x44 0x41 0xc2 0xbf 0xa6 0x6f 0x14 0x27 0x17 0x7c 0x83 0x7f 0xda 0x1f 0x3f 0x85 0x80 0x29 0x65 0x55 0x5e 0xa8 0x38 0x43 0xcb 0xec 0x9c 0x2c 0x48 0x61 0x99 0x4c 0x81 0xfb 0x90 0xa7 0xee 0xe3 0xe4 0x38 0xa5 0xe5 0xe7 0xd4 0xad 0xdb 0x3a 0xed 0xb2 0xe2 0x10 0xb6 0xe8 0x69 0xcc 0xbb 0xf9 0x17 0xc7 0xdf 0xf4 0x5c 0x16 0x66 0x10 0xf7 0xfb 0xea 0x36 0x39 0xf4 0xcb 0x93 0xd7 0x3b 0x2a 0xd4 0x4c 0x6b 0x12 0x4d 0x45 0xe6 0x20 0x56 0x6f 0x40 0x36 0x3a 0x5c 0x20 0x05 0x7f 0x7c 0x01 0xc0 0xfe 0x6d 0xb0 0x14 0x0e 0x30 0x74 0xa3 0x21 0x73 0xe3 0xf2 0xf4 0x11 0xee 0x4c 0x67 0xe3 0x8d 0x02 0x91 0x22 0xd1 0x61 0x24 0x4b 0x85 0x8e 0x69 0x80 0x87 0x86 0x05 0x95 0x2e 0x4e 0xf8 0x86 0xc6 0xe2 0xfa 0x0f 0x5f 0x90 0x41 0xf0 0xe0 0x95 0x81 0x35 0xb5 0xc1 0xea 0x4e 0x83 0x1f 0x2f 0xe3 0x48 0x1e 0x3a 0xa6 0x09 0x6b 0xbb 0x01 0x8e 0x9e 0x18 0xde 0x13 0x02 0xf7 0x90 0x1c 0x83 0xbd 0xf8 0x18 0x43 0x3e 0xa8 0x45 0x3e 0x02 0x2b 0xe1 0x18 0x7c 0xbf 0x1f 0x6f 0x63 0x7b 0xe1 0xf5 0x8e 0xb6 0x6f 0x51 0x64 0x6e 0xfd 0xac 0x6c 0x00 0xeb 0x80 0xe1 0xf0 0x67 0xd1 0x4d 0xd3 0xa8 0xe0 0x77 0x0b 0xc1 0x85 0x97 0xd8 0xbe 0x8e 0x1e 0x35 0x0b 0xe3 0x0c 0xe6 0xa8 0x31 0x76 0x78 0x77 0x2d 0x39 0x83 0x49 0x30 0x03 0x21 0xa1 0x36 0x4e 0xc6 0x11 0xdb 0x3c 0xb5 0xdd 0x6a 0x50 0xd4 0xdd 0xaf 0x25 0x86 0xc0 0x27 0x66 0xd7 0x36 0xf1 0xb0 0x7e 0xdc 0xba 0x81 0xca 0x90 0x7e 0x77 0xf2 0x30 0xda 0x70 0xa3 0xc8 0x77 0x0d 0xb2 0x7b 0x0c 0x20 0x56 0x71 0x9f 0x8b 0x41 0xd3 0xd7 0xe1 0x2d 0xbd 0xa3 0x9f 0x8a 0x95 0x52 0x2c 0x48 0x27 0xea 0x5d 0x3a 0x2d 0xe9 0xac 0x8d 0xe4 0xbc 0x51 0x50 0x17 0x36 0xe3 0xbb 0xba 0x92 0x3a 0x7a 0x40 0x69 0x43 0x33 0x96 0x98 0x39 0x28 0x54 0x57 0x6f 0xd9 0x9c 0xbc 0x69 0xa0 0x04 0xe0 0x0d 0xbd 0xef 0x5f 0x32 0x1d 0x63 0x24 0x66 0x18 0xe4 0x2a 0x47 0x3f 0x2a 0x36 0xe6 0x44 0x5a 0x75 0x37 0x11 0x69 0x97 0x7d 0x24 0x2d 0xa5 0x66 0xe1 0xad 0x80 0x67 0xf9 0x7a 0x28 0x1d 0xe0 0x13 0xc5 0xa6 0xa9 0xb8 0x05 0xe4 0xd4 0xc2 0x8d 0x77 0xab 0xbc 0x26 0x4f 0x76 0x32 0x67 0xa7 0x97 0xdb 0x1b 0xa6 0xca 0xeb 0x84 0x83 0x88 0x05 0x9c 0xfb 0x19 0xcc 0xd1 0x39 0x5f 0x46 0xf6 0x78 0x77 0x53 0xa1 0x16 0x4b 0x69 0x91 0x14 0xe4 0x36 0x6e 0xa2 0x4a 0x54 0x95 0x79 0x36 0x5d 0xa2 0x49 0xec 0xd6 0x90 0xa7 0xbb 0xcc 0x1e 0x71 0x78 0xfe 0xfe 0x81 0x15 0x2e 0x42 0x74 0xb7 0xbd 0x1d 0xae 0xa1 0xb4 0xf2 0x9e 0x6b 0x11 0x55 0xb4 0xd3 0x53 0x53 0x64 0x0b 0x0a 0xc2 0xa7 0x4d 0xe6 0xb8 0xbb 0xf5
> 07:58:37,340 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) Creating new NegotiationContext
> 07:58:37,341 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-127.0.0.1:8080-1) associate 482840717
> 07:58:37,347 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Wrapped Krb5LoginModule is 'com.sun.security.auth.module.Krb5LoginModule'
> 07:58:37,347 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) delegationCredential=USE
> 07:58:37,350 INFO [stdout] (http-127.0.0.1:8080-1) Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is /tmp/krb5cc_100e0 isInitiator true KeyTab is /home/jstastny/tmp-workspaces/workspace/HTTP_localhost refreshKrb5Config is false principal is HTTP/localhost at EXAMPLE.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
