javaoracle-databaseapache-tomeexatomee-7

TomEE ORA-01017 server tries to authenticate with OS user


I have two databases on a remote machine and I want to use those in CMT on TomEE 7.0.2. I configured two XA datasources in my tomee.xml and I encountered a login issue. The application server is not able to create the datasources as it encounters an error. The username and password is correctly set in the xml. I created a test to check if the ojdbc7.jar does something nasty, but it is able to log in as it should.

The problem

I debugged TomEE to check the packages with wireshark as well. The problem seems to be inside TomEE. The request sent to the oracle machine contains the following:

(DESCRIPTION=(CONNECT_DATA=(SID=DBNAME)(CID=(PROGRAM=JDBC Thin Client)(HOST=__jdbc__)(USER=osuser)))(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.10)(PORT=1521)))

As You can see this connection data tries to use the osuser instead of the user specified in the tomee.xml.

I tried different configurations as well based on http://tomee.apache.org/datasource-config.html.

Question

How can I configure TomEE to use the provided user and password for the database connection?

Application:

tomee.xml:

Default PasswordCipher is PlainText it is included to make it sure.

<?xml version="1.0" encoding="UTF-8"?>
<tomee>
    <Resource id="oracleDS" type="DataSource">
      XaDataSource oracleXADS
      DataSourceCreator dbcp-alternative
    </Resource>

    <Resource id="oracleXADS" type="XADataSource" class-name="oracle.jdbc.xa.client.OracleXADataSource">
      Url jdbc:oracle:thin:@192.168.1.10:1521:DBNAME
      Username user
      PasswordCipher PlainText
      Password pass
    </Resource>

    <Resource id="postgreDS" type="DataSource">
      XaDataSource postgreXADS
      DataSourceCreator dbcp-alternative
    </Resource>

    <Resource id="postgreXADS" type="XADataSource" class-name="org.postgresql.xa.PGXADataSource">
      Url jdbc:postgresql://192.168.1.10:5432/DBNAME
      Username user
      PasswordCipher PlainText
      Password pass
    </Resource>

</tomee>

Also tried this format:

<Resource id="oracleXADS" type="javax.sql.XADataSource" class-name="oracle.jdbc.xa.client.OracleXADataSource">   
  url = jdbc:oracle:thin:@192.168.1.10:1521:DBNAME
  userName = user
  passwordCipher = PlainText
  password = pass
</Resource>

persistence.xml:

<persistence-unit name="oraDS" transaction-type="JTA">
    <jta-data-source>oracleXADS</jta-data-source>
    <exclude-unlisted-classes>false</exclude-unlisted-classes>
</persistence-unit>
<persistence-unit name="pgDS" transaction-type="JTA">
    <jta-data-source>postgreXADS</jta-data-source>
    <exclude-unlisted-classes>false</exclude-unlisted-classes>
</persistence-unit>

Test file with the same ojdbc7.jar

relevant parts of TestDatasource.java

Class.forName("oracle.jdbc.driver.OracleDriver");
System.out.println("Oracle JDBC Driver Registered!");
Connection connection = DriverManager.getConnection("jdbc:oracle:thin:@192.168.1.10:1521:DBNAME", "user", "pass");
//connection is checked and it is OK

relevant TestXADatasource.java

OracleXADataSource oxds = new OracleXADataSource();
oxds.setURL("jdbc:oracle:thin:@192.168.1.10:1521:DBNAME");
oxds.setUser("user");
oxds.setPassword("pass");

XAConnection pc  = oxds.getXAConnection();
Connection conn1 = pc.getConnection();
//connection is checked and it is OK

Other not working solutions:

I checked the following but those are not the solutions for my problem:

A) I do not have the factory property which caused the problem according to the accepted answer.

B) I use the latest Oracle driver, and the database is 12 as well, despite that I created the simple test provided below.

A) I am using linux on both machines and I am on a different aplication server with Java.


Solution

  • There are a few points to make here:

    OS user part

    The driver sends this information not as part of the authentication process but as environment to start the login. This means that the login value is sent in different request. If you follow the TCP stream using CANARY as password and user you can check if it is contained in any form in the request. The mentioned configurations will NOT contain it.

    The real problem

    The real problem is that http://tomee.apache.org/datasource-config.html is wrong. The userName is not a valid declaration of the username. The valid declaration is as follows:

    <Resource id="oracleDS" type="DataSource">
      XaDataSource oracleXADS
      DataSourceCreator dbcp-alternative
    </Resource>
    
    <Resource id="oracleXADS" type="javax.sql.DataSource" class-name="oracle.jdbc.xa.client.OracleXADataSource">
      url jdbc:oracle:thin:@192.168.1.10:1521:DBNAME
      user user
      passwordCipher PlainText
      password password
    </Resource>
    

    TL.DR.: The documentation is wrong. After the only change userName->user was made to the posted configuration the TCP stream contained the necessary username and the login was successful. (The Apache TomEE mailing list is notified on the problem.)

    enter image description here