Embedded apache drill - unable to start with security configuration - security

We are fetching password with custom authentication provider and that will fetch the password from secured service. with below configuration when we start it, it is throwing error. The same configuration is working for cluster mode.
drill.exec: {
sys.store.provider.local.path="/home/user/somedatafolder",
security.user.auth:
{ enabled: true, packages += "com.app", impl: "myCustomAuthenticatorType" // custom auth provider }
},
// below properties are used by the custom authenticator to fetch the password from external service
drill.username: "username",
drill.password.key: "passkey",
drill.password.service.url: "https://somehost/api",
drill.exec.options:
{ security.admin.users: "username" }
Error :
Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException: Server requires authentication using [PLAIN]. Insufficient credentials?. [Details: Encryption: disabled , MaxWrappedSize: 65536 , WrapSizeLimit: 0]. (state=,code=0)
java.sql.SQLNonTransientConnectionException: Failure in connecting to Drill: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException: Server requires authentication using [PLAIN]. Insufficient credentials?. [Details: Encryption: disabled , MaxWrappedSize: 65536 , WrapSizeLimit: 0].
at org.apache.drill.jdbc.impl.DrillConnectionImpl.<init>(DrillConnectionImpl.java:178)
at org.apache.drill.jdbc.impl.DrillJdbc41Factory.newDrillConnection(DrillJdbc41Factory.java:67)
at org.apache.drill.jdbc.impl.DrillFactory.newConnection(DrillFactory.java:67)
at org.apache.calcite.avatica.UnregisteredDriver.connect(UnregisteredDriver.java:138)
at org.apache.drill.jdbc.Driver.connect(Driver.java:75)
at sqlline.DatabaseConnection.connect(DatabaseConnection.java:135)
at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:192)
at sqlline.Commands.connect(Commands.java:1364)
at sqlline.Commands.connect(Commands.java:1244)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:38)
at sqlline.SqlLine.dispatch(SqlLine.java:730)
at sqlline.SqlLine.initArgs(SqlLine.java:410)
at sqlline.SqlLine.begin(SqlLine.java:515)
at sqlline.SqlLine.start(SqlLine.java:267)
at sqlline.SqlLine.main(SqlLine.java:206)
Caused by: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException: Server requires authentication using [PLAIN]. Insufficient credentials?. [Details: Encryption: disabled , MaxWrappedSize: 65536 , WrapSizeLimit: 0].
at org.apache.drill.exec.rpc.user.UserClient.connect(UserClient.java:207)
at org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:458)
at org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:402)
at org.apache.drill.jdbc.impl.DrillConnectionImpl.<init>(DrillConnectionImpl.java:169)
... 18 more

Related

Kafka Connect Sink to Cassandra :: java.lang.VerifyError: Bad return type

I'm trying to setup a Kafka Connect Sink to collect data from a topic into a Cassandra Table using the Datastax connector : https://downloads.datastax.com/#akc
Running a standalone worker running directly on the broker, running Kafka 0.10.2.2-1 :
name=dse-sink
connector.class=com.datastax.kafkaconnector.DseSinkConnector
tasks.max=1
datastax-java-driver.advanced.protocol.version = V4
key.converter=org.apache.kafka.connect.storage.StringConverter
value.converter=org.apache.kafka.connect.storage.StringConverter
key.converter.schemas.enable=false
value.converter.schemas.enable=false
internal.key.converter=org.apache.kafka.connect.json.JsonConverter
internal.value.converter=org.apache.kafka.connect.json.JsonConverter
internal.key.converter.schemas.enable=false
internal.value.converter.schemas.enable=false
plugin.path=/usr/share/java/kafka-connect-dse/kafka-connect-dse-1.2.1.jar
topics=connect-test
contactPoints=172.16.0.48
loadBalancing.localDc=datacenter1
port=9042
ignoreErrors=true
topic.connect-test.cdrs.test.mapping= kafkakey=key, value=value