> 07:58:37,350 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Initialised wrapped login module.
> 07:58:37,350 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) addGssCredential=true
> 07:58:37,350 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) wrapGssCredential=false
> 07:58:37,350 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) No delegation credential so falling through to use wrapped login module.
> 07:58:37,352 INFO [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
> 07:58:37,354 INFO [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost at EXAMPLE.COM
> 07:58:37,354 INFO [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
> 07:58:37,687 INFO [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost at EXAMPLE.COM
> 07:58:37,688 INFO [stdout] (http-127.0.0.1:8080-1) Will use keytab
> 07:58:37,689 INFO [stdout] (http-127.0.0.1:8080-1) Commit Succeeded
> 07:58:37,689 INFO [stdout] (http-127.0.0.1:8080-1)
> 07:58:37,689 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Called wrapped login module respone=true
> 07:58:37,689 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Adding GSSCredential to populated Subject
> 07:58:37,692 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Creating GSSName for Principal 'HTTP/localhost at EXAMPLE.COM'
> 07:58:37,696 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Added private credential.
> 07:58:37,714 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Removing GSSCredential added to subject during authentication.
> 07:58:37,714 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Passing to wrapped login module to logout.
> 07:58:37,714 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: Entering logout
> 07:58:37,715 INFO [stdout] (http-127.0.0.1:8080-1) [Krb5LoginModule]: logged out Subject
> 07:58:37,715 TRACE [org.jboss.security.negotiation.KerberosLoginModule] (http-127.0.0.1:8080-1) Disposing of GSSCredential
> 07:58:37,721 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[IiHacYzARtsmAF3+MOfUOI1W_1478761117341(odata,user,)]
> 07:58:37,722 TRACE [org.jboss.security.negotiation.common.MessageTrace.Response.Base64] (http-127.0.0.1:8080-1) oXIwcKJuBGxgagYJKoZIhvcSAQICAgBvWzBZoAMCAQWhAwIBD6JNMEugAwIBEaJEBEIw/ArS7fib
> M9EJec7tQTiDM9Xm9CuAJ9A3+6wj+ubYOmD2+PaWnLMMyCbvuMkF5VriZZX0OJdt66nlcjJsHlME
> F0Q=
> 07:58:37,722 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-127.0.0.1:8080-1) clear 482840717
> 07:58:37,742 DEBUG [org.teiid.SECURITY] (http-127.0.0.1:8080-1) authenticateUser anonymous JDBC
> 07:58:37,747 DEBUG [org.teiid.SECURITY] (http-127.0.0.1:8080-1) Logon successful, created session: sessionid=Ztls9qKXYVAN; userName=KRBUSR05\@EXAMPLE.COM at EXAMPLE.COM; vdbName=oracle_kerberos; vdbVersion=1; createdTime=Thu Nov 10 07:58:37 GMT+01:00 2016; applicationName=JDBC; clientHostName=null; clientHardwareAddress=null; IPAddress=null; securityDomain=EXAMPLE.COM; lastPingTime=Thu Nov 10 07:58:37 GMT+01:00 2016
> 07:58:37,760 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) Successfully obtained a session.
