Good morning,
I'm trying to connect to an MS SQL Server with Hibernate 4.3. Connecting with SSO and database credentials (username and password) works fine, but when I try to use a username with a domain (domain\user) specification, I get the following exception.
java.lang.ExceptionInInitializerError
caused by com.microsoft.sqlserver.jdbc.sqlserverexception login failed for user
The username and password are valid (already checked).
Tryed it with \\ at the input and replaced it with \ in the jdbc-string
Tryed to set the properties with
((org.hibernate.cfg.Configuration) configuration)
.setProperty("hibernate.connection.username", "domain\user");
Tryed to set the properties over the jdbc connection string
jdbc:sqlserver://[IP]:[PORT];user=[domain\user];password=[pwd];databaseName=[db]
Tryed to encapsulate with \' and \" around the user and password.
It would be glad, if somebody can suggest how to get this work.
If some Informations are required, I will extend this post if requested.
Thanks.
UPDATE
The link mentioned by Mark Rotteveel mentioned the missing piece.
To continue using integrated authentication with sqljdbc_auth.dll, just specify integratedSecurity=true
connection property (and optionally
authenticationScheme=NativeAuthentication).
don't forget to specify the domain=[DOMAIN]; part
Specially the part of set the authenticationScheme was missing in the connection String. Without that, the SSO was used.
Now the jdbc connection string for the domain-users looks like:
jdbc:sqlserver://[IP]:[PORT];IntegratedSecurity=true;authenticationScheme=NativeAuthentication;sendStringParametersAsUnicode=false;selectMethod=cursor;domain=[DOMAIN];user=[DOMAIN\USER];password=[PW];databaseName=[DB];
Thanks for the replys and have a nice day.
PS:
I didn't tested the possible solution with JDNI, which is suggested by BharatG. But thank you.
Can you try if one of the following works?
1) Place the connection properties as the JNDI settings
2) Escaping the username as "domain\\user" (not sure if this is what you
tried in your 2nd bullet)
Related
I have an application written by a 3rd party which uses Java/Tomcat talking to an Oracle 12c (12.2.0.1) DB. In its logs it reports "Error inserting into table" but provides no details. In talking with the author's support staff they indicate it is old code and they have no way to give more detail. They say the application is better supported with MSSQL which we do not support in our shop.
I would like to see what the insert statement going to the Oracle DB looks like, but haven't been able to find it in v$sqltext. As an alternative, I was hoping to find a tool like fiddler to view the outbound traffic on port 1521.
Is there specific tool that would allow trapping this traffic which is not encrypted so I can see the "query" sent and the response coming back from the Oracle DB?
A general sniffer may work, but they generally get a lot of extraneous traffic and require a fair amount of mucking about to find what you want.
Note:
As I mentioned in the comments I am not a Tomcat/Java person. I think I found where the classpath is set. Given the windows batch file below, is the "driver" that needs to be replaced bcprov-jdk16-138.jar?
set PROJLIB=..\..
set JAVA_HOME=%PROJLIB%\jdk\
set libDIR=%PROJLIB%\appserver\webapps\receiver\WEB-INF\lib
set consoleDIR=%PROJLIB%\bin\lib
set endorsedLibDir=%PROJLIB%\appserver\endorsed
set CPATH= %consoleDIR%\console.jar;%libDIR%\ebxml.jar;%libDIR%\commons-io-1.1.jar;%libDIR%\bcprov-jdk16-138.jar;%libDIR%\xercesImpl.jar
set CLASSPATH=%CPATH%
set PATH=%JAVA_HOME%\bin;%SystemRoot%;%SystemRoot%\system32
Additional Notes:
The above file is called setenv.bat.
Regarding trying to capture the SQL from the database, the application is not a windows app, it is an app which accepts data from the network and writes it to the DB. This makes knowing precisely when to start and stop monitoring difficult. It seems to be connected for a very short period. It does seem to be able to read data, but not insert.
Assuming that you are using the Oracle JDBC driver and that you have the ability to replace the JDBC driver in some environment in order to debug the problem, Oracle provides versions of the JDBC driver that can be configured to log the SQL statements that are executed.
