I am using OpenAM as an authentication solution for my web app. I have configured OpenAM behind a reverse proxy. I have made all the changes regarding headers and its working fine. I have also configured a site for the server. I can login as admin and configure realms and policies. I have configured a web agent to be used with my app. I am facing an issue with the web agent. When I login to my app request goes to OpenAM and it authenticates the user, but cannot redirect to the designated page. It just shows
#403x
on the browser. In the authenticator logs I see the following
amCDC:09/30/2021 01:54:19:020 PM UTC: Thread[http-apr-8080-exec-8,5,main]: TransactionId[786cdea2-e670-488d-955d-f6679002c3c0-1140]
ERROR: Invalid Agent: Could not get agent for the realm
java.lang.Exception: Goto URL not valid for the agent Provider ID
at com.iplanet.services.cdc.LdapSPValidator.validateAndGetRestriction(LdapSPValidator.java:208)
at com.iplanet.services.cdc.CDCServlet.redirectWithAuthNResponse(CDCServlet.java:375)
at com.iplanet.services.cdc.CDCServlet.doGetPost(CDCServlet.java:343)
at com.iplanet.services.cdc.CDCServlet.doGet(CDCServlet.java:234)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:106)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:670)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:2445)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
amCDC:09/30/2021 01:54:19:020 PM UTC: Thread[http-apr-8080-exec-8,5,main]: TransactionId[786cdea2-e670-488d-955d-f6679002c3c0-1140]
ERROR: CDCServlet.doGetPost
java.lang.Exception: Invalid Agent: Could not get agent for the realm
at com.iplanet.services.cdc.LdapSPValidator.validateAndGetRestriction(LdapSPValidator.java:227)
at com.iplanet.services.cdc.CDCServlet.redirectWithAuthNResponse(CDCServlet.java:375)
at com.iplanet.services.cdc.CDCServlet.doGetPost(CDCServlet.java:343)
at com.iplanet.services.cdc.CDCServlet.doGet(CDCServlet.java:234)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:106)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:670)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:2445)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
I have done all the relevant configuration for agent as well. I have disabled server lookup, set the following properties as recommended in documentation
com.sun.identity.agents.config.agenturi.prefix
com.sun.identity.agents.config.override.protocol=true
com.sun.identity.agents.config.override.host=true
com.sun.identity.agents.config.override.port=true
My site url is
https://example.com/openam
I create the agent like this
server url = https://example.com:443/openam
agent url = https://example.com:443/
My Agent configurations is as follows
com.sun.identity.agents.config.agent.logout.url[0]=
com.sun.identity.agents.config.agenturi.prefix=https://example.com:443/amagent
com.sun.identity.agents.config.anonymous.user.enable=false
com.sun.identity.agents.config.anonymous.user.id=anonymous
com.sun.identity.agents.config.attribute.multi.value.separator=|
com.sun.identity.agents.config.audit.accesstype=LOG_BOTH
com.sun.identity.agents.config.auth.connection.timeout=2
com.sun.identity.agents.config.cdsso.cdcservlet.url[0]=https://example.com:443/openam/cdcservlet
com.sun.identity.agents.config.cdsso.cookie.domain[0]=
com.sun.identity.agents.config.cdsso.enable=false
com.sun.identity.agents.config.change.notification.enable=true
com.sun.identity.agents.config.cleanup.interval=30
com.sun.identity.agents.config.client.ip.validation.enable=false
com.sun.identity.agents.config.convert.mbyte.enable=false
com.sun.identity.agents.config.cookie.name=iPlanetDirectoryPro
com.sun.identity.agents.config.cookie.reset.enable=false
com.sun.identity.agents.config.cookie.reset[0]=
com.sun.identity.agents.config.cookie.secure=false
com.sun.identity.agents.config.debug.file.rotate=true
com.sun.identity.agents.config.debug.file.size=10000000
com.sun.identity.agents.config.debug.level=All
com.sun.identity.agents.config.domino.check.name.database=false
com.sun.identity.agents.config.domino.ltpa.config.name=LtpaToken
com.sun.identity.agents.config.domino.ltpa.cookie.name=LtpaToken
com.sun.identity.agents.config.domino.ltpa.enable=false
com.sun.identity.agents.config.encode.cookie.special.chars.enable=false
com.sun.identity.agents.config.encode.url.special.chars.enable=false
com.sun.identity.agents.config.fetch.from.root.resource=false
com.sun.identity.agents.config.fqdn.check.enable=true
com.sun.identity.agents.config.fqdn.default=example.com
com.sun.identity.agents.config.fqdn.mapping[]=
com.sun.identity.agents.config.get.client.host.name=false
com.sun.identity.agents.config.ignore.path.info=false
