Bug 1331742
Summary: | MSSQL JDBC driver invalidates kerberos ticket on Connection.close() | ||
---|---|---|---|
Product: | [JBoss] JBoss Data Virtualization 6 | Reporter: | Juraj Duráni <jdurani> |
Component: | Teiid | Assignee: | Van Halbert <vhalbert> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Juraj Duráni <jdurani> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.3.0 | CC: | aszczucz, blafond, dlesage, drieden, jolee, mbaluch, thauser, vhalbert |
Target Milestone: | CR1 | ||
Target Release: | 6.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
The MSSQL JDBC driver invalidates an active kerberos ticket on Connection.close(). As a result, if the user creates kerberos connection, the driver invalidates the ticket when the connection is closed and, therefore, the ticket cannot be re-used. The EAP team created a workaround for this by adding the module option 'wrapGSSCredential=true' with the additional setting 'credentialLifetime=-1'. This works for static kerberos authentication. To make the PassthroughIdentityLoginModule (PTILM) work, you need to add an additional module option for PTILM 'wrapGSSCredential' and set it to 'true' (the default is 'false').
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-08-24 11:36:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Juraj Duráni
2016-04-29 12:26:59 UTC
Ramesh Reddy <rareddy> updated the status of jira TEIID-4183 to Resolved Additional option "wrapGSSCredential=true" for login module org.teiid.jboss.PassthroughIdentityLoginModule is supposed to be a workaround. But Teiid/MSSQL driver throws exception [1] with that option. Setting to assigned. [1] org.teiid.jdbc.TeiidSQLException: TEIID30498 Remote org.teiid.api.exception.query.QueryPlannerException: TEIID30498 Capabilities for BQT were not available. The command could not be planned properly. at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135) at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71) at org.teiid.jdbc.StatementImpl.postReceiveResults(StatementImpl.java:706) at org.teiid.jdbc.StatementImpl.access$100(StatementImpl.java:64) at org.teiid.jdbc.StatementImpl$2.onCompletion(StatementImpl.java:545) at org.teiid.client.util.ResultsFuture.done(ResultsFuture.java:135) at org.teiid.client.util.ResultsFuture.access$200(ResultsFuture.java:40) at org.teiid.client.util.ResultsFuture$1.receiveResults(ResultsFuture.java:79) at org.teiid.net.socket.SocketServerInstanceImpl.receivedMessage(SocketServerInstanceImpl.java:268) at org.teiid.net.socket.SocketServerInstanceImpl.read(SocketServerInstanceImpl.java:306) at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.teiid.net.socket.SocketServerConnectionFactory$ShutdownHandler.invoke(SocketServerConnectionFactory.java:98) at com.sun.proxy.$Proxy6.read(Unknown Source) at org.teiid.net.socket.SocketServerInstanceImpl$RemoteInvocationHandler$1.get(SocketServerInstanceImpl.java:405) at org.teiid.jdbc.StatementImpl.executeSql(StatementImpl.java:554) at org.teiid.jdbc.PreparedStatementImpl.execute(PreparedStatementImpl.java:241) at org.jboss.dv.qe.kerberos.Utils.executePerformanceTest(Utils.java:88) at org.jboss.dv.qe.kerberos.MSSQLKerberosTest.performanceTest(MSSQLKerberosTest.java:232) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:80) at org.testng.internal.Invoker.invokeMethod(Invoker.java:714) at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:901) at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1231) at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:127) at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:111) at org.testng.TestRunner.privateRun(TestRunner.java:767) at org.testng.TestRunner.run(TestRunner.java:617) at org.testng.SuiteRunner.runTest(SuiteRunner.java:334) at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:329) at org.testng.SuiteRunner.privateRun(SuiteRunner.java:291) at org.testng.SuiteRunner.run(SuiteRunner.java:240) at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52) at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86) at org.testng.TestNG.runSuitesSequentially(TestNG.java:1198) at org.testng.TestNG.runSuitesLocally(TestNG.java:1123) at org.testng.TestNG.run(TestNG.java:1031) at org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:70) at org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:108) at org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:111) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:164) at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:110) at org.apache.maven.surefire.booter.SurefireStarter.invokeProvider(SurefireStarter.java:172) at org.apache.maven.surefire.booter.SurefireStarter.runSuitesInProcessWhenForked(SurefireStarter.java:104) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:70) Caused by: org.teiid.core.TeiidProcessingException: TEIID30498 Remote org.teiid.api.exception.query.QueryPlannerException: TEIID30498 Capabilities for BQT were not available. The command could not be planned properly. at org.teiid.query.optimizer.relational.PlanToProcessConverter.convertNode(PlanToProcessConverter.java:326) at org.teiid.query.optimizer.relational.PlanToProcessConverter.convertPlan(PlanToProcessConverter.java:143) at org.teiid.query.optimizer.relational.PlanToProcessConverter.convertPlan(PlanToProcessConverter.java:159) at org.teiid.query.optimizer.relational.PlanToProcessConverter.convertPlan(PlanToProcessConverter.java:147) at org.teiid.query.optimizer.relational.PlanToProcessConverter.convertPlan(PlanToProcessConverter.java:159) at org.teiid.query.optimizer.relational.PlanToProcessConverter.convertPlan(PlanToProcessConverter.java:159) at org.teiid.query.optimizer.relational.PlanToProcessConverter.convert(PlanToProcessConverter.java:120) at org.teiid.query.optimizer.relational.RelationalPlanner.optimize(RelationalPlanner.java:228) at org.teiid.query.optimizer.QueryOptimizer.optimizePlan(QueryOptimizer.java:159) at org.teiid.dqp.internal.process.Request.generatePlan(Request.java:442) at org.teiid.dqp.internal.process.PreparedStatementRequest.generatePlan(PreparedStatementRequest.java:119) at org.teiid.dqp.internal.process.Request.processRequest(Request.java:470) at