An alternative would be to create a servererror trigger in the database that logs the SQL statements that fail. I believe that would require that the SQL statement that is failing is well-formed which isn't guaranteed if the third party app is encountering an error dynamically assembling the statement. If the statement never lands in v$sql that may indicate that it isn't well-formed but it's worth a try.
If you're licensed to use the AWR/ ASH tables, you could also try querying dba_hist_active_sess_history. Oracle samples the active sessions every second. If the failing statement happens to be caught in the sampling, you'd see it there. If this is a typical OLTP application doing single-row inserts, you may need to run through a lot of samples in order to catch an active session with that statement but that may be reasonable.
The simples approach is, if you can localize your database session (using gv$session selecting your connection USERNAME).
Get the SID and SERIAL# of the connection and activate the 10046 trace using the following statement. (substutite SID for session_id and SERIAL# for serial_num)
EXEC DBMS_MONITOR.session_trace_enable(session_id =>271, serial_num=>46473, binds=>TRUE);
Note that you need permissions for both querying gv$session and executing DBMS_MONITOR so DBA access is required to grant them to your user.
Than check the trace file on the database server in folder trace, the trace file has a name such as xe_m005_1336.trc
Grep for the table name, you schould see someting like this I simulated for failed insert on the table my_table
=====================
PARSING IN CURSOR #854854488 len=38 dep=0 uid=104 oct=2 lid=104 tim=380974114197 hv=1259660490 ad='7ff08904d88' sqlid='1ttgvst5j9t6a'
insert into my_table(col1) values(:1 )
END OF STMT
PARSE #854854488:c=0,e=495,p=0,cr=0,cu=0,mis=1,r=0,dep=0,og=1,plh=0,tim=380974114195
=====================
PARSE ERROR #854854488:len=39 dep=0 uid=104 oct=2 lid=104 tim=380974117361 err=904
insert into my_table(col1) values(:1 )
Note that this is example of an exception
java.sql.SQLSyntaxErrorException: ORA-00904: "COL1": invalid identifier
so the statement fails with an PARSE ERROR
If the insert fails due to some constraint vialotation, you will see such sequence
=====================
PARSING IN CURSOR #715594288 len=37 dep=0 uid=104 oct=2 lid=104 tim=382407621534 hv=3290870806 ad='7ff0032e238' sqlid='17t3q0v22dd0q'
insert into my_table(col) values(:1 )
END OF STMT
PARSE #715594288:c=0,e=245,p=0,cr=0,cu=0,mis=1,r=0,dep=0,og=1,plh=0,tim=382407621532
=====================
The cursor id is #715594288so check with this id further in the trace file
BINDS #715594288:
Bind#0
oacdty=02 mxl=22(22) mxlc=00 mal=00 scl=00 pre=00
oacflg=03 fl2=1000000 frm=01 csi=873 siz=24 off=0
kxsbbbfp=2aa71a00 bln=22 avl=02 flg=05
value=7
=====================
Here you see the bind variables passed in the insert, it was the value = 7 that caused the failure.
EXEC #715594288:c=0,e=4614,p=0,cr=7,cu=0,mis=1,r=0,dep=0,og=1,plh=0,tim=382407626259
ERROR #715594288:err=2290 tim=382407626283
The statement failed in the execution with exception such as
java.sql.SQLIntegrityConstraintViolationException: ORA-02290: check constraint (XXXX.SYS_C0012357) violated
Check the documentation for further details
If you have db access via sqldeveloper....
Go to reports tab, then drill down through data dictionary, database administration, sessions, and finally sessions.
In that view, look for your app's active module(s) and look at the Active SQL tab.
One of them should have your insert statement....
This might help as well...
https://docs.oracle.com/cd/E17781_01/server.112/e18804/monitoring.htm#ADMQS252
The ultimate approach is to trace the JDBC connection on the client. Please find the full documentation here
In the first step you must get the logging JDBC driver on the CLASSPATH. The logging driver has a suggix _g in the name, e.g. ojdbc8_g.jar if you use ojdbc8.jar
The driver can be found in the Oracle installation in the folder jdbc/lib/
Further you must define a properties file say jdbcLogging.properties with following content
.level=SEVERE
oracle.jdbc.level=ALL
oracle.jdbc.handlers=java.util.logging.ConsoleHandler
java.util.logging.ConsoleHandler.level=FINE
java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
Finally when you run the Java application you must define two properties
java -Doracle.jdbc.Trace=true -Djava.util.logging.config.file=jdbcLogging.properties ...