topic.connect-test.cdrs.test.consistencyLevel=LOCAL_QUORUM
But i have the following error :
2019-12-23 16:58:43,165] ERROR Task dse-sink-0 threw an uncaught and unrecoverable exception (org.apache.kafka.connect.runtime.WorkerTask)
java.lang.VerifyError: Bad return type
Exception Details:
Location:
com/fasterxml/jackson/databind/cfg/MapperBuilder.streamFactory()Lcom/fasterxml/jackson/core/TokenStreamFactory; #7: areturn
Reason:
Type 'com/fasterxml/jackson/core/JsonFactory' (current frame, stack[0]) is not assignable to 'com/fasterxml/jackson/core/TokenStreamFactory' (from method signature)
Current Frame:
bci: #7
flags: { }
locals: { 'com/fasterxml/jackson/databind/cfg/MapperBuilder' }
stack: { 'com/fasterxml/jackson/core/JsonFactory' }
Bytecode:
0x0000000: 2ab4 0002 b600 08b0
at com.fasterxml.jackson.databind.json.JsonMapper.builder(JsonMapper.java:114)
at com.datastax.dsbulk.commons.codecs.json.JsonCodecUtils.getObjectMapper(JsonCodecUtils.java:36)
at com.datastax.kafkaconnector.codecs.CodecSettings.init(CodecSettings.java:131)
at com.datastax.kafkaconnector.state.LifeCycleManager.lambda$buildInstanceState$9(LifeCycleManager.java:423)
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
at java.util.HashMap$ValueSpliterator.forEachRemaining(HashMap.java:1625)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
at com.datastax.kafkaconnector.state.LifeCycleManager.buildInstanceState(LifeCycleManager.java:457)
at com.datastax.kafkaconnector.state.LifeCycleManager.lambda$startTask$0(LifeCycleManager.java:106)
at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1660)
at com.datastax.kafkaconnector.state.LifeCycleManager.startTask(LifeCycleManager.java:101)
at com.datastax.kafkaconnector.DseSinkTask.start(DseSinkTask.java:74)
at org.apache.kafka.connect.runtime.WorkerSinkTask.initializeAndStart(WorkerSinkTask.java:244)
at org.apache.kafka.connect.runtime.WorkerSinkTask.execute(WorkerSinkTask.java:145)
at org.apache.kafka.connect.runtime.WorkerTask.doRun(WorkerTask.java:139)
at org.apache.kafka.connect.runtime.WorkerTask.run(WorkerTask.java:182)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
No additional error on cassandra or Kafka side.
I see active connection on the cassandra node but nothing arrive in the Keyspace.
Any idea why ?
Imho this is a problem caused by use of the JSON internal converters with BigDecimal data (see related SO question). As described in the following blog post, the internal.key.converter and internal.value.converter are deprecated since Kafka 2.0, and shouldn't be explicitly set. Can you comment out all internal. properties & re-try?
P.S. Also see how JSON + Decimal has changed in Kafka 2.4

Obtaining Azure Access Token for German Cloud

I have a small program which fails while trying to obtain the Access Token for the Azure German Cloud
public static String generateAccessToken(AzureAccount accountValue) throws MalformedURLException, InterruptedException,
ExecutionException, ServiceUnavailableException {
AuthenticationContext context;
ExecutorService service = null;
try {
String tenantId = accountValue.getTenant();
String ClientID = accountValue.getClient();
String secretKey = accountValue.getKey();
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(
"https://login.microsoftonline.de/" + tenantId
+ "/oauth2/authorize", false,
service);
ClientCredential cred = new ClientCredential(ClientID, secretKey);
Future<AuthenticationResult> future =
context.acquireToken("https://management.microsoftazure.de", cred,
null);
AuthenticationResult authenticationResult = future.get();
if (authenticationResult == null) {
throw new ServiceUnavailableException("authentication result was null");
}
System.out.println("Bearer " + authenticationResult.getAccessToken());
return "Bearer " + authenticationResult.getAccessToken();
}
finally {
service.shutdown();
}
}
The code works correctly for the Azure General Cloud but is failing for the German Cloud.
