Java jdbc kerberos oracle身份验证
使用此示例,我的连接几乎可以正常工作 但在启用kerberos缓存并调试之后,它正确地获取了我的主体名称,并且成功地获取了凭据,但出现了一个与票证相关的错误 票证由okinit生成(oracle kinit来自oracle 12) 线程“main”java.sql.SQLRecoverableException:错误de E/S:进程中的服务不受支持。GSS-API级别未指定故障(机制级别:一般错误(电子文本描述)(60)-ASN.1意外字段号) 位于oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:743) 位于oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:666) 位于oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32) 位于oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:566) 位于java.sql.DriverManager.getConnection(DriverManager.java:571) 位于java.sql.DriverManager.getConnection(DriverManager.java:187) 位于JdbcThin.main(JdbcThin.java:39) 原因:oracle.net.ns.NetException:不支持正在处理的服务。GSS-API级别未指定故障(机制级别:一般错误(电子文本描述)(60)-ASN.1意外字段号) 在oracle.net.ano.AuthenticationService.run上运行(未知源) 位于java.security.AccessController.doPrivileged(本机方法) 位于javax.security.auth.Subject.doAs(Subject.java:415) 位于oracle.net.ano.AuthenticationService.e(未知源) 在oracle.net.ano.ano.negotiation上(未知来源) 位于oracle.net.ns.NSProtocol.connect(NSProtocol.java:293) 位于oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452) 位于oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496) ... 还有6个 原因:GSSExException:GSS-API级别未指定的故障(机制级别:一般错误(电子文本描述)(60)-ASN.1意外字段号) 位于sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:710) 位于sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) 位于sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) ... 14多 原因:KrbException:一般错误(电子文本描述)(60)-ASN.1意外字段号 位于sun.security.krb5.KrbApRep.(KrbApRep.java:126) 位于sun.security.krb5.KrbApRep.(KrbApRep.java:102) 在sun.security.krb5.KrbApRep.(KrbApRep.java:75) 位于sun.security.jgss.krb5.AcceptSecContextToken。(AcceptSecContextToken.java:89) 位于sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:696) ... 还有16个 原因:krbeException:标识符与预期值不匹配(906) 位于sun.security.krb5.internal.APRep.init(APRep.java:92) 在sun.security.krb5.internal.APRep.(APRep.java:75) 在sun.security.krb5.KrbApRep.(KrbApRep.java:116) ... 20多Java jdbc kerberos oracle身份验证,java,oracle,kerberos,Java,Oracle,Kerberos,使用此示例,我的连接几乎可以正常工作 但在启用kerberos缓存并调试之后,它正确地获取了我的主体名称,并且成功地获取了凭据,但出现了一个与票证相关的错误 票证由okinit生成(oracle kinit来自oracle 12) 线程“main”java.sql.SQLRecoverableException:错误de E/S:进程中的服务不受支持。GSS-API级别未指定故障(机制级别:一般错误(电子文本描述)(60)-ASN.1意外字段号) 位于oracle.jdbc.driver.T4
我使用的是Java7,但使用另一个没有问题。有没有一种方法可以使用jvm正确读取票证(请参阅jdk中的kinit,不要创建正确的票证)我正在分享这段代码,它一直在为我工作。您是否设置了kerberos缓存文件的位置
OracleDriver driver = new OracleDriver();
Properties prop = new Properties();
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_SERVICES,
"("+AnoServices.AUTHENTICATION_KERBEROS5+")");
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_MUTUAL,
"true");
/* If you get the following error [Unable to obtain Principal Name for
* authentication] although you know that you have the right TGT in your
* credential cache, then it's probably because the JVM can't locate your
* cache.
* For example, here my credential cache is
* C:\Documents and Settings\Jean de Lavarene\krb5cc
* because when I run klist I get the following:
* > ./klist
* Ticket cache: FILE:C:\Documents and Settings\Jean de Lavarene\krb5cc
* Default principal: client@US.ORACLE.COM
*
* Valid starting Expires Service principal
* 06/21/16 13:23:02 06/21/16 23:23:02 krbtgt/US.ORACLE.COM@US.ORACLE.COM
* renew until 06/21/16 13:23:02
* This isn't the default location, so I need to provide the location. Note
* that the default location on windows is "C:\Documents and Settings\krb5cc_username".
*/
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME,
"C:\\Documents and Settings\\Jean de Lavarene\\krb5cc");
Connection conn = driver.connect(url,prop);
String auth = ((OracleConnection)conn).getAuthenticationAdaptorName();
System.out.println("Authentication adaptor="+auth);
我正在分享这段代码,它一直在为我工作。您是否设置了kerberos缓存文件的位置
OracleDriver driver = new OracleDriver();
Properties prop = new Properties();
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_SERVICES,
"("+AnoServices.AUTHENTICATION_KERBEROS5+")");
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_MUTUAL,
"true");
/* If you get the following error [Unable to obtain Principal Name for
* authentication] although you know that you have the right TGT in your
* credential cache, then it's probably because the JVM can't locate your
* cache.
* For example, here my credential cache is
* C:\Documents and Settings\Jean de Lavarene\krb5cc
* because when I run klist I get the following:
* > ./klist
* Ticket cache: FILE:C:\Documents and Settings\Jean de Lavarene\krb5cc
* Default principal: client@US.ORACLE.COM
*
* Valid starting Expires Service principal
* 06/21/16 13:23:02 06/21/16 23:23:02 krbtgt/US.ORACLE.COM@US.ORACLE.COM
* renew until 06/21/16 13:23:02
* This isn't the default location, so I need to provide the location. Note
* that the default location on windows is "C:\Documents and Settings\krb5cc_username".
*/
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME,
"C:\\Documents and Settings\\Jean de Lavarene\\krb5cc");
Connection conn = driver.connect(url,prop);
String auth = ((OracleConnection)conn).getAuthenticationAdaptorName();
System.out.println("Authentication adaptor="+auth);
我已经添加了缓存(正如我所说,它正确地从中读取凭据),您是否对oracle 11或更低版本使用此代码?。oracle 12需要自己实现kinit(okinit),这是oracle数据库11.2版的问题。我将尝试使用12。我添加了缓存(正如我所说,它正确地从中读取凭据),您是否对oracle 11或更低版本使用此代码?。oracle 12需要自己实现kinit(okinit),这是oracle数据库11.2版的问题。我会用12试试看。