This will produce a trace file om the error output where you can find the executed statements.
Example
INFO: DRCP Enabled: false
Mar 23, 2021 10:40:31 PM oracle.jdbc.driver.OracleStatement logSQL
CONFIG: BAB2F1 SQL: insert into my_table(col1) values(?)
What I ended up doing was downloading WireShark, a sniffer, and monitored the TCP/IP packets.
I am trying to connect MySQL database with Play-framework- Java 2.5.4.
I am getting this error,
either dataSource or dataSourceClassName is required
These are the connection codes that I am using inside App.conf file,
db {
db.default.driver=com.mysql.jdbc.Driver
db.default.url="jdbc:mysql://localhost:3306/playdb"
db.default.user="root"
db.default.password="9413678957"
}
But its giving me following errors while connecting :
caused by: java.lang.IllegalArgumentException: either dataSource or dataSourceClassName is required
at com.zaxxer.hikari.HikariConfig.validate(HikariConfig.java:785)
at play.api.db.HikariCPConfig.toHikariConfig(HikariCPModule.scala:141)
at play.api.db.HikariCPConnectionPool$$anonfun$1.apply(HikariCPModule.scala:57)
at play.api.db.HikariCPConnectionPool$$anonfun$1.apply(HikariCPModule.scala:54)
at scala.util.Try$.apply(Try.scala:192)
at play.api.db.HikariCPConnectionPool.create(HikariCPModule.scala:54)
at play.api.db.PooledDatabase.createDataSource(Databases.scala:199)
at play.api.db.DefaultDatabase.dataSource$lzycompute(Databases.scala:123)
at play.api.db.DefaultDatabase.dataSource(Databases.scala:121)
at play.api.db.DefaultDatabase.getConnection(Databases.scala:142)
When I am connecting to mysql database with same(same as in App.conf)
url (jdbc:mysql://localhost:3306/playdb)
username
password
Using Intellij, its working fine.
Please help me by telling me what I am doing wrong.
Finally this worked for me :-
This error killed my lot of time.
Here is what worked for me,
uncomment these line.
play.db {
config = "db"
default = "default"
}
then
db {
default.driver=com.mysql.jdbc.Driver
default.url="jdbc:mysql://localhost:3306/playdb"
default.username=root
default.password="9403678957"
}
don't needdb.default.*, as you already in the db set range.
Lots of thanks to this answer.
You must not specify db in the path, you are already in the db section of the config
so:
db.default.driver=com.mysql.jdbc.Driver
should be just:
default.driver=com.mysql.jdbc.Driver
db {
default.driver=com.mysql.jdbc.Driver
default.url="jdbc:mysql://localhost:3306/playdb"
default.user="root"
default.password="9413678957"
}
check this example repo https://github.com/pedrorijo91/play-slick3-steps
You can also see the tutorial I did at http://pedrorijo.com/blog/play-slick/
while both aim to play 2.4.x you should be able to understand what's the error you are having. Still, there's also a PR to upgrade to play 2.5.x at https://github.com/pedrorijo91/play-slick3-steps/pull/2
I have DB2 10.1 on Linux and I connect to it using Kerberos auth. Problem is that my user doesn't have permissions to do stuff so I need to impersonate another user using "SET SESSION_USER = otheruser".
This works fine if I use a client like DBArtisan, but I need to do this using JDBC and it doesn't seem to work. I've tried to execute the query every time a connection is created, I can query the value of the register and it has changed, but I still get errors if I try to query the tables my user doesn't have access to but the session user does.
Any ideas?