This is the stackTrace
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.microsoft.aad.adal4j.AdalOAuthRequest.configureHeaderAndExecuteOAuthCall(AdalOAuthRequest.java:140)
at com.microsoft.aad.adal4j.AdalOAuthRequest.send(AdalOAuthRequest.java:83)
at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:80)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:818)
at com.microsoft.aad.adal4j.AuthenticationContext.access$100(AuthenticationContext.java:66)
at com.microsoft.aad.adal4j.AuthenticationContext$1.call(AuthenticationContext.java:174)
at com.microsoft.aad.adal4j.AuthenticationContext$1.call(AuthenticationContext.java:163)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 29 more
java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.util.concurrent.FutureTask.get(FutureTask.java:192)
at com.vmturbo.mediation.azure.Runner.generateAccessToken(Runner.java:127)
at com.vmturbo.mediation.azure.Runner.main(Runner.java:79)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.microsoft.aad.adal4j.AdalOAuthRequest.configureHeaderAndExecuteOAuthCall(AdalOAuthRequest.java:140)
at com.microsoft.aad.adal4j.AdalOAuthRequest.send(AdalOAuthRequest.java:83)
at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:80)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:818)
at com.microsoft.aad.adal4j.AuthenticationContext.access$100(AuthenticationContext.java:66)
at com.microsoft.aad.adal4j.AuthenticationContext$1.call(AuthenticationContext.java:174)
at com.microsoft.aad.adal4j.AuthenticationContext$1.call(AuthenticationContext.java:163)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
It looks like it is looking for some certificate file which I have no idea about. Does anybody have any idea about this ?
Also is there a way of obtaining the Azure Access token using the Azure Java SDK so that I don't have to make a REST API call individually ?
This is because you were using a VM not in the German IP range. You have two options:
Deploy a VM in Azure Germany cloud or in AWS Frankfurt
In order to deploy from a non-German location: update the Java SDK you have (I had 1.8.0_92 and updated to 1.8.0_144) and this should work

Security issue while writing data to HBase table from SPARK using Java

JavaDStream<FreshInput> inputDStream = kafkaInputDStream
.map(new Function<Tuple2<String, FreshInput>, FreshInput>() {
private static final long serialVersionUID = 1L;
#Override
public FreshInput call(Tuple2<String, FreshInput> tuple) throws Exception {
if(tuple._2!=null)
{
FreshLogger.errorLog_and_Console("***************************************************");
FreshLogger.errorLog_and_Console("INSIDE FRESH INPUT CALL");
FreshLogger.errorLog_and_Console(tuple._1.toString());
FreshLogger.errorLog_and_Console(tuple._2.toString());
FreshLogger.errorLog_and_Console("***************************************************");
Configuration hconf=HBaseConfiguration.create();
hconf.addResource(new Path("/etc/hbase/conf/core-site.xml"));
hconf.addResource(new Path("/etc/hbase/conf/hbase-site.xml"));
UserGroupInformation.setConfiguration(hconf);
FreshLogger.errorLog_and_Console("hconf is "+hconf.toString());
//UserGroupInformation.loginUserFromKeytabAndReturnUGI("gffshnee", "/etc/krb5.keytab");
Connection connection = ConnectionFactory.createConnection(hconf);
Table table = connection.getTable(TableName.valueOf("gfttsdgn:FRESHHBaseRushi"));
Put p = new Put(Bytes.toBytes("row1"));
p.add(Bytes.toBytes("c1"), Bytes.toBytes("output"), Bytes.toBytes("rushi"));
table.put(p);
}
return tuple._2();
}
});
Getting following Exception:
2017-02-24 09:09:33 WARN -FRESH Executor task launch worker-0 -UserGroupInformation : PriviledgedActionException as:gffshnee (auth:SIMPLE) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
2017-02-24 09:09:33 WARN -FRESH Executor task launch worker-0 -RpcClientImpl$Connection$1 : Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
2017-02-24 09:09:33 ERROR-FRESH Executor task launch worker-0 -RpcClientImpl$Connection$1 : SASL authentication failed. The most likely cause is missing or invalid credentials. Consider 'kinit'.
