-
1. Re: Datasource using Kerberos authentication
ke88yun Dec 9, 2014 7:46 PM (in response to icemanltd)I run into the exactly same situation.
I have a standalone java app which is working fine through Kerberos authentication to Postgres SQL database on linux platform.
However, it is not working when configuring JBOSS AS7 data source using Kerberos authentication. and it throws the following exception
================================================================================================
2014-12-09 16:03:29,077 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (MSC service thread 1-6) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: No matching credentials in Subject!
at org.jboss.jca.adapters.jdbc.BaseWrapperManagedConnectionFactory.getConnectionProperties(BaseWrapperManagedConnectionFactory.java:1015)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:211)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:761)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:343)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:397)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:365)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:329)
at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:368)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:464)
at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:129)
at org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider.getConnection(InjectedDataSourceConnectionProvider.java:67) [hibernate-entitymanager-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.engine.jdbc.internal.JdbcServicesImpl$ConnectionProviderJdbcConnectionAccess.obtainConnection(JdbcServicesImpl.java:253) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.engine.jdbc.internal.JdbcServicesImpl.configure(JdbcServicesImpl.java:119) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.service.internal.StandardServiceRegistryImpl.configureService(StandardServiceRegistryImpl.java:75) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:159) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:131) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:71) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.cfg.Configuration.buildSettingsInternal(Configuration.java:2270) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2266) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1735) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.ejb.EntityManagerFactoryImpl.<init>(EntityManagerFactoryImpl.java:84) [hibernate-entitymanager-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:904) [hibernate-entitymanager-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:889) [hibernate-entitymanager-4.0.1.Final.jar:4.0.1.Final]
at org.hibernate.ejb.HibernatePersistence.createContainerEntityManagerFactory(HibernatePersistence.java:73) [hibernate-entitymanager-4.0.1.Final.jar:4.0.1.Final]
at org.jboss.as.jpa.service.PersistenceUnitServiceImpl.createContainerEntityManagerFactory(PersistenceUnitServiceImpl.java:162) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.as.jpa.service.PersistenceUnitServiceImpl.start(PersistenceUnitServiceImpl.java:85) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
=========================================
By digging into the source code, it looks like it will never works.
The following is the call sequence
1. getConnectionProperties -> SubjectActions.addMatchingProperties
/**
* Add matching properties
* @param subject The subject
* @param props The properties
* @param mcf The managed connection factory
* @return The result
*/
static boolean addMatchingProperties(Subject subject, Properties props, ManagedConnectionFactory mcf)
{
SubjectActions action = new SubjectActions(subject, props, mcf);
Boolean matched = AccessController.doPrivileged(action);
return matched.booleanValue();
}
2. SubjectActions.addMatchingProperties -> AccessController.doPrivileged(action);-> run method defined in SubjectActions class (which will always return Boolean.FALSE for kerberos scenario)
/**
* SubjectActions
*/
static class SubjectActions implements PrivilegedAction<Boolean>
{
... <code omitted for simplicity>
/**
* Run
* @return The result
*/
public Boolean run()
{
Set<PasswordCredential> creds = subject.getPrivateCredentials(PasswordCredential.class); <<< subject.getPrivateCredentials will return null when looking for PasswordCredential in kerberos scenario
if (creds != null && creds.size() > 0)
{
for (PasswordCredential cred : creds)
{
if (cred.getManagedConnectionFactory().equals(mcf))
{
props.setProperty("user", (cred.getUserName() == null) ? "" : cred.getUserName());
if (cred.getPassword() != null)
props.setProperty("password", new String(cred.getPassword()));
return Boolean.TRUE;
}
}
}
return Boolean.FALSE;
}
-
2. Re: Datasource using Kerberos authentication
ke88yun Dec 9, 2014 8:08 PM (in response to ke88yun)It seems that kerberos support has been added since ironjacamar 1.1.5-final and back ported to 1.0.25-final as well. See the following task id for detail.