-
Bug
-
Resolution: Done
-
Critical
-
7.4.0.GA
-
False
-
False
-
Documentation (Ref Guide, User Guide, etc.), Release Notes, Compatibility/Configuration
-
Blocks Testing
-
-
-
-
-
-
-
+
-
Undefined
-
Download and unzip oracle-krb.zip
and any EAP version.- copy keytab KRBUSR01 to JBOSS_HOME
- copy krb5.conf to JBOSS_HOME
- copy standalone.xml to JBOSS_HOME/standalone/configuration
- download Oracle JDBC driver ojdbc8.jar and copy it to JBOSS_HOME/standalone/deployments
- start server
- run CLI
/subsystem=datasources/data-source=TestDatasource:test-connection-in-pool
Download and unzip oracle-krb.zip and any EAP version. copy keytab KRBUSR01 to JBOSS_HOME copy krb5.conf to JBOSS_HOME copy standalone.xml to JBOSS_HOME/standalone/configuration download Oracle JDBC driver ojdbc8.jar and copy it to JBOSS_HOME/standalone/deployments start server run CLI /subsystem=datasources/data-source=TestDatasource:test-connection-in-pool -
Caused by: java.sql.SQLException: OAUTH marshaling failure
at oracle.jdbc.driver.T4CTTIoauthenticate.validateO5ServerResponse(T4CTTIoauthenticate.java:1650)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTHWithO5Logon(T4CTTIoauthenticate.java:1469)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:1219)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:1173)
at oracle.jdbc.driver.T4CConnection.authenticateUserForLogon(T4CConnection.java:1030)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:646)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:1032)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:90)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:681)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:602)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:321)
... 238 more
IronJacamar automatically adds user and password properties to Driver/DataSource connection properties and Oracle JDBC driver (and/or database) seems to be sensitive to the presence of these properties.
In the case of Kerberos authentication, the user is automatically extracted from Subject and password is set to an empty string. IJ does it on multiple places, I didn't look for the exact place in this case, but one example is BaseWrapperManagedConnectionFactory.java#L1434
Here is an overview how Oracle Databases and Drivers behave with different combinations of connection properties
Database version: Oracle 12cR1
| driver/props | no properties | user | password | both |
|---|---|---|---|---|
| 12.2.0.1 | ok | ok | ok | ok |
| 19.3 | ok | ok | ok | ok |
| 19.10 | ok | ok | ok | ok |
| 21.1 | ok | ok | ok | ok |
Database version: Oracle 12cR2
| driver/props | no properties | user | password | both |
|---|---|---|---|---|
| 12.2.0.1 | ok | fail | ok | fail |
| 19.3 | ok | fail | ok | fail |
| 19.10 | ok | fail | ok | fail |
| 21.1 | ok | ok | ok | fail |
Database version: Oracle 19cR3
| driver/props | no properties | user | password | both |
|---|---|---|---|---|
| 12.2.0.1 | ok | fail | ok | fail |
| 19.3 | ok | fail | ok | fail |
| 19.10 | ok | fail | ok | fail |
| 21.1 | ok | ok | ok | fail |
- causes
-
-
- Verified
-
-
-
- Verified
-
- is cloned by
-
-
- Verified
-
- is incorporated by
-
JBEAP-21313 [GSS](7.4.z) Upgrade Ironjacamar from 1.4.30.Final-redhat-00001 to 1.4.35.Final-redhat-00001
-
- Closed
-
- relates to
-
JBJCA-1426 Kerberos support: don't copy GSSCredential by default
-
- Resolved
-