Invalid username/password when accessing Keycloak's H2 database - h2

I am attempting to follow the guide here to view my H2 database directly.
When executing the command: java -cp $jar org.h2.tools.Console -url "$url" -user sa -password sa
I get the following exception Exception in thread "main" org.h2.jdbc.JdbcSQLException: Wrong user name or password [28000-193]
This seems relatively straightforward, but I cannot seem to figure out my credentials. I am running keycloak 7.0.0 locally through a docker image and I have not knowingly modified anything about the database. So far I have tried permutations of sa, empty, and my keycloak credentials with no success.
Is there any way to get/set/create a set of credentials for this database?

I think the default password for an off-the-shelf h2 database is "" (empty).
Nevertheless you can also find or configure your datasource from the subsystem configuration files.
You should find something like this.
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
<datasources>
​<drivers>
​<driver name="h2" module="com.h2database.h2">
​<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
​</driver>
​</drivers>
...
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<driver>h2</driver>
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
<security>
<user-name>sa</user-name>
<password>?</password>
</security>
</datasource>
...
</datasources>
Keycloak rely on Widlfly, which documentation gives more info about database configuration.

Related

How fix "Invalid ODBC handle" for sajdbc4 under Wildfly 20?

I had Wildfly 10 running previously and have just upgraded to Wildfly 20 (under Ubuntu 20). My configuration from the past no longer works when it comes to getting the Sybase SQL Anywhere 17 sajdbc4 driver working.
A quick summary of what's going wrong is that I installed sajdbc4.jar and the supporting files in /opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main/. I then ran a simple Java test app to confirm that it can connect to a test database and it works fine. I configured a driver and datasource in standalone.xml and run Wildfly with the following. When I Test Connection for the datasource it fails with "Invalid ODBC handle":
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main
export CLASSPATH=$CLASSPATH:/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main
sudo ./standalone.sh
Can anyone explain what I still need to do to get the sajdbc4 driver to work?
Here are detailed notes:
*** I used tar to install Wildfly 20 in:
/opt/wildfly-20.0.1.Final
*** Placed the Sybase Sql Anywhere 17 sajdbc4.jar and other supporting files in /opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main
*** I have a simple Java app that tests the connection which I run with:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main
java -classpath .:/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main/sajdbc4.jar sajdbc4DriverTest.java
This simple test app runs and dumps a database table so I conclude that everything I need to work is in /opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main
*** Here is module.xml (in .sybase/main):
<?xml version="1.0" encoding="utf-8"?>
<module xmlns="urn:jboss:module:1.1" name="com.mydomain.sybase">
<resources>
<resource-root path="sajdbc4.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
</module>
*** To test Wildfly I added the driver definition in standalaone.xml as:
<drivers>
...
<driver name="sajdbc4" module="com.mydomain.sybase"/>
</drivers>
*** I then add the following datasource in standalaone.xml:
<datasource jndi-name="java:jboss/datasources/TestDB" pool-name="TestDB" spy="true" tracking="true">
<connection-url>jdbc:sqlanywhere:Host=192.168.1.89:11111,192.168.1.89:11112;ServerName=TestDB;</connection-url>
<driver>sajdbc4</driver>
<pool>
<min-pool-size>0</min-pool-size>
<max-pool-size>30</max-pool-size>
</pool>
<security>
<user-name>...</user-name>
<password>...</password>
</security>
</datasource>
*** I then run in /opt/wildfly-20.0.1.Final/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main
export CLASSPATH=$CLASSPATH:/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main
sudo ./standalone.sh
At the top of the Terminal's log we see:
...
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED
Note that the two exports were ignored!
*** If I then try to test the datasource connection (in the Admin console) we crash with:
...
Caused by: java.lang.UnsatisfiedLinkError: no dbjdbc17 in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-linux-gnu, /usr/lib/jni, /lib, /usr/lib]
at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
...
]) - failure description: "WFLYJCA0040: failed to invoke operation: WFLYJCA0047: Connection is not valid"
In an attempt to get around the "export failures" I modified standalone.config (everything after "# ADDED FOLLOWING HACK")
#
# Specify options to pass to the Java VM.
#
if [ "x$JAVA_OPTS" = "x" ]; then
JAVA_OPTS="-Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true"
JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS -Djava.awt.headless=true"
# ADDED FOLLOWING HACK
JAVA_OPTS="$JAVA_OPTS -Djava.library.path=/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main -cp .:/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main/sajdbc4.jar"
else
echo "JAVA_OPTS already set in environment; overriding default settings with values: $JAVA_OPTS"
fi
*** Again I run in /opt/wildfly-20.0.1.Final/bin
sudo ./standalone.sh
At the top of the Terminal's log we now see:
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -Djava.library.path=/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main -cp .:/opt/wildfly-20.0.1.Final/modules/system/layers/base/com/mydomain/sybase/main/sajdbc4.jar --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED
So that suggests that we now have the java.library.path and classpath as needed.
*** If I again try to test the datasource connection we now crash with:
...
Caused by: java.sql.SQLException: Invalid ODBC handle
at com.mydomain.sybase//sap.jdbc4.sqlanywhere.IDriver.makeODBCConnection(Native Method)
at com.mydomain.sybase//sap.jdbc4.sqlanywhere.IDriver.connect(IDriver.java:809)
at org.jboss.ironjacamar.jdbcadapters#1.4.22.Final//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:321)
... 35 more
]) - failure description: "WFLYJCA0040: failed to invoke operation: WFLYJCA0047: Connection is not valid"
Why are the export LD_LIBRARY_PATH and export CLASSPATH being ignored? (I expect that is what's causing the "no dbjdbc17 in java.library.path" error). How do I specify these to Wildfly?
Even when JAVA_OPTS shows the java.library.path and cp are set we still fail with "Invalid ODBC handle". This is very strange because my simple Java app test showed that when both java.library.path and cp are set to ./sybase/main "everything works". Note that the test app uses the same connection string I use in the in standalone.xml.
Thank you in advance.
The problem turned out to be related to the fact that I was running Wildfly as a service and apparently my efforts above to set the java.library.path is failing. I know the reason for the error but I do not know how to set the path when running as a service.