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212)
at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:181)
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClientImpl.java:617)
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$700(RpcClientImpl.java:162)
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:743)
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:740)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1783)
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupIOstreams(RpcClientImpl.java:740)
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.writeRequest(RpcClientImpl.java:906)
at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.tracedWriteRequest(RpcClientImpl.java:873)
at org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1242)
at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:227)
at org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:336)
at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.get(ClientProtos.java:34070)
at org.apache.hadoop.hbase.protobuf.ProtobufUtil.getRowOrBefore(ProtobufUtil.java:1589)
at org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.locateRegionInMeta(ConnectionManager.java:1398)
at org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.locateRegion(ConnectionManager.java:1199)
at org.apache.hadoop.hbase.client.AsyncProcess.submit(AsyncProcess.java:395)
at org.apache.hadoop.hbase.client.AsyncProcess.submit(AsyncProcess.java:344)
at org.apache.hadoop.hbase.client.BufferedMutatorImpl.backgroundFlushCommits(BufferedMutatorImpl.java:238)
at org.apache.hadoop.hbase.client.BufferedMutatorImpl.flush(BufferedMutatorImpl.java:190)
at org.apache.hadoop.hbase.client.HTable.flushCommits(HTable.java:1495)
at org.apache.hadoop.hbase.client.HTable.put(HTable.java:1086)
at com.citi.fresh.freshcore.util.ProcessRDD$1.call(ProcessRDD.java:198)
at com.citi.fresh.freshcore.util.ProcessRDD$1.call(ProcessRDD.java:160)
at org.apache.spark.api.java.JavaPairRDD$$anonfun$toScalaFunction$1.apply(JavaPairRDD.scala:1015)
at scala.collection.Iterator$$anon$11.next(Iterator.scala:328)
at scala.collection.Iterator$$anon$11.next(Iterator.scala:328)
at scala.collection.convert.Wrappers$IteratorWrapper.next(Wrappers.scala:30)
at com.citi.fresh.freshcore.util.ProcessRDD$3$1.call(ProcessRDD.java:361)
at com.citi.fresh.freshcore.util.ProcessRDD$3$1.call(ProcessRDD.java:352)
at org.apache.spark.api.java.JavaRDDLike$$anonfun$foreachPartition$1.apply(JavaRDDLike.scala:225)
at org.apache.spark.api.java.JavaRDDLike$$anonfun$foreachPartition$1.apply(JavaRDDLike.scala:225)
at org.apache.spark.rdd.RDD$$anonfun$foreachPartition$1$$anonfun$apply$33.apply(RDD.scala:920)
at org.apache.spark.rdd.RDD$$anonfun$foreachPartition$1$$anonfun$apply$33.apply(RDD.scala:920)
at org.apache.spark.SparkContext$$anonfun$runJob$5.apply(SparkContext.scala:1869)
at org.apache.spark.SparkContext$$anonfun$runJob$5.apply(SparkContext.scala:1869)
at org.apache.spark.scheduler.ResultTask.runTask(ResultTask.scala:66)
at org.apache.spark.scheduler.Task.run(Task.scala:89)
at org.apache.spark.executor.Executor$TaskRunner.run(Executor.scala:214)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)
Please suggest.

Connecting to cassandra cluster with kerberos using java driver

I followed the instructions from the following datastax post - Accessing secure DSE clusters
This is my code snippet -
public static void main(String[] args) {
KerberosAuthenticatedClient client = new KerberosAuthenticatedClient();
System.setProperty("java.security.krb5.conf","C:/Users/ADMIN/Desktop/krb5.config");
System.setProperty("java.security.auth.login.config","C:/Users/ADMIN/Desktop/DseClient.config");
cluster = Cluster.builder().addContactPoint(node).withAuthProvider(new DseAuthProvider()).build();
session = cluster.connect();
This is my DseClient File -
DseClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
doNotPrompt=true
keyTab="C:/Users/ADMIN/Desktop/dse.keytab"
principal="rock#MY.COM";
};
And This is my krb5.conf -
[libdefaults]
default_realm = MY.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
MY.COM = {
kdc = x.x.x.x
admin_server = x.x.x.x
}
[domain_realm]
