Skip to Main Content
Forums

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Kerberosed authentication - Oracle overrides javax.security.auth.login.Configuration cause other datasource failure

user-ptsrsMay 2 2023 — edited May 3 2023

We have defined 2 data sources, one for oracle and other for postgres database, in our context.xml for a web application that runs on tomcat application server and we are using Kerberosed authentication. When application is initialized datasource for oracle is success but datasource for postgres is failing for

Caused by: javax.security.auth.login.LoginException: No LoginModules configured for pgjdbc
at javax.security.auth.login.LoginContext.init(LoginContext.java:264)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:417)
at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:146)
... 40 more

When we run without Oracle datasource then it works fine. When we debugged found that Oracle overrides javax.security.auth.login.Configuration while it initializes and causing postgres not able to find the login module defined.

Please find the details of configuration for my 2 datasources

context.xml
===========
<Resource auth="Container" type="javax.sql.DataSource" name="jdbc/oracleds"
factory="com.zaxxer.hikari.HikariJNDIFactory"
driverClassName="oracle.jdbc.OracleDriver"
jdbcUrl="jdbc:oracle:thin:@(DESCRIPTION = (CONNECT_TIMEOUT=120 sec) (RETRY_COUNT=20)(RETRY_DELAY=3) (TRANSPORT_CONNECT_TIMEOUT=3 sec) (ADDRESS_LIST = (LOAD_BALANCE=on) (ADDRESS = (PROTOCOL = TCP)(HOST = hostA)(PORT = 6235))) (CONNECT_DATA= (SERVICE_NAME = SERVICE_A_DB)))"
dataSource.oracle.net.authentication_services="( KERBEROS5 )"
dataSource.oracle.net.kerberos5_mutual_authentication="true"
dataSource.oracle.net.kerberos5_cc_name="I:/env/db/krb5cc_db"
minimumIdle="2"
maximumPoolSize="5"
connectionTimeout="30000"
idleTimeout="10000"
maxLifetime="30000"/>

<Resource auth="Container" type="javax.sql.DataSource" name="jdbc/postgresds"
factory="com.zaxxer.hikari.HikariJNDIFactory"
driverClassName="org.postgresql.Driver"
username="userA"
jdbcUrl="jdbc:postgresql://hostB:26200/SERVICE_B_DB"
dataSource.kerberosServerName="cockroachdb"
minimumIdle="1"
maximumPoolSize="2"
connectionTimeout="3000"
idleTimeout="180000"
maxLifetime="540000"/>

jaas-client.conf
================

pgjdbc {
com.sun.security.auth.module.Krb5LoginModule required
debug=true
doNotPrompt=true
principal=userA
ticketCache="I:/env/db/krb5cc_db"
useTicketCache=true;
};

Apache Tomcat/8.5.32
JVM 1.8.0_361-b26

Oracle DB - Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.17.0.0.0
OracleClientDriver - ojdbc8-19.3
Postgres Client Driver - postgresql-42.6.0

-Djava.security.krb5.conf=I:\\env\\db\\krb5.conf
-Djava.security.auth.login.config=I:\\env\\db\\jaas-client.conf
-Djdk.tls.client.protocols=TLSv1.2
-Dsun.security.krb5.debug=false

Please review this issue and need your help and support to resolve the same.
Comments
Post Details
Added on May 2 2023
1 comment
1,599 views