IBM WebSphere Liberty working with IHS Server Problems with Certificate(s)

I have a liberty server and an IHS server (both on different hosts). This is on rhel7.
I've followed a number of guides that I found that walk thru the setup of keystores and sharing of certs but still run into issues. For reference, I tried the methods detailed https://jazz.net/wiki/bin/view/Deployment/CreateIHSPLUGINFORLIBERTYPROFILE and https://www.ibm.com/support/knowledgecenter/en/SSEQTJ_9.0.5/com.ibm.websphere.ihs.doc/ihs/tihs_install_config_liberty.html.
A quick summary of what I have done this past attempt... On the liberty server I added the following to my server.xml to add a plugin include (to keep things easier to read):
<include location="${server.config.dir}/plugin-join-include.xml" />
And the plugin-join-include.xml:
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="libertyKey" password="xxxx"
location="${server.config.dir}/resources/security/libkey.jks"/>
<pluginConfiguration webserverPort="10500" webserverSecurePort="10447"
pluginInstallRoot="/opt/IBM/wasadmin/Plugins"
sslKeyRingLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.kdb"
sslStashFileLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.sth"
sslCertlabel="libertyKey"/>
On my IHS server the path for the root Plugin directory is as indicated above in the file at /opt/IBM/wasadmin/Plugins and the plugin-key.kdb and plugin-key.sth are located in the locations listed above.
I reboot the liberty server and it generated the plugin-cfg.xml in the logs/state directory:
<?xml version="1.0" encoding="UTF-8"?><!--HTTP server plugin config file for app generated on 2020.03.04 at 12:32:02 UTC-->
<Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" ConfigHash="1077723051" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="false" TrustedProxyEnable="false" VHostMatchingCompat="false">
<Log LogLevel="Error" Name="/opt/IBM/wasadmin/Plugins/logs/webserver1/http_plugin.log"/>
<Property Name="ESIEnable" Value="true"/>
<Property Name="ESIMaxCacheSize" Value="1024"/>
<Property Name="ESIInvalidationMonitor" Value="false"/>
<Property Name="ESIEnableToPassCookies" Value="false"/>
<Property Name="PluginInstallRoot" Value="/opt/IBM/wasadmin/Plugins"/>
<!-- Configuration generated using httpEndpointRef=defaultHttpEndpoint-->
<!-- The default_host contained only aliases for endpoint defaultHttpEndpoint.
The generated VirtualHostGroup will contain only configured web server ports:
webserverPort=10500
webserverSecurePort=10447 -->
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:10500"/>
<VirtualHost Name="*:10447"/>
</VirtualHostGroup>
<ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="affms_default_node_Cluster" PostBufferSize="0" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60" ServerIOTimeoutRetry="-1">
<Server CloneID="412b3187-16c4-41b0-86e8-1e327c1c6b1b" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="20" MaxConnections="-1" Name="default_node_affms" ServerIOTimeout="900" WaitForContinue="false">
<Transport Hostname="libertyhost" Port="10500" Protocol="http"/>
<Transport Hostname="libertyhost" Port="10447" Protocol="https">
<Property Name="keyring" Value="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.sth"/>
<Property Name="certLabel" Value="libertyKey"/>
</Transport>
</Server>
<PrimaryServers>
<Server Name="default_node_app"/>
</PrimaryServers>
</ServerCluster>
<UriGroup Name="default_host_app_default_node_Cluster_URIs">
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/app/ui/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/adminCenter/*"/>
</UriGroup>
<Route ServerCluster="app_default_node_Cluster" UriGroup="default_host_app_default_node_Cluster_URIs" VirtualHostGroup="default_host"/>
I copy the plugin-cfg.xml over to the IHS server at /opt/IBM/wasadmin/Plugins/config/webserver1/plugin-cfg.xml
The plugin stuff works only the SSL portion between IHS and the app server give me issues.
On the IHS server I have created the plugin-key.kdb keystore with stash plugin-key.sth and imported the cert I extracted from the liberty server /opt/IBM/wlp/usr/servers/app/resources/security/key.p12 the default personal cert and copy it to the IHS server and add the default liberty cert to the plugin-key.kdb keystore.
At the bottom of the httpd.conf is:
LoadModule was_ap22_module /opt/IBM/wasadmin/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/wasadmin/Plugins/config/webserver1/plugin-cfg.xml