.my.com = MY.COM
my.com = MY.COM
I have installed kerberos on my client machine and also on the servers too. But when I run I get the following error :-
Exception in thread "main" java.lang.RuntimeException: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.datastax.driver.core.sasl.KerberosAuthenticator.loginSubject(KerberosAuthenticator.java:113)
at com.datastax.driver.core.sasl.KerberosAuthenticator.<init>(KerberosAuthenticator.java:94)
at com.datastax.driver.core.sasl.DseAuthProvider.newAuthenticator(DseAuthProvider.java:52)
at com.datastax.driver.core.Connection.initializeTransport(Connection.java:163)
at com.datastax.driver.core.Connection.<init>(Connection.java:131)
at com.datastax.driver.core.Connection.<init>(Connection.java:59)
at com.datastax.driver.core.Connection$Factory.open(Connection.java:444)
at com.datastax.driver.core.ControlConnection.tryConnect(ControlConnection.java:205)
at com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:168)
at com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:81)
at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:812)
at com.datastax.driver.core.Cluster$Manager.access$100(Cluster.java:739)
at com.datastax.driver.core.Cluster.<init>(Cluster.java:82)
at com.datastax.driver.core.Cluster.<init>(Cluster.java:67)
at com.datastax.driver.core.Cluster$Builder.build(Cluster.java:708)
at KerberosAuthenticatedClient.connect(KerberosAuthenticatedClient.java:19)
at KerberosAuthenticatedClient.main(KerberosAuthenticatedClient.java:45)
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at com.datastax.driver.core.sasl.KerberosAuthenticator.loginSubject(KerberosAuthenticator.java:109)
... 16 more
The error in the stacktrace is complaining that it is unable to find any credentials for the OS user executing the request. This is usually cause by one of three conditions:
not setting the location of the JAAS config correctly (which causes us to fall back to the default of using the TGT cache & often leading to 2.)
an empty local ticket cache (when not using a keytab)
credentials for the specified principal missing from the keytab
The first thing I'd check is that you have set the java.security.auth.login.config system property to the location of your JAAS config file (the DseClient file) correctly?
If you have and are still seeing the error, you can check the contents of the keytab with klist -e -t -k /path/to/keytab
Another useful tip for debugging is to set -Dsun.security.krb5.debug=true which will dump lots of detailed info to stdout.
I changed the service principle to dse/hostname#REALM from cassandra/hostname#REALM and it worked. I am not sure why the java program which I ran from my windows machine was taking the service principle as dse/hostname instead of cassandra/hostname

Embedded Glassfish, security and Arquillian questions

I want to test my EJBs on an embedded Glassfish using Arquillian.
The important thing is that I have to have security up because my bean logic does some programmatic security checking (sessionContext.isCallerInRole(role)).
Is it possible to simulate a login with Arquillian on an Embedded Glassfish?
How do I setup the Embedded Glassfish to use user and role property files?
[EDIT]
I found a post who's directions I decided to follow (http://community.jboss.org/message/580290) but I still got issues.
1 my arquillian.xml isn't picked up
2 I get warnings concerning #Resource SessionContext
3 I can't get the running server's instance
src/test/resources/arquillian.xml:
<arquillian xmlns="http://jboss.com/arquillian"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:glassfish="urn:arq:org.jboss.arquillian.container.glassfish.embedded_3">
<glassfish:container>
<glassfish:bindHttpPort>9090</glassfish:bindHttpPort>
<glassfish:instanceRoot>src/test/glassfish</glassfish:instanceRoot>
<glassfish:autoDelete>true</glassfish:autoDelete>
</glassfish:container>
</arquillian>
my test:
#RunWith(Arquillian.class)
public class ArquillianTestCase {
#Deployment
public static JavaArchive createDeployment() {
final JavaArchive jar = ShrinkWrap.create(JavaArchive.class, "test.jar")