com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list=true
com.sun.identity.agents.config.ignore.preferred.naming.url=true
com.sun.identity.agents.config.ignore.server.check=true
com.sun.identity.agents.config.iis.filter.priority=HIGH
com.sun.identity.agents.config.iis.logonuser=false
com.sun.identity.agents.config.iis.owa.enable=false
com.sun.identity.agents.config.iis.owa.enable.change.protocol=false
com.sun.identity.agents.config.iis.password.header=false
com.sun.identity.agents.config.load.balancer.enable=true
com.sun.identity.agents.config.local.log.rotate=true
com.sun.identity.agents.config.local.log.size=52428800
com.sun.identity.agents.config.locale=en_US
com.sun.identity.agents.config.log.disposition=ALL
com.sun.identity.agents.config.login.url[0]=https://example.com:443/openam/UI/Login
com.sun.identity.agents.config.logout.cookie.reset[0]=
com.sun.identity.agents.config.logout.url[0]=https://example.com:443/openam/UI/Logout
com.sun.identity.agents.config.notenforced.ip[0]=
com.sun.identity.agents.config.notenforced.url.attributes.enable=false
com.sun.identity.agents.config.notenforced.url.invert=false
com.sun.identity.agents.config.notenforced.url[0]=/logout.html
com.sun.identity.agents.config.notenforced.url[1]=/images/*
com.sun.identity.agents.config.notenforced.url[2]=/css/-*-
com.sun.identity.agents.config.notenforced.url[3]=/*.jsp?locale=*
com.sun.identity.agents.config.notification.enable=true
com.sun.identity.agents.config.organization.name=/
com.sun.identity.agents.config.override.host=true
com.sun.identity.agents.config.override.notification.url=true
com.sun.identity.agents.config.override.port=true
com.sun.identity.agents.config.override.protocol=true
com.sun.identity.agents.config.policy.cache.polling.interval=3
com.sun.identity.agents.config.policy.clock.skew=0
com.sun.identity.agents.config.poll.primary.server=5
com.sun.identity.agents.config.polling.interval=60
com.sun.identity.agents.config.postcache.entry.lifetime=10
com.sun.identity.agents.config.postdata.preserve.enable=false
com.sun.identity.agents.config.profile.attribute.cookie.maxage=300
com.sun.identity.agents.config.profile.attribute.cookie.prefix=HTTP_
com.sun.identity.agents.config.profile.attribute.fetch.mode=NONE
com.sun.identity.agents.config.profile.attribute.mapping[]=
com.sun.identity.agents.config.proxy.override.host.port=false
com.sun.identity.agents.config.redirect.param=goto
com.sun.identity.agents.config.remote.log.interval=5
com.sun.identity.agents.config.remote.logfile=amAgent_xyz_com_443.log
com.sun.identity.agents.config.repository.location=centralized
com.sun.identity.agents.config.response.attribute.fetch.mode=NONE
com.sun.identity.agents.config.response.attribute.mapping[]=
com.sun.identity.agents.config.session.attribute.fetch.mode=NONE
com.sun.identity.agents.config.session.attribute.mapping[]=
com.sun.identity.agents.config.sso.cache.polling.interval=3
com.sun.identity.agents.config.sso.only=false
com.sun.identity.agents.config.url.comparison.case.ignore=true
com.sun.identity.agents.config.userid.param=UserToken
com.sun.identity.agents.config.userid.param.type=session
com.sun.identity.client.notification.url=https://example.com:443/UpdateAgentCacheServlet?shortcircuit=false
org.forgerock.openam.agents.config.policy.evaluation.application=iPlanetAMWebAgentService
org.forgerock.openam.agents.config.policy.evaluation.realm=/
sunIdentityServerDeviceKeyValue[0]=agentRootURL=https://example.com:443/
sunIdentityServerDeviceStatus=Active
userpassword=
But still it is not working. Can someone explain what I am missing and how can I resolve this?
regards
EDIT
I have added headers to my nginx setup for the app
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forward-For op$proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
now the error has changed
error: [bq2ptiS62] Unknown issuer: http://example.com:8080/openam/cdcservlet Unknown issuer: http://example.com:8080/openam/cdcservlet {"stack":"Error: Unknown issuer: http://example.com:8080/openam/cdcservlet
at PolicyAgent.<anonymous> (/node_modules/#forgerock/openam-agent/dist/policyagent/policy-agent.js:483:35)
at step (/node_modules/#forgerock/openam-agent/dist/policyagent/policy-agent.js:57:23)
at Object.next (/node_modules/#forgerock/openam-agent/dist/policyagent/policy-agent.js:38:53)
at fulfilled (/node_modules/#forgerock/openam-agent/dist/policyagent/policy-agent.js:29:58)
at process._tickCallback (internal/process/next_tick.js:68:7)","timestamp":"2021-10-04T15:21:40.630Z"}
The error repsonse body #403x is raised by OpenAM's CDCServlet when the value of the Agent profile property 'Agent Root URL' does not include the one sent with the CDSSO request.