I bounce the apachectl and go to the url for the application on port 8443 https://hostname:8443/app/ui and get a "500 Internal Server Error".
The http_plugin.log plugin logs show:
[04/Mar/2020:18:23:48.31652] 00002f26 3cff9700 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414) PARTNER CERTIFICATE DN=CN=hostname,OU=app,O=ibm,C=us, Serial=xxxxxxxxxxx
[04/Mar/2020:18:23:48.31655] 00002f26 3cff9700 - ERROR: Ensure correct certificate is marked as default certificate in plugin-key.kdb. Consult documentation regarding Administering application security and Securing communications for more information.
[04/Mar/2020:18:23:48.31657] 00002f26 3cff9700 - ERROR: Last validation error [575010]: GSKVAL_ERROR_NO_CHAIN_BUILT
[04/Mar/2020:18:23:48.31658] 00002f26 3cff9700 - ERROR: Subject [[Class=]GSKVALMethod::PKIX[Issuer=]OU=memberRoot,O=xxxx-xxx-xxx-xxx-xxxxxxxx,DC=com.ibm.ws.collective[#=]082d6a83e5ec[Subject=]CN=hostname,OU=app,O=ibm,C=us] failed certificate validation
[04/Mar/2020:18:23:48.31659] 00002f26 3cff9700 - ERROR: X509 Certificate validation log: [[Class=]GSKVALMethod::PKIX[Time=]2020:3:4:18:23:48.316[buildChain=][Error=]GSKVAL_ERR_NO_CHAIN_BUILT[Info=]OU=memberRoot,O=xxx-xxx-xxx-xxx-xxx,DC=com.ibm.ws.collective[Cert=][Issuer=]OU=memberRoot,O=xxx-xxx-xxx-xxx-xxxx,DC=com.ibm.ws.collective[#=]082d6a83e5ec[Subject=]CN=hostname,OU=app,O=ibm,C=us[=Cert][=buildChain]^M
]
[04/Mar/2020:18:23:48.31664] 00002f26 3cff9700 - ERROR: ws_common: websphereGetStream: Could not open stream
[04/Mar/2020:18:23:48.31667] 00002f26 3cff9700 - ERROR: ws_common: websphereExecute: Failed to create the stream
[04/Mar/2020:18:23:48.31668] 00002f26 3cff9700 - ERROR: ws_common: websphereHandleRequest: Failed to execute the transaction to 'default_node_app' on host 'hostname:10447'; will try another one
[04/Mar/2020:18:23:48.31669] 00002f26 3cff9700 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find an app server to handle this request
[04/Mar/2020:18:23:48.31670] 00002f26 3cff9700 - ERROR: ESI: getResponse: failed to get response: rc = 2
[04/Mar/2020:18:23:48.31671] 00002f26 3cff9700 - ERROR: [xxx.xx.xx.17://app/ui/] ws_common: websphereHandleRequest: Failed to handle request rc=2
Thank you!
You said "imported" I assume this means an "add" operation in ikeyman/gskcmd/gskcapicmd? The two verbs in these tools have a different meaning.
I suspect you added the issued certificate (CN=hostname...) instead of the CA that issued the certificate (memberroot). The debug information in the WAS Plugin message implies that it couldn't chase the certificate up to a trusted root (as opposed to finding some X509 error w/ the root it had access to).
But, it could also be that you imported the "wrong" certificate with cn=memberroot. WebSphere does not always add the necessary Subject Key Identifier/Authority Key Identifier to be sure, so check carefully.
Ok, I got this working finally. It seems having a collective setup which used DefaultKeyStore id was somehow causing conflict with my Liberty plugin keystore.
I ended up re-creating everything (plugin-key.kdb keystore and the liberty plugin keystore which I named LibertyKeystore.jks). I dumped the collective stuff (not needed at this time anyways) and made an include as above called plugin-join-include.xml:
<?xml version="1.0" encoding="UTF-8" ?>
<server description="IHS plugin join include file">
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="defaultKeyStore" password="password"
location="${server.config.dir}/resources/security/LibertyKeystore.jks" />
<pluginConfiguration webserverPort="80" webserverSecurePort="8443"
pluginInstallRoot="/opt/IBM/wasadmin/Plugins"
sslKeyRingLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.kdb"
sslStashFileLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.sth"
sslCertlabel="LibertyKeystore"/>
</server>
I exchanged keys between the liberty server LibertyKeystore.jks and the IHS plugin-key.kdb keystores and pushed the newly generated plugin to the IHS server and bounced everything and it all seems to function without issue.
I do now notice in the /opt/IBM/wasadmin/HTTPServer/logs the error log streams:
[Wed Mar 04 21:32:28 2020] [error] [client xxx.xx.xx.17:65261] [7ff5a0000910] [19831] SSL0279E: SSL Handshake Failed due to fatal alert from client. Client sent fatal alert [level 2 (fatal), description 46 (certificate_unknown)] [xxx.xx.xx.17:65261 -> xxx.xx.xx.87:8443] [21:32:28.000934048] 0ms
The access logs show 200's. Maybe a non plugin "issue" at this point.

