Bug 1242700

Summary:	OData servlet throws TEIID10036/TEIID40087 when disabling security
Product:	[JBoss] JBoss Data Virtualization 6	Reporter:	Hisanobu Okuda <hokuda>
Component:	Teiid	Assignee:	Van Halbert <vhalbert>
Status:	CLOSED CURRENTRELEASE	QA Contact:
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	6.1.0	CC:	atangrin, hokuda, jstastny, vhalbert
Target Milestone:	CR1	Keywords:	QA-Closed
Target Release:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-02-10 08:53:51 UTC	Type:	Feature Request
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Hisanobu Okuda 2015-07-14 01:55:09 UTC

When I disable security for teiid-odata-8.7.1.redhat-8.war modifying web.xml as follows:-

    <!--
    <security-constraint>
        <display-name>require valid user</display-name>
        <web-resource-collection>
            <web-resource-name>Teiid Rest Application</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>odata</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>yourdomain.com</realm-name>
    </login-config>
    -->
</web-app>


The OData servlet thowrs an exception:-

10:47:51,578 SEVERE [org.teiid.jdbc] (http-/127.0.0.1:8080-2) Could not create connection: org.teiid.jdbc.TeiidSQLException: TEIID10036 org.teiid.core.TeiidException: TEIID10036 org.teiid.net.ConnectionException: TEIID40087 Passthrough authentication failed. No auth[6/1654]
on information found.
        at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135) [teiid-client-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71) [teiid-client-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55) [teiid-client-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105) [teiid-client-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.odata.LocalClient.getConnection(LocalClient.java:121) [classes:]
        at org.teiid.odata.LocalClient.getVDB(LocalClient.java:94) [classes:]
        at org.teiid.odata.LocalClient.getMetadata(LocalClient.java:425) [classes:]
        at org.teiid.odata.TeiidProducer.getMetadata(TeiidProducer.java:69) [classes:]
        at org.odata4j.producer.resources.EntitiesRequestResource.getEntitiesImpl(EntitiesRequestResource.java:350) [odata4j-core-0.8.0.redhat-2.jar:]
        at org.odata4j.producer.resources.EntitiesRequestResource.getEntities(EntitiesRequestResource.java:266) [odata4j-core-0.8.0.redhat-2.jar:]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_45]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]
        at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167) [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]
        at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]
        at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:542) [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524) [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:126) [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]
        at org.teiid.odata.ODataServletContainerDispatcher.service(ODataServletContainerDispatcher.java:118) [classes:]
        at org.teiid.odata.ODataServlet.service(ODataServlet.java:65) [classes:]
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
        at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
Caused by: org.teiid.core.TeiidException: TEIID10036 org.teiid.core.TeiidException: TEIID10036 org.teiid.net.ConnectionException: TEIID40087 Passthrough authentication failed. No authentication information found.
        at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:292) [teiid-common-core-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53) [teiid-client-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60) [teiid-client-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50) [teiid-client-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        ... 35 more
Caused by: org.teiid.core.TeiidException: TEIID10036 org.teiid.net.ConnectionException: TEIID40087 Passthrough authentication failed. No authentication information found.
        at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:329) [teiid-common-core-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:290) [teiid-common-core-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        ... 38 more
Caused by: org.teiid.net.ConnectionException: TEIID40087 Passthrough authentication failed. No authentication information found.
        at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:132) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:99) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.7.0_45]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) [rt.jar:1.7.0_45]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.7.0_45]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:526) [rt.jar:1.7.0_45]
        at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:327) [teiid-common-core-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        ... 39 more
Caused by: org.teiid.client.security.LogonException: TEIID40087 Passthrough authentication failed. No authentication information found.
        at org.teiid.transport.LogonImpl.logon(LogonImpl.java:153) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.transport.LogonImpl.logon(LogonImpl.java:117) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_45]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]
        at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
        at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:170) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at java.util.concurrent.FutureTask.run(FutureTask.java:262) [rt.jar:1.7.0_45]
        at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:274) [teiid-engine-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:258) [teiid-engine-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:168) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at com.sun.proxy.$Proxy94.logon(Unknown Source)
        at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:128) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        ... 45 more
Caused by: javax.security.auth.login.LoginException: TEIID40087 Passthrough authentication failed. No authentication information found.
        at org.teiid.services.SessionServiceImpl.passThroughLogin(SessionServiceImpl.java:214) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.services.SessionServiceImpl.createSession(SessionServiceImpl.java:169) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        at org.teiid.transport.LogonImpl.logon(LogonImpl.java:133) [teiid-runtime-8.7.1.redhat-8.jar:8.7.1.redhat-8]
        ... 57 more



Steps to reproduce:-

1. deploy https://github.com/teiid/teiid-quickstarts/tree/master/webservices-as-a-datasource
2. disable security of odata.war as the above
3. restart JDV 6.1
4. access http://localhost:8080/odata/webservice/CustomersView

Comment 2 Van Halbert 2015-07-14 02:26:08 UTC

Pass-thru authentication is trying to be used, which means its based on trying to authenticate the user based on defined security realm.   You will need to change from using pass-thru authentication when turning off security.

Comment 3 Hisanobu Okuda 2015-07-14 04:33:02 UTC

It is hard-coded in org.teiid.odata.LocalClient:-

---------------------------------------------------------------------
83:		connectionProperties.put(TeiidURL.CONNECTION.PASSTHROUGH_AUTHENTICATION, "true"); //$NON-NLS-1$
---------------------------------------------------------------------

Accessing odata, I overwrote the value and add "user" and "password" via debugger:-

---------------------------------------------------------------------
Breakpoint hit: "thread=http-/127.0.0.1:8080-1", org.teiid.odata.LocalClient.getConnection(), line=121 bci=0

http-/127.0.0.1:8080-1[1] print this.connectionProperties.put("PassthroughAuthentication", "false")
>  this.connectionProperties.put("PassthroughAuthentication", "false") = "true"
http-/127.0.0.1:8080-1[1] print this.connectionProperties.put("user", "teiidUser")
> this.connectionProperties.put("user", "teiidUser") = null
http-/127.0.0.1:8080-1[1] print this.connectionProperties.put("password", "Passw0rd.")
http-/127.0.0.1:8080-1[1] print this.connectionProperties
 this.connectionProperties = "{PassthroughAuthentication=false, user=teiidUser, password=Passw0rd., waitForLoad=0, transportName=odata}"
>  this.connectionProperties.put("password", "Passw0rd.") = null
http-/127.0.0.1:8080-1[1] cont
---------------------------------------------------------------------

Then, it worked fine. We need this capability to set the properties without using a debugger.

Comment 4 Van Halbert 2015-07-14 12:37:05 UTC

Per the engineer:

Since we don't have the concept of an anonymous connection, this would be expected behavior.  


If there's a change in behavior that you need, will need to file an enhancement request.

Comment 5 Hisanobu Okuda 2015-07-14 13:19:39 UTC

Van, thank you for the suggestion.
I changed the "Type" to "Feature Request".

Comment 6 JBoss JIRA Server 2015-07-15 20:53:48 UTC

Ramesh Reddy <rareddy> updated the status of jira TEIID-3569 to Resolved

Comment 7 Jan Stastny 2015-08-21 06:12:24 UTC

Using the configuration in linked JIRA enables to use odata servlet without authentication by the user.

Comment 8 JBoss JIRA Server 2015-10-11 19:18:35 UTC

Steven Hawkins <shawkins> updated the status of jira TEIID-3569 to Closed