Версия JBOSS: EAP 6.4.20.GA (AS 7.5.20.Final-redhat-1)
Версия Java: jdk1.8.0_172-amd64
Red Hat: Red HatEnterprise Linux Server выпуск 6.10 (Сантьяго), 64-битный
JBOSS настроен для подключения к SQL-серверу с использованием аутентификации Kerberos, которая работает нормально, но в какой-то момент он теряет соединения и не может открывать какие-либо новые, если он не перезагружен.После перезагрузки снова все в порядке.
Драйвер, используемый для подключения к серверу SQL: mssql-jdbc-6.4.0.jre8.jar
Выдается сообщение об ошибке:
07:04:14,732 WARN
[org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (http-
28.129.176.67:4000-30) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.Resource
Exception: Could not create connection
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:351)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.access$200(LocalManagedConnectionFactory.java:60)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:274)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory$1.run(LocalManagedConnectionFactory.java:265)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_172]
at javax.security.auth.Subject.doAs(Subject.java:422) [rt.jar:1.8.0_172]
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:264)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.createConnectionEventListener(SemaphoreArrayListManagedConnectionPool.java:874)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:416)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:479)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:451)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:380)
at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:367)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:499)
at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:143)
at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:69)
at org.springframework.jdbc.datasource.DataSourceTransactionManager.doBegin(DataSourceTransactionManager.java:204) [spring-jdbc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:373) [spring-tx-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.transaction.interceptor.TransactionAspectSupport.createTransactionIfNecessary(TransactionAspectSupport.java:430) [spring-tx-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:276) [spring-tx-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) [spring-tx-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) [spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at com.sun.proxy.$Proxy49.isUserAuthorized(Unknown Source)
at com.barcap.esm.lockreport.filter.AuthorizationFilter.doFilter(AuthorizationFilter.java:72) [classes:]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at com.wedgetail.idm.sso.AuthFilter.doFilter(AuthFilter.java:177) [vsj-standard-3.3-3603-TP2-3598-3609.jar:]
at com.barcap.best.filter.BESTAuthFilter.doFilter(BESTAuthFilter.java:178) [BESTFilter.jar:2.0-1.2-1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.jboss.as.web.security.SubjectInfoSetupValve.invoke(SubjectInfoSetupValve.java:34) [jboss-as-web-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.28.Final-redhat-1.jar:7.5.28.Final-redhat-1]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_172]
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Integrated authentication failed. ClientConnectionId:4b29361f-bb59-43a5-884c-dc5ae123632a
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2670)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthInit(KerbAuthentication.java:135)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.GenerateClientContext(KerbAuthentication.java:399)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:4306)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:3409)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.access$100(SQLServerConnection.java:85)
at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:3373)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7344)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2713)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2261)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1921)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1762)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1077)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:623)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:323)
... 44 more
Caused by: java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_172]
at javax.security.auth.Subject.doAs(Subject.java:422) [rt.jar:1.8.0_172]
at com.microsoft.sqlserver.jdbc.KerbAuthentication.getClientCredential(KerbAuthentication.java:153)
at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthInit(KerbAuthentication.java:116)
... 58 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) [rt.jar:1.8.0_172]
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) [rt.jar:1.8.0_172]
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) [rt.jar:1.8.0_172]
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) [rt.jar:1.8.0_172]
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62) [rt.jar:1.8.0_172]
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) [rt.jar:1.8.0_172]
at com.microsoft.sqlserver.jdbc.KerbAuthentication$1.run(KerbAuthentication.java:146)
at com.microsoft.sqlserver.jdbc.KerbAuthentication$1.run(KerbAuthentication.java:144)
... 62 more
Почти в нижней части стека ошибок вы можете видеть исключение GSSException, лежащее в нижней части этого.Однако это все очень странно, потому что всего несколько минут назад это сработало.Единственный способ исправить это - перезапустить JBOSS.После перезагрузки все возвращается к норме.
Кто-нибудь сталкивался с подобной проблемой и, пожалуйста, поделитесь своими знаниями и как это можно исправить?
Точно такая же настройка в другой среде работает отлично.
Спасибо!