How to configure datasource for keycloak to work well with galera cluster?

ENV:
Linux: Red Hat 7.5 (Maipo)
MariaDB: 10.2.13-MariaDB
Keycloak: 3.4.3.Fina
JDBC driver: mariadb-java-client-2.2.5.jar
Decription:
I start a keycloak instance , make it to connect to a galera-cluster.
while :
If I use “kill -9 mariaDB process” on a gelera node, the connection between keycloak and galera will occurred 500 error, after few seconds, 200 OK go on.
If I use “kill -15 mariaDB process” on a gelera node, the connection between keycloak and galera will 200 OK go on, no error happened.
"kill -9" to simulate the crash scenario for mysql service.
what I hope is that no any error when mysql service crashed. (e.g kill -9), keycloak should auto connect to next galera node when current node is crashed , without any errors
Below is my datasource configuration in standalone.xml
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:mariadb:failover://db1,db2,db3/keycloak?autoReconnect=true&amp</connection-url>
<driver>mariadb</driver>
<security>
<user-name>kc_dbuser</user-name>
<password>7a092075c015090fe21c83ecd6f6</password>
</security>
<pool>
<min-pool-size>5</min-pool-size>
<max-pool-size>20</max-pool-size>
<flush-strategy>IdleConnections</flush-strategy>
</pool>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>
<check-valid-connection-sql>SELECT 1</check-valid-connection-sql>
<validate-on-match>true</validate-on-match>
<background-validation>true</background-validation>
<background-validation-millis>1000</background-validation-millis>
<use-fast-fail>true</use-fast-fail>
</validation>
<statement>
<share-prepared-statements>false</share-prepared-statements>
</statement>
</datasource>
is a keycloak bug or JBOSS bug or JDBC driver BUG or just configuration problem ?
How to resolve it?
Change Line No 2 With This Code
<connection-url>jdbc:mariadb:failover://db1,db2,db3/keycloak?autoReconnect=true</connection-url>

