I am asked to test the compatibility of the system in various application servers. I have done the test in Weblogic and jBoss and it was successful.
When I am trying to deploy EJB's, I am struggling.
I am unable to realise the same in Websphere Application Server 8.5.5.
For jBoss (configuration XML )
Snippet:
<security-realm name="TechSoftRealm">
<authentication>
<jaas name="TechSoft"/>
</authentication>
</security-realm>
</security-realms>
and the security domain is configured as
<security-domain name="TechSoft" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/techSoftusers.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/techSoftroles.properties"/>
<module-option name="unauthenticatedIdentity" value="anonymous"/>
</login-module>
</authentication>
</security-domain>
The users had roles have been configured in here. I have looked in various IBM documents, but unable to configure one properly.
Any assistance will be of greatly help.
Error
JSAS1480I: Security is not enabled because the ConfigURL property file is not set.
javax.naming.NamingException: Error getting WsnNameService properties [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: 0x4942f000 minor code: 3591 completed: No]
at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1552)
at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServer(WsnInitCtxFactory.java:1042)
at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnInitCtxFactory.java:962)
at com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextInternal(WsnInitCtxFactory.java:614)
at com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:128)
at com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.java:765)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179)
at javax.naming.InitialContext.lookup(InitialContext.java:411)
at com.temenos.adapter.common.runtime.outbound.MyClass.main(MyClass.java:30)
Caused by: org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: 0x4942f000 minor code: 3591 completed: No
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1276)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1457)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1164)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1423)
at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1886)
at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1379)
at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449)
at com.ibm.WsnBootstrap._WsnNameServiceStub.getProperties(_WsnNameServiceStub.java:38)
at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1549)
... 9 more
Caused by: java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:83)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at com.ibm.ws.orbimpl.transport.WSTCPTransportConnection.createSocket(WSTCPTransportConnection.java:313)
at com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase.java:357)
at com.ibm.ws.orbimpl.transport.WSTransport.getConnection(WSTransport.java:437)
at com.ibm.CORBA.transport.TransportBase.getConnection(TransportBase.java:187)
at com.ibm.rmi.iiop.TransportManager.get(TransportManager.java:97)
at com.ibm.rmi.iiop.GIOPImpl.getConnection(GIOPImpl.java:130)
at com.ibm.rmi.iiop.GIOPImpl.locate(GIOPImpl.java:219)
at com.ibm.rmi.corba.ClientDelegate.locate(ClientDelegate.java:1983)
at com.ibm.rmi.corba.ClientDelegate._createRequest(ClientDelegate.java:2008)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1186)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1272)
... 17 more
o enable application security, administrative security must be enabled. This is by design. You can have administrative security without application security, but not the other way around.
By default WAS has administrative security enabled, when installed (unless you've changed that). The most basic configuration will use federated repository with file registry configured. You will be able to add users and groups via console. And then map your defined users to roles as you described in the comments.
In most production environments there is LDAP registry included in federtated, in that case you don't add users, as they are taken from LDAP.
Refer following:
http://www.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/tsec_csec2.html
Related
I have downloaded the Camunda 7.10 (Wildfly full distribution), made some tests using the default H2 (in-memory) database and everything worked fine.
Then I configured the standalone.xml to use an Oracle 11g database.
As soon as I start the server with the camunda-example-invoice-7.10.0.war deployed, I got the exception:
12:12:45,570 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service org.camunda.bpm.platform.process-application-module."deployment.camunda-example-invoice-7.10.0.war".START: org.jboss.msc.service.StartException in service org.camunda.bpm.platform.process-application-module."deployment.camunda-example-invoice-7.10.0.war".START: Exception while invoking the #PostDeploy method
at org.camunda.bpm.container.impl.jboss.service.ProcessApplicationStartService.invokePostDeploy(ProcessApplicationStartService.java:223)
at org.camunda.bpm.container.impl.jboss.service.ProcessApplicationStartService.start(ProcessApplicationStartService.java:152)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698)
at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.camunda.bpm.application.ProcessApplicationExecutionException: java.lang.reflect.InvocationTargetException
at org.camunda.bpm.application.impl.ProcessApplicationLogger.processApplicationExecutionException(ProcessApplicationLogger.java:94)
at org.camunda.bpm.application.AbstractProcessApplication.execute(AbstractProcessApplication.java:120)
at org.camunda.bpm.container.impl.jboss.service.ProcessApplicationStartService.invokePostDeploy(ProcessApplicationStartService.java:215)
... 9 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.camunda.bpm.container.impl.jboss.service.ProcessApplicationStartService$1.call(ProcessApplicationStartService.java:218)
at org.camunda.bpm.container.impl.jboss.service.ProcessApplicationStartService$1.call(ProcessApplicationStartService.java:215)
at org.camunda.bpm.application.AbstractProcessApplication.execute(AbstractProcessApplication.java:117)
... 10 more
Caused by: org.camunda.bpm.engine.OptimisticLockingException: ENGINE-03005 Execution of 'UPDATE TaskEntity[0ec55ac9-77ed-11e9-a885-024251084739]' failed. Entity was updated by another transaction concurrently.
