0 Replies Latest reply on Mar 25, 2016 9:23 AM by arctictisek

    Oracle data source in TLS in WildFly 8.2.1

    arctictisek
    arctictisek Mar 25, 2016 9:23 AM

      Hi,

       

       

      I need to connect securely to my Oracle data source.

       

       

      To validate that my Oracle set-up is working fine I made myself a sample JDBC java program making a simple select and printing it out.

      During this I realised the following:

      a- I need to have the Oracle PKI provider declared in my java.security file of my Java set-up : security.provider.7=oracle.security.pki.OraclePKIProvider

      b- I need to have 3 Oracle security specific JAR files in the class path : oraclepki.jar, osdt_cert.jar, osdt_core.jar

      c- I need to update the URL to the database (TCPS instead of TCP)

      d- I need to define properties : javax.net.ssl.trustStore=/path/to/my/store and javax.net.ssl.trustStoreType=SSO

       

       

      With this all. my Java sample works just fine.

       

       

      Now when trying to make it work on WildFly:

      a- I use the same Java that with the sample (so the provider *is* set-up properly)

      b- I added the JARs next to the already existing ojdbc7.jar driver in modules/com/oracle/ojdbc/main and referred to them in the module.xml file

      c- I updated the URL in standalone.xml

      d- I updated JAVA_OPTS in standalone.conf with the extra properties

       

       

      And started the server.

      This fails to connect with error:

       

       

      (MSC service thread 1-6) startup failed: javax.ejb.EJBException: java.lang.RuntimeException: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/jdbc/serverDS

        at org.jboss.as.ejb3.tx.BMTInterceptor.handleException(BMTInterceptor.java:78) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.as.ejb3.tx.EjbBMTInterceptor.checkStatelessDone(EjbBMTInterceptor.java:92) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.as.ejb3.tx.EjbBMTInterceptor.handleInvocation(EjbBMTInterceptor.java:107) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.as.ejb3.tx.BMTInterceptor.processInvocation(BMTInterceptor.java:56) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:407)

        at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:55) [weld-core-impl-2.2.6.Final.jar:2014-10-03 10:05]

        at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83) [wildfly-weld-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) [wildfly-ee-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)

        at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.component.interceptors.NonPooledEJBComponentInstanceAssociatingInterceptor.processInvocation(NonPooledEJBComponentInstanceAssociatingInterceptor.java:59) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:79) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:43) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:95) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)

        at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:448)

        at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)

        at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)

        at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:185)

        at org.jboss.as.ejb3.remote.LocalEjbReceiver.processInvocation(LocalEjbReceiver.java:245) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:184) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBObjectInterceptor.handleInvocation(EJBObjectInterceptor.java:58) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBHomeInterceptor.handleInvocation(EJBHomeInterceptor.java:83) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:42) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:125) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:253) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:198) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:181) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:144) [jboss-ejb-client-2.0.1.Final.jar:2.0.1.Final]

        at com.sun.proxy.$Proxy100.startUp(Unknown Source)

      [...]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_74]

        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_74]

      Caused by: java.lang.RuntimeException: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/jdbc/serverDS

      [...]

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_74]

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_74]

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_74]

        at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_74]

        at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)

        at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:407)

        at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82) [wildfly-weld-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93) [wildfly-weld-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)

        at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) [wildfly-jpa-8.2.1.Final.jar:8.2.1.Final]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

        at org.jboss.as.ejb3.tx.EjbBMTInterceptor.handleInvocation(EjbBMTInterceptor.java:104) [wildfly-ejb3-8.2.1.Final.jar:8.2.1.Final]

        ... 69 more

      Caused by: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/jdbc/serverDS

        at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:154)

      [...]

      Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/jdbc/serverDS

        at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:442)

        at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:421)

        at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:515)

        at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:146)

        ... 92 more

      Caused by: javax.resource.ResourceException: Could not create connection

        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.getXAManagedConnection(XAManagedConnectionFactory.java:524)

        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.createManagedConnection(XAManagedConnectionFactory.java:433)

        at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:1166)

        at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:446)

        at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:461)

        at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:433)

        at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:379)

        ... 95 more

      Caused by: java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection

        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:673)

        at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:715)

        at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:385)

        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:30)

        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:564)

        at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:303)

        at oracle.jdbc.xa.client.OracleXADataSource.getPooledConnection(OracleXADataSource.java:500)

        at oracle.jdbc.xa.client.OracleXADataSource.getXAConnection(OracleXADataSource.java:174)

        at oracle.jdbc.xa.client.OracleXADataSource.getXAConnection(OracleXADataSource.java:143)

        at org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.getXAManagedConnection(XAManagedConnectionFactory.java:507)

        ... 101 more

      Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection

        at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:445)

        at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:464)

        at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:594)

        at oracle.net.ns.NSProtocol.connect(NSProtocol.java:229)

        at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1360)

        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:486)

        ... 110 more

      Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.

        at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:325)

        at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:115)

        at oracle.net.nt.ConnOption.connect(ConnOption.java:133)

        at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:411)

        ... 115 more

      Caused by: oracle.net.ns.NetException: Unable to initialize the trust store.

        at oracle.net.nt.CustomSSLSocketFactory.getTrustManagerArray(CustomSSLSocketFactory.java:413)

        at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:309)

        ... 118 more

      Caused by: java.security.KeyStoreException: SSO not found

        at java.security.KeyStore.getInstance(KeyStore.java:851) [rt.jar:1.8.0_74]

        at oracle.net.nt.CustomSSLSocketFactory.getTrustManagerArray(CustomSSLSocketFactory.java:401)

        ... 119 more

      Caused by: java.security.NoSuchAlgorithmException: SSO KeyStore not available

        at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) [rt.jar:1.8.0_74]

        at java.security.Security.getImpl(Security.java:695) [rt.jar:1.8.0_74]

        at java.security.KeyStore.getInstance(KeyStore.java:848) [rt.jar:1.8.0_74]

        ... 120 more

       

       

       

       

      The "SSO KeyStore not available" is mentionned in the Oracle documentation as the error that appears when the provider had not been added properly (in java.security statically, or dynamically with Security.addProvider(new

      oracle.security.pki.OraclePKIProvider()))  which is not the case here...

       

       

      This error at least validates that my properties were taken in acocunt properly (as it understands I mean to use "SSO" keystore type).

       

       

      While playing with my sample, I observer a similar error when the extra JARs were not loaded. So to verify that they *were* loaded with WildFly I corrupted the path to them in module.xml and it gave errors about missing dependencies so the JARs *are* loaded.

       

       

      I do not know what more to do to solve this out...