> 07:58:37,760 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) Connection Url=
> 07:58:37,760 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) ApplicationName=JDBC
> 07:58:37,760 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) PassthroughAuthentication=true
> 07:58:37,761 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) local-transport-name=odata
> 07:58:37,761 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) waitForLoad=0
> 07:58:37,761 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) batch-size=256
> 07:58:37,761 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) VirtualDatabaseName=oracle_kerberos.1
> 07:58:37,761 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) transportName=odata
> 07:58:37,761 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) skiptoken-cache-time=300000
> 07:58:37,761 FINE [org.teiid.jdbc] (http-127.0.0.1:8080-1) The JDBC Driver successfully obtained a connection.
> {code}
> Security domains configured:
> {code:xml}
> <security-domain name="host">
> <authentication>
> <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
> <module-option name="storeKey" value="true"/>
> <module-option name="useKeyTab" value="true"/>
> <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/>
> <module-option name="principal" value="HTTP/localhost at EXAMPLE.COM"/>
> <module-option name="doNotPrompt" value="true"/>
> <module-option name="useTicketCache" value="true"/>
> <module-option name="debug" value="true"/>
> <module-option name="refreshKrb5Config" value="false"/>
> <module-option name="isInitiator" value="true"/>
> <module-option name="addGSSCredential" value="true"/>
> <module-option name="delegationCredential" value="USE"/>
> <module-option name="ticketCache" value="/tmp/krb5cc_100e0"/>
> </login-module>
> </authentication>
> </security-domain>
> <security-domain name="EXAMPLE.COM">
> <authentication>
> <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation">
> <module-option name="password-stacking" value="useFirstPass"/>
> <module-option name="serverSecurityDomain" value="host"/>
> </login-module>
> </authentication>
> <mapping>
> <mapping-module code="SimpleRoles" type="role">
> <module-option name="KRBUSR05 at EXAMPLE.COM" value="user,odata"/>
> </mapping-module>
> </mapping>
> </security-domain>
> <security-domain name="passthrough-security">
> <authentication>
> <login-module code="org.teiid.jboss.PassthroughIdentityLoginModule" flag="required" module="org.jboss.teiid">
> <module-option name="userName" value="guest"/>
> <module-option name="password" value="guest"/>
> </login-module>
> </authentication>
> </security-domain>
> {code}
> Datasource configured:
> {code:xml}
> <datasource jndi-name="java:/Oracle12_krb" pool-name="Oracle12_krb" enabled="true" spy="true">
> <connection-url>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=url.somewhere.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=qaora12)))</connection-url>
> <connection-property name="oracle.net.authentication_services">
> (KERBEROS5)
> </connection-property>
> <driver>oracle</driver>
> <pool>
> <prefill>false</prefill>
> <allow-multiple-users>false</allow-multiple-users>
> </pool>
> <security>
> <security-domain>passthrough-security</security-domain>
> </security>
> </datasource>
> {code}
> VDB:
> {code:xml}
> <vdb name="oracle_kerberos" version="1">
> <property name="security-domain" value="EXAMPLE.COM"/>
> <property name="authentication-type" value="GSS"/>
> <model name="BQT1">
> <source name="local" translator-name="oracle" connection-jndi-name="java:/Oracle12_krb"/>
> <metadata type="DDL"><![CDATA[
> CREATE FOREIGN TABLE dual (
> "user" string PRIMARY KEY
> );
> ]]> </metadata>
> </model>
> </vdb>
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the teiid-issues
mailing list