at org.camunda.bpm.engine.impl.db.EnginePersistenceLogger.concurrentUpdateDbEntityException(EnginePersistenceLogger.java:134)
at org.camunda.bpm.engine.impl.db.entitymanager.DbEntityManager.handleOptimisticLockingException(DbEntityManager.java:498)
at org.camunda.bpm.engine.impl.db.entitymanager.DbEntityManager.checkFlushResults(DbEntityManager.java:450)
at org.camunda.bpm.engine.impl.db.entitymanager.DbEntityManager.flushDbOperations(DbEntityManager.java:366)
at org.camunda.bpm.engine.impl.db.entitymanager.DbEntityManager.flushDbOperationManager(DbEntityManager.java:324)
at org.camunda.bpm.engine.impl.db.entitymanager.DbEntityManager.flush(DbEntityManager.java:296)
at org.camunda.bpm.engine.impl.interceptor.CommandContext.flushSessions(CommandContext.java:207)
at org.camunda.bpm.engine.impl.interceptor.CommandContext.close(CommandContext.java:136)
at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:115)
at org.camunda.bpm.engine.impl.interceptor.JtaTransactionInterceptor.execute(JtaTransactionInterceptor.java:60)
at org.camunda.bpm.engine.impl.interceptor.ProcessApplicationContextInterceptor.execute(ProcessApplicationContextInterceptor.java:69)
at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute(LogInterceptor.java:32)
at org.camunda.bpm.engine.impl.TaskServiceImpl.claim(TaskServiceImpl.java:168)
at org.camunda.bpm.example.invoice.InvoiceProcessApplication.startProcessInstances(InvoiceProcessApplication.java:157)
at org.camunda.bpm.example.invoice.InvoiceProcessApplication.startFirstProcess(InvoiceProcessApplication.java:63)
... 17 more
This is my datasource configuration:
<xa-datasource jndi-name="java:jboss/datasources/ProcessEngine" pool-name="ProcessEngineDS" enabled="true" use-ccm="true">
<xa-datasource-property name="URL">
jdbc:oracle:thin:#(DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS=(PROTOCOL=TCP)(HOST=10.1.2.3)(PORT=1551))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=testserv)(FAILOVER_MODE=(TYPE=SELECT)(METHOD=BASIC)(RETRIES=5)(DELAY=3))))
</xa-datasource-property>
<driver>ojdbc7</driver>
<transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
<xa-pool>
<is-same-rm-override>false</is-same-rm-override>
<no-tx-separate-pools>true</no-tx-separate-pools>
</xa-pool>
<security>
<user-name>camunda</user-name>
<password>camunda</password>
</security>
<validation>
<background-validation>true</background-validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
<stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
</validation>
</xa-datasource>
How to properly configure the database?
Camunda 7.10 by default uses Jdbc Batch Processing which works with Oracle 12c or newer. Since you are still on Oracle 11g you must set jdbcBatchProcessing=false:
Another configuration - jdbcBatchProcessing - sets if batch processing mode must be used when sending SQL statements to the database. When switched off, statements are executed one by one. Values: true (default), false.
Known issues with batch processing:
batch processing is not working for Oracle versions earlier than 12.
when using batch processing on MariaDB and DB2, jdbcStatementTimeout is being ignored.
I am getting below error in Eclipse console when i try to start the web sphere LP server (WP 7).