.addClasses(FileBrowser.class, FileBrowserBean.class).addAsResource("META-INF/ejb-jar.xml")
.addAsResource("META-INF/glassfish-ejb-jar.xml");
return jar;
}
#EJB
private FileBrowser fileBrowser;
#Test
public void setupSecurity() throws Exception {
GlassfishTestHelper.createFileUser("user1", "xxx", "role1");
}
#Test
public void testLoadConfiguration() throws Exception {
final boolean loggedIn = GlassfishTestHelper.loginFileUser("user1", "xxx");
Assert.assertEquals(true, loggedIn);
this.fileBrowser.loadConfiguration();
}
my login helper class:
public final class GlassfishTestHelper {
private GlassfishTestHelper() {
}
public static void createFileUser(final String username, final String password, final String groups) throws Exception {
final Server server = Server.getServer(Server.getServerNames().get(0)); // NPE
final String command = "create-file-user";
final ParameterMap params = new ParameterMap();
params.add("userpassword", password);
params.add("groups", groups);
params.add("username", username);
final CommandRunner runner = server.getHabitat().getComponent(CommandRunner.class);
final ActionReport report = server.getHabitat().getComponent(ActionReport.class);
runner.getCommandInvocation(command, report).parameters(params).execute();
if (report.getMessage() != null) {
throw new Exception(String.format("Failed to create user : %s - message %s", username, report.getMessage()),
report.getFailureCause());
}
}
public static boolean loginFileUser(final String username, final String password) throws Exception {
final ProgrammaticLogin login = new ProgrammaticLogin();
return login.login(username, password.toCharArray(), "fileRealm", true);
}
}
my EJB:
#Stateless
#Local(FileBrowser.class)
public class FileBrowserBean implements FileBrowser {
#Resource
private SessionContext sessionContext;
#Override
public Set<Application> loadConfiguration() throws FileBrowserException {
// ...
}
}
If I run the test, this is the output:
Running com.jnj.gtsc.services.filebrowser.ArquillianTestCase
18-Apr-2011 16:14:30 org.jboss.arquillian.impl.client.container.ContainerRegistryCreator getActivatedConfiguration
INFO: Could not read active container configuration: null
18-Apr-2011 16:14:31 com.sun.enterprise.v3.server.CommonClassLoaderServiceImpl findDerbyClient
INFO: Cannot find javadb client jar file, derby jdbc driver will not be available by default.
18-Apr-2011 16:14:31 org.hibernate.validator.util.Version <clinit>
INFO: Hibernate Validator null
18-Apr-2011 16:14:31 org.hibernate.validator.engine.resolver.DefaultTraversableResolver detectJPA
INFO: Instantiated an instance of org.hibernate.validator.engine.resolver.JPATraversableResolver.
18-Apr-2011 16:14:32 com.sun.enterprise.v3.services.impl.GrizzlyService createNetworkProxy
INFO: Network listener https-listener on port 0 disabled per domain.xml
18-Apr-2011 16:14:32 com.sun.enterprise.v3.server.AppServerStartup run
INFO: GlassFish Server Open Source Edition 3.1 (java_re-private) startup time : Embedded (655ms), startup services(395ms), total(1,050ms)
18-Apr-2011 16:14:32 com.sun.enterprise.v3.services.impl.GrizzlyProxy$2$1 onReady
INFO: Grizzly Framework 1.9.31 started in: 121ms - bound to [0.0.0.0:8181]
18-Apr-2011 16:14:32 org.glassfish.admin.mbeanserver.JMXStartupService$JMXConnectorsStarterThread run
INFO: JMXStartupService: JMXConnector system is disabled, skipping.
18-Apr-2011 16:14:33 com.sun.enterprise.security.SecurityLifecycle <init>
INFO: SEC1002: Security Manager is OFF.
18-Apr-2011 16:14:33 com.sun.enterprise.security.SecurityLifecycle onInitialization
INFO: SEC1010: Entering Security Startup Service
18-Apr-2011 16:14:33 com.sun.enterprise.security.PolicyLoader loadPolicy
INFO: SEC1143: Loading policy provider com.sun.enterprise.security.jacc.provider.SimplePolicyProvider.
18-Apr-2011 16:14:34 com.sun.enterprise.security.auth.realm.Realm doInstantiate
INFO: SEC1115: Realm [admin-realm] of classtype [com.sun.enterprise.security.auth.realm.file.FileRealm] successfully created.
18-Apr-2011 16:14:34 com.sun.enterprise.security.auth.realm.Realm doInstantiate
INFO: SEC1115: Realm [file] of classtype [com.sun.enterprise.security.auth.realm.file.FileRealm] successfully created.