Related
Zookeeper acts as a server and configured with keystore, which has server certificate. Certificate chain in my keystore looks like below:
MyIntermediateCert (signed by MyRootCertificate)
MyZookeeperCertificate (signed by MyIntermediateCert)
Another parameter defined is truststore, in which I have only root CA MyRootCertificate.
While zk is starting I see in logs that external connection is configured with TLS everything is fine, however when nodes of zk trying to build quorum and try communicate with each other - i receive classic TLS exception while TLS handshake between client and server.
Exception caught
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
ssl.quorum.hostnameVerification is false, I don't need hostname verification between nodes.
My expectation was that client sends request to server (call from one node to another), it receives certificate chain which includes server cert and intermediate cert (sign by CA), and this chain is validated in front of my trust store that includes CA.
This CA by the way is self generated by the way.
What I am missing?
I think I found the issue.
Problem is that my Intermediate Certificate does not include key identifier value in it's AKI extension, which should point to the root CA. It should be something like this:
I'm unable to connect to my Pulsar test cluster from my local environment, but it was working fine yesterday. Nothing has changed on the client-side or server-side. When I try to connect from my app, I get this exception:
2021-08-24T17:07:55,776 [pulsar-io-23-15] WARN org.apache.pulsar.broker.service.ServerCnx - [/10.16.13.41:23586] Got exception io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000438:SSL routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:792)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:475)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: error:10000438:SSL routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1007)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1271)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1225)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1296)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1339)
at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:205)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1340)
at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1247)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1284)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:498)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:437)
... 15 more```
Restarting the app does not resolve the issue.
We're using Pulsar token-auth with a pretty vanilla configuration:
client = PulsarClient.builder().serviceUrl(serviceUrl)
.tlsTrustCertsFilePath(serverCertificateFilePath.toString())
.enableTlsHostnameVerification(false)
.allowTlsInsecureConnection(false)
.authentication(AuthenticationFactory.token(authToken))
.build();
The consumer is also pretty standard (though it has a DLQ) and looks like this:
pulsarClient.newConsumer(Schema.STRING)
.consumerName(String.format("%s:%s", consumerProperties.getSubscriptionName(), UUID.randomUUID()))
.topic(consumerProperties.getDeadLetterTopic())
.subscriptionName(consumerProperties.getSubscriptionName())
.subscriptionType(SubscriptionType.Shared)
.messageListener(deadLetterTopicMessageListener)
.ackTimeout(consumerProperties.getAcknowledgeTimeout(), TimeUnit.SECONDS)
.subscribe();
We've double-checked that the token and certificates are all correct.
Also, the broker tlsProtocol includes v1, as follows:
tlsProtocols=TLSv1.2,TLSv1.1,TLSv1
How do I resolve this issue?
We've seen some edge cases where client VPN issues result in this error message.
Some users have reported that this issue is resolved after restarting, clearing their docker cache, and re-connecting to the VPN.
One user reported that it went away after multiple restarts, so it's possible that something times out eventually.
Hi I am facing this error on AWS Linux machine randomly my tomcat stops responding and when I restart machine, it starts working fine.
Logs I get against this request are mentioned below
org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name [0x030x000x00+&0xe00x000x000x000x000x00Cookie:]. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:413)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:261)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Exceptioncom.amazonaws.SdkClientException: Unable to execute HTTP request: cognito-idp.us-east-1.amazonaws.com
Exceptioncom.amazonaws.SdkClientException: Unable to execute HTTP request: cognito-idp.us-east-1.amazonaws.com
Exceptioncom.amazonaws.SdkClientException: Unable to execute HTTP request: cognito-idp.us-east-1.amazonaws.com
Exceptioncom.amazonaws.SdkClientException: Unable to execute HTTP request: cognito-idp.us-east-1.amazonaws.com
Exceptioncom.amazonaws.SdkClientException: Unable to execute HTTP request: cognito-idp.us-east-1.amazonaws.com
I have a web application deployed in tomcat7 on centos7, openjdk8. The web application uses the mssql server sqljdbc4-2.0.jar driver trying to connect to a sql server on windows machine without success. Here are the logs:
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (The TCP/IP connection to the host iam2w19.iam.lab, port 1433 has failed. Error: "Permission denied (connect failed). Verify the connection properties, check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port, and that no firewall is blocking TCP connections to the port.".)