[2017-10-06 12:04:46,952] [ERROR] com.ibatis.common.logging.jakarta.JakartaCommonsLoggingImpl.error [19] SimpleDataSource: Error while loading properties. Cause: java.lang.ClassNotFoundException: com.ibm.db2.jcc.DB2Driver
java.lang.ClassNotFoundException: com.ibm.db2.jcc.DB2Driver
at java.lang.Class.forNameImpl(Native Method)
at java.lang.Class.forName(Class.java:278)
at com.ibatis.common.resources.Resources.classForName(Resources.java:267)
at com.ibatis.common.resources.Resources.instantiate(Resources.java:283)
at com.ibatis.common.jdbc.SimpleDataSource.initialize(SimpleDataSource.java:199)
at com.ibatis.common.jdbc.SimpleDataSource.<init>(SimpleDataSource.java:116)
at com.ibatis.sqlmap.engine.datasource.SimpleDataSourceFactory.initialize(SimpleDataSourceFactory.java:31)
at com.ibatis.sqlmap.engine.builder.xml.SqlMapConfigParser$9.process(SqlMapConfigParser.java:220)
at com.ibatis.common.xml.NodeletParser.processNodelet(NodeletParser.java:121)
at com.ibatis.common.xml.NodeletParser.process(NodeletParser.java:105)
at com.ibatis.common.xml.NodeletParser.process(NodeletParser.java:102)
at com.ibatis.common.xml.NodeletParser.process(NodeletParser.java:102)
at com.ibatis.common.xml.NodeletParser.parse(NodeletParser.java:72)
at com.ibatis.common.xml.NodeletParser.parse(NodeletParser.java:51)
at com.ibatis.sqlmap.engine.builder.xml.SqlMapConfigParser.parse(SqlMapConfigParser.java:46)
at com.ibatis.sqlmap.client.SqlMapClientBuilder.buildSqlMapClient(SqlMapClientBuilder.java:63)
at com.pm.testdatamgt.persistence.util.SqlMapBuilder.build(SqlMapBuilder.java:67)
at com.pm.testdatamgt.persistence.util.SqlMapConfig.<clinit>(SqlMapConfig.java:71)
at com.pm.testdatamgt.persistence.util.SqlMapConfigFactory.getSqlMapInstance(SqlMapConfigFactory.java:37)
at com.pm.persistence.dao.impl.ReferenceCodeDaoImpl.getRefCatIdForSname(ReferenceCodeDaoImpl.java:95)
at com.pm..service.impl.ReferenceCodeServiceImpl.initAttributeNames(ReferenceCodeServiceImpl.java:99)
at com.pm.testdatamgt.startup.StartupServlet.loadVariables(StartupServlet.java:139)
at com.pm.testdatamgt.startup.StartupServlet.init(StartupServlet.java:125)
at javax.servlet.GenericServlet.init(GenericServlet.java:244)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:332)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1428)
at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:1205)
at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:1173)
at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:1075)
at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:6595)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApp(DynamicVirtualHost.java:468)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApplication(DynamicVirtualHost.java:463)
at com.ibm.ws.webcontainer.osgi.WebContainer.startWebApplication(WebContainer.java:1120)
at com.ibm.ws.webcontainer.osgi.WebContainer.access$000(WebContainer.java:104)
at com.ibm.ws.webcontainer.osgi.WebContainer$2.run(WebContainer.java:932)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.lang.Thread.run(Thread.java:785)
I have added the required datasource in my server.xml
**<library id="DB2JCCLib">
<fileset dir="${server.config.dir}/resources/DB2" includes="db2jcc.jar, db2jcc_license_cisuz.jar, db2jcc_license_cu.jar"/>
</library>
dataSource id="db2" jndiName="jdbc/db2">
<jdbcDriver libraryRef="DB2JCCLib">
</jdbcDriver>
<properties.db2.jcc databaseName="DB2" serverName="tsoc.nnnn.com" portNumber="5002"/>
</dataSource>**
DB2 Jars are in the give location.
Am i missing something or any pointer how to debug this ??
Thanks
If using a dataSource in server configuration, Liberty would try to load data source implementation classes such as
com.ibm.db2.jcc.DB2DataSource
com.ibm.db2.jcc.DB2ConnectionPoolDataSource
com.ibm.db2.jcc.DB2XADataSource
rather than the driver class that shows in the exception,
com.ibm.db2.jcc.DB2Driver
so a good guess (lacking the exception stack) is that your application may be trying to use DriverManager.getConnection instead of using the configured dataSource. If you really want to do this (you will be losing out on many capabilities provided by the application server such as global transaction enlistment and connection pooling) then you would need to make the JDBC driver libraries directly available to your application.
For example,
<application location=...>
<classloader commonLibraryRef="DB2JCCLib"/>
</application>
I am facing the authentication issue, even I am using correct credentials, when trying to start Web Sphere.