18-Apr-2011 16:14:34 com.sun.enterprise.security.auth.realm.Realm doInstantiate
INFO: SEC1115: Realm [certificate] of classtype [com.sun.enterprise.security.auth.realm.certificate.CertificateRealm] successfully created.
18-Apr-2011 16:14:34 com.sun.enterprise.security.SecurityLifecycle onInitialization
INFO: SEC1011: Security Service(s) Started Successfully
18-Apr-2011 16:14:34 com.sun.enterprise.web.WebContainer createHttpListener
INFO: WEB0169: Created HTTP listener [http-listener] on host/port [0.0.0.0:8181]
18-Apr-2011 16:14:34 com.sun.enterprise.web.WebContainer createHosts
INFO: WEB0171: Created virtual server [server]
18-Apr-2011 16:14:34 com.sun.enterprise.web.WebContainer loadSystemDefaultWebModules
INFO: WEB0172: Virtual server [server] loaded default web module []
18-Apr-2011 16:14:35 org.glassfish.apf.impl.DefaultErrorHandler warning
WARNING: Incorrect #Resource annotation class definition - missing lookup attribute
symbol: FIELD
location: private javax.ejb.SessionContext com.jnj.gtsc.services.filebrowser.ejb.FileBrowserBean.sessionContext
18-Apr-2011 16:14:35 org.glassfish.apf.impl.DefaultErrorHandler warning
WARNING: Incorrect #Resource annotation class definition - missing lookup attribute
symbol: FIELD
location: private javax.ejb.SessionContext com.jnj.gtsc.services.filebrowser.ejb.FileBrowserBean.sessionContext
classLoader = WebappClassLoader (delegate=true; repositories=WEB-INF/classes/)
SharedSecrets.getJavaNetAccess()=java.net.URLClassLoader$7#720f6c
18-Apr-2011 16:14:35 com.sun.ejb.containers.BaseContainer initializeHome
INFO: Portable JNDI names for EJB FileBrowserBean : [java:global/test/FileBrowserBean!com.jnj.gtsc.services.filebrowser.ejb.FileBrowser, java:global/test/FileBrowserBean]
18-Apr-2011 16:14:36 com.sun.enterprise.web.WebApplication start
INFO: WEB0671: Loading application [test] at [/test]
18-Apr-2011 16:14:36 org.glassfish.deployment.admin.DeployCommand execute
PlainTextActionReporterSUCCESSDescription: deploy AdminCommandApplication deployed with name test.
INFO: test was successfully deployed in 2,845 milliseconds.
[name=test
18-Apr-2011 16:14:36 org.jboss.arquillian.testenricher.cdi.CDIInjectionEnricher injectClass
INFO: BeanManager cannot be located at java:comp/BeanManager. Either you are using an archive with no beans.xml, or the BeanManager has not been bound to that location in JNDI.
18-Apr-2011 16:14:36 org.jboss.arquillian.testenricher.cdi.CDIInjectionEnricher injectClass
INFO: BeanManager cannot be located at java:comp/BeanManager. Either you are using an archive with no beans.xml, or the BeanManager has not been bound to that location in JNDI.