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549) ~[commons-dbcp-1.3.jar:1.3]
at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388) ~[commons-dbcp-1.3.jar:1.3]
at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) ~[commons-dbcp-1.3.jar:1.3]
at com.arcot.common.database.DBManagerImpl.getConnection(DBManagerImpl.java:60) ~[arcot-common-2.3.jar:?]
at com.ibatis.sqlmap.engine.transaction.jdbc.JdbcTransaction.init(JdbcTransaction.java:48) ~[ibatis-2.3.4.726.jar:?]
at com.ibatis.sqlmap.engine.transaction.jdbc.JdbcTransaction.getConnection(JdbcTransaction.java:89) ~[ibatis-2.3.4.726.jar:?]
at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryForList(MappedStatement.java:139) ~[ibatis-2.3.4.726.jar:?]
at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:567) ~[ibatis-2.3.4.726.jar:?]
at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:541) ~[ibatis-2.3.4.726.jar:?]
at com.ibatis.sqlmap.engine.impl.SqlMapSessionImpl.queryForList(SqlMapSessionImpl.java:118) ~[ibatis-2.3.4.726.jar:?]
at com.ibatis.sqlmap.engine.impl.SqlMapSessionImpl.queryForList(SqlMapSessionImpl.java:122) ~[ibatis-2.3.4.726.jar:?]
at com.ibatis.sqlmap.engine.impl.SqlMapClientImpl.queryForList(SqlMapClientImpl.java:98) ~[ibatis-2.3.4.726.jar:?]
at com.arcot.common.cache.db.CacheRefreshService.getCacheRefreshState(CacheRefreshService.java:125) [arcot-common-2.3.jar:?]
at com.arcot.common.cache.CacheRefresher.readCacheState(CacheRefresher.java:146) [arcot-common-2.3.jar:?]
at com.arcot.common.cache.CacheRefresher.initialize(CacheRefresher.java:97) [arcot-common-2.3.jar:?]
at com.arcot.common.cache.CacheRefresher.(CacheRefresher.java:91) [arcot-common-2.3.jar:?]
at com.arcot.common.cache.CacheRefresher.getInstance(CacheRefresher.java:152) [arcot-common-2.3.jar:?]
at com.arcot.admin.framework.config.AdminConfigManagerImpl.init(AdminConfigManagerImpl.java:58) [AdminConfigManagerImpl.class:?]
at com.arcot.admin.framework.config.AdminConfigManagerImpl.(AdminConfigManagerImpl.java:49) [AdminConfigManagerImpl.class:?]
at com.arcot.admin.framework.config.AdminConfigMgmt.getConfigurationManager(AdminConfigMgmt.java:13) [AdminConfigMgmt.class:?]
at com.arcot.admin.framework.init.PrintUtil.printAdminConfiguration(PrintUtil.java:60) [PrintUtil.class:?]
at com.arcot.admin.framework.init.AdminInitManager.initApplication(AdminInitManager.java:167) [AdminInitManager.class:?]
at com.arcot.admin.framework.web.init.ArcotAdminInitServlet.init(ArcotAdminInitServlet.java:38) [ArcotAdminInitServlet.class:?]
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1269) [catalina.jar:7.0.76]
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182) [catalina.jar:7.0.76]
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072) [catalina.jar:7.0.76]
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368) [catalina.jar:7.0.76]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660) [catalina.jar:7.0.76]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) [catalina.jar:7.0.76]
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) [catalina.jar:7.0.76]
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875) [catalina.jar:7.0.76]
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) [catalina.jar:7.0.76]
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1092) [catalina.jar:7.0.76]
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1984) [catalina.jar:7.0.76]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_242]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_242]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_242]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_242]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_242]
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host iam2w19.iam.lab, port 1433 has failed. Error: "Permission denied (connect failed). Verify the connection properties, check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port, and that no firewall is blocking TCP connections to the port.".
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:170) ~[sqljdbc4-2.0.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1049) ~[sqljdbc4-2.0.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:833) ~[sqljdbc4-2.0.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:716) ~[sqljdbc4-2.0.jar:?]
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:841) ~[sqljdbc4-2.0.jar:?]
at org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38) ~[commons-dbcp-1.3.jar:1.3]
at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582) ~[commons-dbcp-1.3.jar:1.3]
at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1556) ~[commons-dbcp-1.3.jar:1.3]
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1545) ~[commons-dbcp-1.3.jar:1.3]
With a simple java class, using the same driver I can connect from centos to sqlserver 2016 on windows without any problem.