To start application we configured Custom Registry for enabling login module security. Below is the configuration in Security.xml in Appserver/profiles/profile1/config/cells/###Node02Cell/security.xml
<userRegistries xmi:type="security:CustomUserRegistry" xmi:id="CustomUserRegistry_1" serverId="Admin" serverPassword="{xor}xxxxx" realm="customRealm" limit="0" ignoreCase="false" useRegistryServerId="true" primaryAdminId="" customRegistryClassName="com.s1.arch.security.realm.websphere.GenericRegistry"/>
and below are the configured login modules
<systemLoginConfig>
<loginModules xmi:id="JAASLoginModule_1264755872404" moduleClassName="com.ibm.ws.security.server.lm.ltpaLoginModule" >
<options xmi:id="Property_1264755872888" name="cookie" value="true" required="true"/>
</loginModules>
<loginModules xmi:id="JAASLoginModule_1264755873404" moduleClassName="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" >
<options xmi:id="Property_1264755874013" name="cookie" value="true" required="true"/>
</loginModules>
</SystemloginConfig>
Below are error details.
Unable to get actual credentials
Caused by: com.ibm.websphere.security.WSSecurityException
at com.ibm.ws.security.auth.ContextManagerImpl.getServerSubjectInternal(ContextManagerImpl.java:2212)
at com.ibm.ws.security.auth.ContextManagerImpl.getServerSubjectInternal(ContextManagerImpl.java:1972)
at com.ibm.ws.security.auth.ContextManagerImpl.initialize(ContextManagerImpl.java:2530)
... 37 more
Caused by: com.ibm.websphere.security.auth.WSLoginFailedException
at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:800)
at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:453)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706)
at javax.security.auth.login.LoginContext.login(LoginContext.java:603)
at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLoginHelper.java:376)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3513)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3306)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3086)
at com.ibm.ws.security.auth.ContextManagerImpl.getServerSubjectInternal(ContextManagerImpl.java:2180)
... 39 more
Caused by: com.ibm.websphere.security.PasswordCheckFailedException
at com.s1.arch.security.realm.websphere.GenericRegistry.checkPassword(GenericRegistry.java:40)
at com.ibm.ws.security.registry.UserRegistryImpl.checkPassword(UserRegistryImpl.java:309)
at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:775)
As a work around I skipped this security configuration, then I am able to start the server with out any issues and I installed my application. But while trying login from application login page, I am getting below issue.
No Login modules found
I am trying to run the Simple Single Project Yarn Application detailed here. I deployed the application as a jar file to our hadoop cluster. When trying to run, I am getting an exception, stack trace below:
[2015-06-04 14:10:45.866] boot - 13669 ERROR [main] --- SpringApplication: Application startup failed
java.lang.IllegalStateException: Failed to execute CommandLineRunner
at org.springframework.boot.SpringApplication.runCommandLineRunners(SpringApplication.java:680)
at org.springframework.boot.SpringApplication.afterRefresh(SpringApplication.java:695)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:322)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:961)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:950)
at com.aetna.ise.yarn.publish.Application.main(Application.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:53)
at java.lang.Thread.run(Thread.java:857)
Caused by: org.springframework.yarn.YarnSystemException: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]; nested exception is org.apache.hadoop.security.AccessControlException: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]
This is due to the fact that our cluster uses Kerberos authentication. Is there a way to pass the Kerberos ticket to the application in the Spring YARN code? I don't see any place to do that.
We can't currently delegate any tickets when application is submitted, but application itself can use kerberos.
This is explained in section http://docs.spring.io/spring-hadoop/docs/2.1.2.RELEASE/reference/html/springandhadoop-security.html#literal-spring-hadoop-security-literal-configuration-properties
For example something like shown below in application.yml(use principals from your cluster):
spring:
hadoop:
fsUri: hdfs://localhost:8020
resourceManagerHost: localhost
security:
userPrincipal: jvalkealahti/neo
userKeytab: /usr/local/hadoops/jvalkealahti.keytab
authMethod: kerberos
namenodePrincipal: hdfs/neo#LOCALDOMAIN
rmManagerPrincipal: yarn/neo#LOCALDOMAIN
I recently migrated my project from jboss4 to wildfly 8.2 with java1.8. I have a webservice call using SAAJ which runs fine in command line. But when its run from within wildfly8.2, it times out after 60 seconds. I read from jboss forums that read requests have a default timeout of 60 seconds. So i changed my configuration in standalone.xml to
<ajp-listener name="ajp" socket-binding="ajp" max-parameters="10000"/>
**<http-listener name="default" socket-binding="http" max-parameters="10000" read-timeout="120000"/>**
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
But it still times out after 60 seconds with following errors.