I have never used DB2, but a little googling led me to this page:
specialRegisters=special-register-name=special-register-value,…special-register-name=special-register-value
A list of special register settings for the JDBC connection. You can
specify one or more special register name and value pairs. Special
register name and value pairs must be delimited by commas (,). The
last pair must end with a semicolon (;). For example:
String url =
"jdbc:db2://sysmvs1.stl.ibm.com:5021/STLEC1" +
":user=dbadm;password=dbadm;" +
"specialRegisters=CURRENT_PATH=SYSIBM,CURRENT CLIENT_USERID=test" + ";";
Connection con =
java.sql.DriverManager.getConnection(url);
For special registers that can be set through IBM Data Server Driver
for JDBC and SQLJ Connection properties, if you set a special register
value in a URL string using specialRegisters, and you also set that
value in a java.util.Properties object using the following form of
getConnection, the special register is set to the value from the URL
string.
As SESSION_USER is a special register, this seems to imply you need to specify it with your connection properties as
specialRegisters=SESSION_USER=otheruser;
Either in the JDBC url, or in the properties.
However as I have never used DB2, I don't know if this is the actual solution.
Normally the server-wide database connection pools are created with a specific user with the proper permissions as decided by the DBAs. Why don't you just ask your DBAs for the appropriate grants for that user? This would be the 'kind' approach instead of trying to circumvent their permissions policies by some java piece of code, something they may not like if they know of...
I am trying to setup an LDAP LoginModule (using BrowserLdapLoginModule). The user/password is correctly; it retrieves the roles from the user but when it tries to extract the CN value it cannot find the values.
I have followed the process, and in the end the failure is that I get a javax.naming.NameNotFoundException in the following line
NamingEnumeration roleAnswer = ctx.search(searchBaseDN, roleFilter, roleconstraints);
with the following values (doble quotes not included):
searchBaseDN(String) = "OU=Roles,DC=siafake,DC=aplssib"
roleFilter(String) = "(distinguishedName=CN=Urgencias,OU=Roles,DC=siafake,DC=aplssib)"
derefRoleAttribute(String[] = { "cn" };
With that data, I expect the search to return me Urgencias, yet I only get the exception. It is not a permissions issue, since with the same user/password I can browse the LDAP tree without problem.
Any idea / suggestion? Thanks in advance.
Ok, here is the answer that I found (also, some clarifications to the comments from Terry Gardner comments)
My sysadmins gave me user A ("system" user, that can connect and browse the LDAP). The user that will connect to my application would b user F (final user). When asked about samples to configure my jboss, they redirected my to the BrowserLdapModuleLogin (BLML).
Turns out, BLML works by doing an initial connection with user A, for retrieving user F data (full LDAP "name").
After that, a new connection is setup using user F connection data to validate user/password and retrieve the groups (memberOf attribute) to which it belongs. Until this point, all works as it should (at least with our setup).
The trouble began when I did setup the option to just get the "CN" value (instead of CN=value,OU=organization....). By setting up this option, the module tries again to login as user F into the roles tree to get the attribute. But it happens that F does not have permissions to do so.
As the module was provided by our IT people and I am new to LDAP, I assumed I was just setting up something wrong, and I did not want to change anything in the code. In the end, it happens that in the system that uses it, this module was used only for authentication; the roles were extracted from another DB and I have been forced to code around this issue.
Sorry for the annoyances...
Im working on a project that has an implementation of JOSSO in place.
We are using JOSSO version 1.8.5.
The requirement is to lock users out of the system after 3 failed login attempts.
Does anyone know how / if this can be done with JOSSO, I've looked through the documentation but can't find any references to this kind of functionality, but Im sure it must be pretty standard functionality for an authentication application?
What we've tried so far:
- in josso-gateway-db-stores.xml weve tried changing the SQL used to retrieve users from the database from:
credentialsQueryString="SELECT username AS username , password AS password FROM users WHERE username = ?"
to
credentialsQueryString="UPDATE users SET failed_login_attempts = failed_login_attempts + 1 where username = ?; SELECT username AS username , password AS password FROM users WHERE username = ?"
The plan was to then reset the count as soon as the user successfully logged in to the system. However, it is invalid to run UPDATE sql at this point and throws an Exception.
We have also looked through the josso application to try to find hooks that we can use to implement a callback function after successful/unsuccessful login, unfortunately have had no luck here either.
Does anyone have any experience doing thsi?
Look around JOSSO authenticatorImpl which can be inherited to count the number
of tries to lock the account in a timeboxes hashtable if necessary.