JBOSS版本:EAP 6.4.20.GA(AS 7.5.20.Final-redhat-1)
Java版本:jdk1.8.0_172-amd64
Red Hat:Red Hat Enterprise Linux Server版本6.10(圣地亚哥),64位
JBOSS配置为使用Kerberos身份验证连接到SQL Server,该方法可以正常工作,但有时会失去连接并且无法打开任何新文件,除非重新启动。重新启动后一切都很好。
用于连接到SQL Server的驱动程序是mssql-jdbc-6.4.0.jre8.jar
引发的错误是:
07:04:14,732 WARN
[org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (http-
28.129.176.67:4000-30) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.Resource
Exception: Could not create connection
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:351)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.access$200(LocalManagedConnectionFactory.java:60)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:274)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:265)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_172]
at javax.security.auth.Subject.doAs(Subject.java:422) [rt.jar:1.8.0_172]
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:264)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:874)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:416)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:479)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:451)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:380)
at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:367)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:499)
at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:143)
at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:69)
at org.springframework.jdbc.datasource.DataSourceTransactionManager.doBegin(DataSourceTransactionManager.java:204) [spring-jdbc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:373) [spring-tx-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.transaction.interceptor.TransactionAspectSupport.createTransactionIfNecessary(TransactionAspectSupport.java:430) [spring-tx-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:276) [spring-tx-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) [spring-tx-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at com.sun.proxy.$Proxy49.isUserAuthorized(Unknown Source)
at com.barcap.esm.lockreport.filter.AuthorizationFilter.doFilter(AuthorizationFilter.java:72) [classes:]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at com.wedgetail.idm.sso.AuthFilter.doFilter(AuthFilter.java:177) [vsj-standard-3.3-3603-TP2-3598-3609.jar:]
at com.barcap.best.filter.BESTAuthFilter.doFilter(BESTAuthFilter.java:178) [BESTFilter.jar:2.0-1.2-1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.jboss.as.web.security.SubjectInfoSetupValve.invoke(SubjectInfoSetupValve.java:34) [jboss-as-web-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_172]
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId:4b29361f-bb59-43a5-884c-dc5ae123632a
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2670)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthInit(KerbAuthentication.java:135)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.GenerateClientContext(KerbAuthentication.java:399)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:4306)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:3409)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.access$100(SQLServerConnection.java:85)
at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:3373)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7344)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2713)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2261)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1921)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1762)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1077)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:623)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:323)
... 44 more
Caused by: java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_172]
at javax.security.auth.Subject.doAs(Subject.java:422) [rt.jar:1.8.0_172]
at com.microsoft.sqlserver.jdbc.KerbAuthentication.getClientCredential(KerbAuthentication.java:153)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthInit(KerbAuthentication.java:116)
... 58 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) [rt.jar:1.8.0_172]
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) [rt.jar:1.8.0_172]
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) [rt.jar:1.8.0_172]
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) [rt.jar:1.8.0_172]
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62) [rt.jar:1.8.0_172]
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) [rt.jar:1.8.0_172]
at com.microsoft.sqlserver.jdbc.KerbAuthentication$1.run(KerbAuthentication.java:146)
at com.microsoft.sqlserver.jdbc.KerbAuthentication$1.run(KerbAuthentication.java:144)
... 62 more
在错误堆栈的底部,您可以看到位于底部的GSSException异常。但是,这都是非常奇怪的,因为就在几分钟前它就可以工作。修复它的唯一方法是重新启动JBOSS。重新启动后,一切恢复正常。
有人遇到过类似问题,请分享您的知识以及如何解决?
在其他环境中完全相同的设置也可以正常工作。
谢谢!