java ORA-01017: 无效的用户名/密码;使用 wss4j 时登录被拒绝
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11420512/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ORA-01017: invalid username/password; logon denied when using wss4j
提问by jjathman
I have many tests which access our Oracle DB without a problem, however when I run these tests along with other tests in our codebase which use a keystore, the tests that interact with the DB are no longer able to connect. Here is the exception they get:
我有许多测试可以毫无问题地访问我们的 Oracle 数据库,但是当我将这些测试与代码库中使用密钥库的其他测试一起运行时,与数据库交互的测试不再能够连接。这是他们得到的例外:
Caused by: java.sql.SQLException: ORA-01017: invalid username/password; logon denied at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:388) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:381) at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:564) at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:431) at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:436) at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:186) at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:366) at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:752) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:359) at oracle.jdbc.driver.PhysicalConnection.(PhysicalConnection.java:531) at oracle.jdbc.driver.T4CConnection.(T4CConnection.java:221) at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:503) at org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:37) at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:290) at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:877) at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:851) ... 68 more
引起:java.sql.SQLException: ORA-01017: 无效的用户名/密码;在 oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:388) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java) 处登录被拒绝:381) at oracle.jdbc.driver.T4CTTTIfun.processError(T4CTTIfun.java:564) at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:431) at oracle.jdbc.driver.T4CTTTIfun.receive(T4CTTIoun.receive) java:436) 在 oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:186) 在 oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:366) 在 oracle.jdbc.driver.T4CTTIfun.java:186 .java:752) 在 oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:359) 在 oracle.jdbc。
Obviously the username and password are still correct. I'm having a really hard time figuring out what in our code is causing the connection to fail, and I don't really know how to debug what's happening when the Oracle driver tries to connect. I'm using the Oracle thin driver with Oracle 11g. We use Spring, Hibernate, and the Apache Commons DBCP. It seems like the driver is maybe trying to establish an SSL connection to the DB? I'm not sure though. I seem to remember a very similar issue with SQL Server when we were still using that, at the time I just ignored it. Right now we run the tests that interact with the keystore in a separate batch and JVM.
显然用户名和密码仍然正确。我很难弄清楚我们的代码中是什么导致了连接失败,而且我真的不知道如何调试 Oracle 驱动程序尝试连接时发生的情况。我在 Oracle 11g 中使用 Oracle 瘦驱动程序。我们使用 Spring、Hibernate 和 Apache Commons DBCP。驱动程序似乎正在尝试与数据库建立 SSL 连接?我不确定。当我们还在使用 SQL Server 时,我似乎记得一个与 SQL Server 非常相似的问题,当时我只是忽略了它。现在,我们在单独的批处理和 JVM 中运行与密钥库交互的测试。
Any help would be greatly appreciated.
任何帮助将不胜感激。
UPDATED
更新
I did a bunch more debugging and finally traced this down to our use of the wss4j library (version 1.5.9) via Spring-WS. Eventually the WSSConfig class gets to a set of code that does this:
我做了更多的调试,最后将其追溯到我们通过 Spring-WS 使用 wss4j 库(版本 1.5.9)。最终,WSSConfig 类获得了一组执行此操作的代码:
int ret = 0;
for (int i = 0; i < provs.length; i++) {
if ("SUN".equals(provs[i].getName())
|| "IBMJCE".equals(provs[i].getName())) {
ret =
java.security.Security.insertProviderAt(
(java.security.Provider) c.newInstance(), i + 2
);
break;
}
}
Immediately after this code my connections to Oracle stop working. It looks like when the insertProviderAt method is called using a bouncy castle provider my Oracle connection starts failing. Any ideas?
在此代码之后,我与 Oracle 的连接立即停止工作。看起来当使用充气城堡提供程序调用 insertProviderAt 方法时,我的 Oracle 连接开始失败。有任何想法吗?
Minimal Test Case
最少的测试用例
The first connection attempt succeeds, but the second attempt fails.
第一次连接尝试成功,但第二次尝试失败。
Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@server/servicename", "username", "password");
conn.prepareStatement("select * from dual").getResultSet();
conn.close();
org.apache.ws.security.WSSConfig.getDefaultWSConfig();
conn = DriverManager.getConnection("jdbc:oracle:thin:server/servicename", "username", "password");
conn.prepareStatement("select * from dual").getResultSet();
conn.close();
WSSConfig Initialize Method
WSSConfig 初始化方法
private synchronized void
staticInit() {
if (!staticallyInitialized) {
org.apache.xml.security.Init.init();
if (addJceProviders) {
/*
* The last provider added has precedence, that is if JuiCE can be added
* then WSS4J uses this provider.
*/
addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");
addJceProvider("JuiCE", "org.apache.security.juice.provider.JuiCEProviderOpenSSL");
}
Transform.init();
try {
Transform.register(
STRTransform.implementedTransformURI,
"org.apache.ws.security.transform.STRTransform"
);
} catch (Exception ex) {
if (log.isDebugEnabled()) {
log.debug(ex.getMessage(), ex);
}
}
staticallyInitialized = true;
}
}
回答by steve
The add sign in the second connection string is missing
缺少第二个连接字符串中的添加符号
回答by wuwen
1. Modify the file
1.修改文件
%JAVA_HOME%/jre/lib/security/java.security
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
Example:
例子:
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=sun.security.mscapi.SunMSCAPI
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
or 2.
或 2。
WSSConfig.setAddJceProviders(false);
回答by chandani
logon denied error can be shown if in oracle the parameter SEC_CASE_SENSITIVE_LOGONis set true. You can check it via SHOW PARAMETER SEC_CASE_SENSITIVE_LOGONand alter it through ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = FALSE;
如果在 oracleSEC_CASE_SENSITIVE_LOGON中设置了该参数,则可以显示登录被拒绝错误true。你可以通过检查它并通过SHOW PARAMETER SEC_CASE_SENSITIVE_LOGON改变它ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = FALSE;
Now the error should get resolved.
现在错误应该得到解决。