18-Apr-2011 16:14:36 com.sun.appserv.security.ProgrammaticLogin login
SEVERE: SEC9050: Programmatic login failed
com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Unable to locate a login configuration
at com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:394)
at com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:240)
at com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:153)
at com.sun.appserv.security.ProgrammaticLogin$1.run(ProgrammaticLogin.java:174)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.appserv.security.ProgrammaticLogin.login(ProgrammaticLogin.java:168)
at com.jnj.gtsc.services.filebrowser.util.GlassfishTestHelper.loginFileUser(GlassfishTestHelper.java:67)
at com.jnj.gtsc.services.filebrowser.ArquillianTestCase.testLoadConfiguration(ArquillianTestCase.java:71)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
at org.jboss.arquillian.junit.Arquillian$6$1.invoke(Arquillian.java:259)
at org.jboss.arquillian.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:63)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90)
at org.jboss.arquillian.impl.core.EventContextImpl.invokeObservers(EventContextImpl.java:98)
at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:80)
at org.jboss.arquillian.impl.core.ManagerImpl.fire(ManagerImpl.java:126)
at org.jboss.arquillian.impl.core.ManagerImpl.fire(ManagerImpl.java:106)
at org.jboss.arquillian.impl.core.EventImpl.fire(EventImpl.java:67)
at org.jboss.arquillian.impl.execution.ContainerTestExecuter.execute(ContainerTestExecuter.java:38)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90)
at org.jboss.arquillian.impl.core.EventContextImpl.invokeObservers(EventContextImpl.java:98)
at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:80)
at org.jboss.arquillian.impl.TestContextHandler.createTestContext(TestContextHandler.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90)
at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:87)
at org.jboss.arquillian.impl.TestContextHandler.createClassContext(TestContextHandler.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90)
at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:87)
at org.jboss.arquillian.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:54)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90)
at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:87)
at org.jboss.arquillian.impl.core.ManagerImpl.fire(ManagerImpl.java:126)
at org.jboss.arquillian.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:101)
at org.jboss.arquillian.junit.Arquillian$6.evaluate(Arquillian.java:251)
at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:214)
at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:303)
at org.jboss.arquillian.junit.Arquillian.access$300(Arquillian.java:45)
at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:228)
at org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:173)
at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:303)
at org.jboss.arquillian.junit.Arquillian.access$300(Arquillian.java:45)
at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:187)
at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:127)
at org.junit.runner.JUnitCore.run(JUnitCore.java:157)
at org.junit.runner.JUnitCore.run(JUnitCore.java:136)
at org.jboss.arquillian.junit.JUnitTestRunner.execute(JUnitTestRunner.java:69)
at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.doGet(ServletTestRunner.java:84)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1534)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:326)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:227)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:170)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:822)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1013)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.SecurityException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at javax.security.auth.login.Configuration$3.run(Configuration.java:247)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:367)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:444)
at com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:381)
... 107 more
Caused by: java.io.IOException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:250)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91)
... 122 more
classLoader = WebappClassLoader (delegate=true; repositories=WEB-INF/classes/)
SharedSecrets.getJavaNetAccess()=java.net.URLClassLoader$7#720f6c
PlainTextActionReporterSUCCESSNo monitoring data to report.
Glassfish standalone instance configuration may be used with Arquillian GlassFish Embedded containter adapter. You need to check security in your tests, so you must prepare your GlassFish instance configuration first. This can be achieved also by programmatic configuration (see https://stackoverflow.com/a/20411981/2169124), but for me configuration in test resources looks more natural. To configure users in file realm (used by default) you need to:
Install standalone Glassfish server;
Start Glassfish instance with asadmin command:
$GLASSFISH_HOME/bin/asadmin start-domain
Add users to file realm with asadmin command (stored in file named keyfile):
$GLASSFISH_HOME/bin/asadmin create-file-user --user username
Copy folders
$GLASSFISH_HOME/glassfish/domains/domain1/config
$GLASSFISH_HOME/glassfish/domains/domain1/docroot
to test resources (for example src/test/resources/domain, assuming that you are using maven)
In arquillian.xml define path to glassfish configuration (it will be copied to target/test-classes/domain by maven):
<?xml version="1.0" encoding="UTF-8"?>
<arquillian xmlns="http://jboss.org/schema/arquillian"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://jboss.org/schema/arquillian
http://jboss.org/schema/arquillian/arquillian_1_0.xsd">
<container qualifier="glassfish-embedded" default="true">
<configuration>
<property name="instanceRoot">target/test-classes/domain</property>
</configuration>
</container>
Map users to roles in glassfish-application.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-application PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Java EE Application 6.0//EN" "http://glassfish.org/dtds/glassfish-application_6_0-1.dtd">
<glassfish-application>
<security-role-mapping>
<role-name>admin</role-name>
<principal-name>username</principal-name>
</security-role-mapping>
</glassfish-application>
Add glassfish-application.xml to test artifact:
ShrinkWrap.create(EnterpriseArchive.class)
.addAsModule(ejbJar)
.addAsManifestResource(new File("src/test/resources/glassfish-application.xml"))
In test method use ProgrammaticLogin to handle authentication:
ProgrammaticLogin programmaticLogin = new ProgrammaticLogin();
programmaticLogin.login("username", "password");

Resources