org.teiid.dqp.internal.process.PreparedStatementRequest.processRequest(PreparedStatementRequest.java:294) at org.teiid.dqp.internal.process.RequestWorkItem.processNew(RequestWorkItem.java:642) at org.teiid.dqp.internal.process.RequestWorkItem.process(RequestWorkItem.java:337) at org.teiid.dqp.internal.process.AbstractWorkItem.run(AbstractWorkItem.java:51) at org.teiid.dqp.internal.process.RequestWorkItem.run(RequestWorkItem.java:274) at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276) at org.teiid.dqp.internal.process.ThreadReuseExecutor$RunnableWrapper.run(ThreadReuseExecutor.java:119) at org.teiid.dqp.internal.process.ThreadReuseExecutor$3.run(ThreadReuseExecutor.java:210) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:744) Caused by: org.teiid.core.TeiidException: TEIID11009 Remote org.teiid.translator.TranslatorException: TEIID11009 java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/SQL2012_Krb at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:274) at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:68) at org.teiid.translator.ExecutionFactory.getConnection(ExecutionFactory.java:202) at org.teiid.dqp.internal.datamgr.ConnectorManager.buildCapabilities(ConnectorManager.java:179) at org.teiid.dqp.internal.datamgr.ConnectorManager.getCapabilities(ConnectorManager.java:163) at org.teiid.dqp.internal.process.CachedFinder.findCapabilities(CachedFinder.java:108) at org.teiid.query.metadata.TempCapabilitiesFinder.findCapabilities(TempCapabilitiesFinder.java:78) at org.teiid.query.optimizer.relational.rules.CapabilitiesUtil.getCapabilities(CapabilitiesUtil.java:439) at org.teiid.query.optimizer.relational.rules.CapabilitiesUtil.supports(CapabilitiesUtil.java:459) at org.teiid.query.optimizer.relational.rules.CapabilitiesUtil.requiresCriteria(CapabilitiesUtil.java:444) at org.teiid.query.optimizer.relational.rules.RulePlaceAccess.addAccessNode(RulePlaceAccess.java:196) at org.teiid.query.optimizer.relational.rules.RulePlaceAccess.execute(RulePlaceAccess.java:86) at org.teiid.query.optimizer.relational.RelationalPlanner.executeRules(RelationalPlanner.java:859) at org.teiid.query.optimizer.relational.RelationalPlanner.optimize(RelationalPlanner.java:226) ... 15 more Caused by: java.sql.SQLException: Remote java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/SQL2012_Krb at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:151) at org.teiid.translator.jdbc.JDBCExecutionFactory.getConnection(JDBCExecutionFactory.java:270) ... 28 more Caused by: org.teiid.core.TeiidRuntimeException: Remote javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/SQL2012_Krb at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:410) at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:367) at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:499) at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:143) ... 29 more Caused by: org.teiid.core.TeiidRuntimeException: Remote javax.resource.ResourceException: IJ000658: Unexpected throwable while trying to create a connection: null at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:454) at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:457) at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:429) at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:344) ... 32 more Caused by: org.teiid.core.TeiidRuntimeException: Remote javax.resource.ResourceException: Could not create connection at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:351) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.access$200(LocalManagedConnectionFactory.java:60) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:274) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:265) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:264) at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:858) at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:413) ... 35 more Caused by: java.sql.SQLException: Remote com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId:b0e4955c-f233-4ee3-b609-2929d8f6a169 at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667) at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthInit(KerbAuthentication.java:176) at com.microsoft.sqlserver.jdbc.KerbAuthentication.GenerateClientContext(KerbAuthentication.java:268) at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:2691) at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:2234) at com.microsoft.sqlserver.jdbc.SQLServerConnection.access$000(SQLServerConnection.java:41) at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:2220) at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:5696) at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:1715) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1326) at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:323) ... 43 more Caused by: org.teiid.core.TeiidRuntimeException: Remote java.security.PrivilegedActionException: null at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at com.microsoft.sqlserver.jdbc.KerbAuthentication.getClientCredential(KerbAuthentication.java:199) at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthInit(KerbAuthentication.java:150) ... 55 more Caused by: org.teiid.core.TeiidRuntimeException: Remote org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62) at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) at com.microsoft.sqlserver.jdbc.KerbAuthentication$1.run(KerbAuthentication.java:189) at com.microsoft.sqlserver.jdbc.KerbAuthentication$1.run(KerbAuthentication.java:187) ... 59 more Setting blocker to ?. With workaround every query fails. With out workaround, user cannot use connection poll properly. Van Halbert <vhalbert> updated the status of jira TEIID-4183 to Reopened Ramesh Reddy <rareddy> updated the status of jira TEIID-4183 to Resolved Basic configuration (no wrapping, no cache) did not pass [1]. [1] https://issues.jboss.org/browse/TEIID-4183?focusedCommentId=13273356&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13273356 Ramesh Reddy <rareddy> updated the status of jira TEIID-4183 to Reopened Steven Hawkins <shawkins> updated the status of jira TEIID-4183 to Closed |