Tomcat cannot create TCPS Oracle JDBC connection

I'm using database connection through JDBC in tomcat.
Our environment is Tomcat 7 + JDK 8 and Oracle 12c.
As I can only connect to Oracle database through TCPS (and which we are using Oracle's wallet), so I have to modify my current Tomcat server.xml to create JDBC connection to Oracle.
My updated configuration snippet
<Resource auth="Container" driverClassName="oracle.jdbc.driver.OracleDriver"
initialSize="10"
jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReportJmx(threshold=10000)"
jmxEnabled="true" logAbandoned="true" maxActive="100" maxIdle="100"
maxWait="10000"
name="jdbc/jndiconnection" password="XXXXXX" removeAbandoned="true"
type="javax.sql.DataSource" url=""jdbc:oracle:thin:#(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname)(PORT=1234))(CONNECT_DATA=(SERVICE_NAME=servicename)))"
username="XXXXXXXX" validationInterval="30000" validationQuery="SELECT 1 FROM DUAL" />
I added truststore/trusttypey/keystore/keytype as parameters,however I got error:
Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:296)
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:117)
at oracle.net.nt.ConnOption.connect(ConnOption.java:133)
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:370)
... 73 more
Caused by: oracle.net.ns.NetException: Unable to initialize the key store.
at oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:369)
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:279)
... 76 more
Caused by: java.security.KeyStoreException: SSO not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:357)
... 77 more
Caused by: java.security.NoSuchAlgorithmException: SSO KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 78 more
Then I followed the instruction from : https://sysapp.wordpress.com/2010/08/31/how-to-oracle-wallet-with-jdbc-thin-driver-datasource-tomcat/
However in the article it is using PROTOCAL as TCP but not TCPS.
<Resource
name="jdbc/confluence"
auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:/#mywallet"
connectionProperties=”oracle.net.wallet_location=/opt/wallet"/>
Then I got error:
Caused by: oracle.net.ns.NetException: The method specified in wallet_location is not supported. Location: /opt/wallet
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:219)
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:117)
at oracle.net.nt.ConnOption.connect(ConnOption.java:133)
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:370)
... 73 more
I have written Java sample code to connect through TCPS and the connection works fine.
Did I missed some key points in the configuration file? And is there any other way to create Oracle's TCPS connection through JDBC?
”oracle.net.wallet_location=/opt/wallet"
That's not what the property is supposed to be. It is supposed to be :
(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/wallet)))
The error message you get is because it cannot find a "METHOD=" in the one you provided.
There are a few steps that you need to follow.
(1) Make sure you have oraclepki.jar, osdt_core.jar, osdt_cert.jar in the classpath
(2) Also, specify the location of cwallet.sso file through the following system property. You can create a setenv.sh and add required system properties.
Also, enable another system property as shown here.
export JAVA_OPTS="$CATALINA_OPTS -Doracle.net.wallet_location='(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/test/wallet/)))'"
export JAVA_OPTS="$CATALINA_OPTS -Doracle.net.ssl_server_dn_match=true"
(3) Make sure you have the certificate information in the URL as shown here.
Please copy the 'security' part of the URL from your certificate.
(description=
(address=(protocol=tcps)(port=1522)(host=myorclhostname))
(connect_data=(service_name=myorcldb))
(security=(ssl_server_cert_dn=
"CN=CMAN, O=Oracle Database , C=US"))
)
(4) You need to activate oracle PKI provider. To statically enable it:
Change java.security file of JRE (JRE_HOME/jre/lib/security/java.security):
security.provider.7=oracle.security.pki.OraclePKIProvider
Refer to "SSL with JDBC driver" for more details.

WildFly - is missing [jboss.naming.context.java.jdbc.__TimerPool]

I have followed this manual to migrate from GlassFish to WildFly:
http://wildfly.org/news/2014/02/06/GlassFish-to-WildFly-migration/
However I'm getting the following error when running my application in WildFly:
ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "exampleProject-ear-1.0-SNAPSHOT.ear")]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.persistenceunit.\"exampleProject-ear-1.0-SNAPSHOT.ear/exampleProject-web-1.0-SNAPSHOT.war#exampleProjectPU\".FIRST_PHASE is missing [jboss.naming.context.java.jdbc.__TimerPool]",
"jboss.persistenceunit.\"exampleProject-ear-1.0-SNAPSHOT.ear/exampleProject-web-1.0-SNAPSHOT.war#exampleProjectPU\" is missing [jboss.naming.context.java.jdbc.__TimerPool]"
]}
The error talks about jboss.naming.context.java.jdbc.__TimerPool. Any idea of what should I do? I'm using WildFly 10 and MySQL as database.
Forget about this. __TimerPool was the name of a Datasource in GlassFish and I was using it without knowing it, I simply removed the persistence.xml file that contained it and it worked.
Check your standalone.xml. It must be having a datasource with pool-name "exampleProjectPU" . Something like this. Please remove the full xml block.
<datasources>
<datasource jndi-name="xxx:exampleProjectPU" pool-name="exampleProjectPU" enabled="true">
<connection-url>jdbc:oracle:thin:#//host:port/SID</connection-url>
<driver>oracle</driver>
<security>
<user-name></user-name>
<password></password>
</security>
</datasource>
Go to deployments folder and check if there is any sample project with name "example project.war". If yes, remove it and start the server again. It should work fine.
try to change your mysql-connecter to bin file like mysql-connector-java-5.1.47-bin
make sure the name in is the some in jndi-name

Resources