The problem appears localized on tomcat but the calalina.policy, with the default configuration, seems ok to me: in /usr/share/tomcat/lib all jars have all permissions. /usr/share/tomcat is CATALINA_HOME and in CATALINA_HOME/lib I copied sqljdbc4-2.0.jar.
Do you have any suggestions?
Thanks
Beppe
Ok, I found out where the problem was.
The problem was selinux enabled on my centos. Disabling selinux the tcp connection to sql server works fine.
Have been trying to run query neo4j database using python.
The code works for simplest of queries, but not for all. I dont get any exception, and the dont understand the root cause going by log files.
My code looks like this..
from neo4j.v1 import GraphDatabase, basic_auth
graph_url = "bolt://localhost:7687"
graph_username = "neo4j"
graph_password = "neo4j"
driver =GraphDatabase.driver(graph_url, auth=basic_auth(graph_username, graph_password))
session = driver.session()
query_simple="Create (enitity:n{name : 'john doe'})"
session.run(query_simple)
query = "LOAD CSV WITH HEADERS FROM 'http://data.neo4j.com/northwind/products.csv' AS row CREATE (n:Product) SET n = row n.unitPrice = toFloat(row.unitPrice), n.unitsInStock = toInt(row.unitsInStock), n.unitsOnOrder = toInt(row.unitsOnOrder), n.reorderLevel = toInt(row.reorderLevel), n.discontinued = (row.discontinued <> '0')"
session.run(query)
the simple query runs fine, but the other query doesnt run. Its a sample query which works on the neo4j gui on my local host
in the debug log files i am getting these two kind of error logs:
2016-07-06 22:14:27.062+0000 ERROR [o.n.b.v.t.BoltProtocolV1] Failed to write response to driver
java.lang.NullPointerException at
org.neo4j.bolt.v1.transport.ChunkedOutput.ensure(ChunkedOutput.java:156)
at
org.neo4j.bolt.v1.transport.ChunkedOutput.writeShort(ChunkedOutput.java:90)
at
org.neo4j.bolt.v1.packstream.PackStream$Packer.packStructHeader(PackStream.java:304)
at
org.neo4j.bolt.v1.messaging.PackStreamMessageFormatV1$Writer.handleFailureMessage(PackStreamMessageFormatV1.java:154)
at
org.neo4j.bolt.v1.messaging.msgprocess.MessageProcessingCallback.publishError(MessageProcessingCallback.java:48)
at
org.neo4j.bolt.v1.messaging.msgprocess.MessageProcessingCallback.completed(MessageProcessingCallback.java:98)
at
org.neo4j.bolt.v1.messaging.msgprocess.MessageProcessingCallback.completed(MessageProcessingCallback.java:31)
at
org.neo4j.bolt.v1.runtime.internal.SessionStateMachine.after(SessionStateMachine.java:823)
at
org.neo4j.bolt.v1.runtime.internal.SessionStateMachine.run(SessionStateMachine.java:655)
at
org.neo4j.bolt.v1.runtime.internal.concurrent.SessionWorkerFacade.lambda$run$3(SessionWorkerFacade.java:68)
at
org.neo4j.bolt.v1.runtime.internal.concurrent.SessionWorker.execute(SessionWorker.java:116)
at
org.neo4j.bolt.v1.runtime.internal.concurrent.SessionWorker.run(SessionWorker.java:77) at java.lang.Thread.run(Thread.java:745)
and
2016-07-06 20:52:20.588+0000 ERROR [o.n.b.t.SocketTransportHandler]
Fatal error occurred when handling a client connection: Connection
reset by peer Connection reset by peer java.io.IOException: Connection
reset by peer at sun.nio.ch.FileDispatcherImpl.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) at
sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) at
sun.nio.ch.IOUtil.read(IOUtil.java:192) at
sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) at
io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:311)
at
io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:881)
at
io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:242)
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119)
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) at
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111)
at java.lang.Thread.run(Thread.java:745)
I am using a community edition of neo4j on my system, python version 3.5
Thanks in advance :)
Have you noted the section below in the file conf/neo4j.conf?
# Determines if Cypher will allow using file URLs when loading data using
# `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV`
# clauses that load data from the file system.
#dbms.security.allow_csv_import_from_file_urls=true
Yet (after uncommenting the line above and restarting neo4j) you may get another error related to what's explained at: https://neo4j.com/developer/kb/explanation-of-error-load-csv-error-of-couldnt-load-the-external-resource/
You could also try by downloading the csv file and save it into the import directory and then use:
LOAD CSV WITH HEADERS FROM 'file:///products.csv' AS row ...