Caused by: java.net.SocketTimeoutException: SocketTimeoutException invoking http://test-server/test/v2.0.0/TestService?wsdl: Read timed out
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_25]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_25]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_25]
at java.lang.reflect.Constructor.newInstance(Constructor.java:408) [rt.jar:1.8.0_25]
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1347)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1331)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632)
at org.jboss.wsf.stack.cxf.saaj.SOAPConnectionImpl.call(SOAPConnectionImpl.java:120)
... 38 more
Caused by: java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method) [rt.jar:1.8.0_25]
at java.net.SocketInputStream.read(SocketInputStream.java:150) [rt.jar:1.8.0_25]
at java.net.SocketInputStream.read(SocketInputStream.java:121) [rt.jar:1.8.0_25]
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) [rt.jar:1.8.0_25]
at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) [rt.jar:1.8.0_25]
at java.io.BufferedInputStream.read(BufferedInputStream.java:345) [rt.jar:1.8.0_25]
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:703) [rt.jar:1.8.0_25]
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647) [rt.jar:1.8.0_25]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1534) [rt.jar:1.8.0_25]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1439) [rt.jar:1.8.0_25]
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) [rt.jar:1.8.0_25]
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.getResponseCode(URLConnectionHTTPConduit.java:266)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1545)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1515)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318)
I read here that i could set timeouts but I don't have to as the program runs fine without timing out from command line so its not saaj timeout issue. I am pretty sure wildfly/undertow is timing the socket read out for some reason.
Any help is appreciated.
---More details---
Currently I am using undertow 1.1 Final that came with wildfly8.2. I tried upgrading undertow to 1.2 beta, still same result.
Call that fails:
responseMsg = soapConn.call(soapMessage, wsdlLoc);
Undertow configuration in wildfly8.2 :
<subsystem xmlns="urn:jboss:domain:undertow:1.2">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp" max-parameters="10000"/>
<http-listener name="default" socket-binding="http" max-parameters="10000" read-timeout="120000"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Even more details:
I tried this under wildfly9.0BETA2 and same result. Just want to share more details if it helps. SAAJ webservice call is made from a servlet that is running in wildfly8.2 and target WSDL is on another jboss server. So basically, client webservice call from wildlfy times out in 60 seconds, but If I run same call from a standalone java client and same code works just fine. I have even opened a thread on jboss community and am yet to hear any
I was able to fix this by changing receive timeout in apache-cxf source and rebuilding it for wildfly8.2
Brief instructions: (versions have to be exactly these otherwise compile fails).
Download CXF2.7.15 src from apache
Download jdk1.6 latest release
Download 3.0.4
Export JAVA_HOME=path-to-jdk1.6
Add jdk1.6/bin and maven/bin to PATH
export MAVEN_OPTS=-Xmx512m to fix permgen errors
Open ./rt/transports/http/src/main/resources/schemas/wsdl/http-conf.xsd and change ReceiveTimeout from 60000 to whatever needed for eg. 600000 (10 minutes)
Run mvn -Pfastinstall
File that has HTTPConduit socket timeout is HTTPClientPolicy.java which is in ./rt/transports/http/target/cxf-rt-transports-http-2.7.15.jar. Copy this jar into wildfly8.2 modules under apache/cxf/impl/main folder. And also, edit module.xml to use this jar.
I also had to change undertow read-timeout settings in standalone.xml to higher value to stop it from reattempting the request.
Hope this helps.
Alternatively, this issue has been resolved in wildfly 9. Developers can override the default CXF HTTP conduit values by setting system properties. More detail is available at https://docs.jboss.org/author/display/WFLY9/Apache+CXF+integration#ApacheCXFintegration-ApacheCXFinterceptors
Enough to add the following code to Your webservice consumer:
//import javax.xml.ws.BindingProvider;
//Set timeout until a connection is established
((BindingProvider)this.myService).getRequestContext().put("javax.xml.ws.client.connectionTimeout", "60000"); //one minute
//Set timeout until the response is received
((BindingProvider)this.myService).getRequestContext().put("javax.xml.ws.client.receiveTimeout", "600000"); //ten minutes