如何在 IBM WebSphere 8.5.5 中使用 Oracle Wallet 配置数据源?

如何在 IBM WebSphere 8.5.5 中使用 Oracle Wallet 配置数据源?

我有一台全新安装了 WebSphere Application Server 8.5.5 的服务器,并且正在尝试通过使用 JDBC 和 Oracle Wallet for SSL 的连接配置数据源。

WebSphere 中的错误消息是“无法验证 MAC”。我已确认我配置数据源使用的密码是 Oracle Wallet 密钥库 ewallet.p12 的正确密码,因此我认为还有另一个问题。

我的出发点是https://www.ibm.com/developerworks/community/blogs/aimsupport/entry/websphere_application_server_and_oracle_ssl_oracle_wallet?lang=en。这就是我想到我正在使用的以下配置设置的地方。我还尝试了以下说明http://bpm4everyone.blogspot.co.uk/2013/02/oracle-ssl-with-was.html但也无法让它工作,所以放弃了。我是 WebSphere 和 Oracle Wallet 的新手,因此无法确定后者是否已被弃用。

我正在为单元中的另一个节点在部署管理器上配置数据源。数据源的范围是另一个节点,即包含将使用数据源的应用程序的节点。JDBC 提供程序的类路径包括 ojdbc6.jar 和 oraclepki.jar。

数据源配置为用作com.ibm.websphere.rsadapter.Oracle11gDataStoreHelper“数据存储帮助程序类名”。我设置了一个 J2C 身份验证别名,它由“组件管理的身份验证别名”使用。数据源的 URL 是jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=10.240.227.131)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=devdb))(SECURITY=(SSL_SERVER_CERT_DN='cn=devdbuser'))))。按照指示,我为数据源创建了一个自定义属性,称为“connectionProperties”,其值为oracle.net.ssl_version=3.0;javax.net.ssl.trustStore=/opt/oracle/wallet/client.wallet/ewallet.p12;javax.net.ssl.trustStoreType=PKCS12;java.net.ssl.trustStorePassword=password

在部署管理器控制台中,当我单击数据源的“测试连接”时,我得到了...

The test connection operation failed for data source vammisdevwas01-vadev on server nodeagent at node vammisdevwas01Node01 with the following exception: java.sql.SQLException: IO Error: The Network Adapter could not establish the connection DSRA0010E: SQL State = 08006, Error Code = 17,002. View JVM logs for further details.

当我查看 JVM 日志时,我看到...

[11/2/15 10:01:05:981 GMT-05:00] 0000007e DataSourceCon E   DSRA8040I: Failed to connect to the DataSource.  Encountered "": java.sql.SQLException: IO Error: The Network Adapter could not establish the connection DSRA0010E: SQL State = 08006, Error Code = 17,002
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:743)
    at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:662)
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:560)
    at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:311)
    at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:235)
    at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:164)
    at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:102)
    at com.ibm.ws.rsadapter.DSConfigHelper$1.run(DSConfigHelper.java:1266)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5384)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5600)
    at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)
    at com.ibm.ws.rsadapter.spi.ServerFunction$6.run(ServerFunction.java:567)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1281)
    at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1189)
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:2071)
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:1947)
    at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionForGUI(DSConfigurationHelper.java:2814)
    at sun.reflect.GeneratedMethodAccessor49.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource2(DataSourceConfigHelperMBean.java:556)
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnection(DataSourceConfigHelperMBean.java:484)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:69)
    at sun.reflect.GeneratedMethodAccessor17.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:272)
    at javax.management.modelmbean.RequiredModelMBean$4.run(RequiredModelMBean.java:1152)
    at java.security.AccessController.doPrivileged(AccessController.java:298)
    at com.ibm.oti.security.CheckedAccessControlContext.securityCheck(CheckedAccessControlContext.java:30)
    at sun.misc.JavaSecurityAccessWrapper.doIntersectionPrivilege(JavaSecurityAccessWrapper.java:41)
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1146)
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:999)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:847)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:783)
    at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1335)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1228)
    at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181)
    at sun.reflect.GeneratedMethodAccessor38.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPConnector.java:488)
    at com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPConnector.java:324)
    at com.ibm.ws.management.connector.soap.SOAPConnection.handleRequest(SOAPConnection.java:65)
    at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:733)
    at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:522)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1864)
Caused by: java.lang.Exception: The Network Adapter could not establish the connection
    at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:470)
    at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:506)
    at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:595)
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:230)
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
    ... 53 more
Caused by: java.lang.Exception: Unable to initialize ssl context.
    at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:325)
    at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:117)
    at oracle.net.nt.ConnOption.connect(ConnOption.java:159)
    at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:428)
    ... 58 more
Caused by: java.lang.Exception: Unable to initialize the trust store.
    at oracle.net.nt.CustomSSLSocketFactory.getTrustManagerArray(CustomSSLSocketFactory.java:413)
    at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:309)
    ... 61 more
Caused by: java.io.IOException: Unable to verify MAC.
    at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source)
    at java.security.KeyStore.load(KeyStore.java:415)
    at oracle.net.nt.CustomSSLSocketFactory.getTrustManagerArray(CustomSSLSocketFactory.java:404)
    ... 62 more

更新

我重新开始并尝试了这种方法(http://bpm4everyone.blogspot.co.uk/2013/02/oracle-ssl-with-was.html)。我似乎已经取得了一些进展。现在我收到 SSL 握手错误:

[11/2/15 13:14:32:856 GMT-05:00] 0000007e DataSourceCon E   DSRA8040I: Failed to connect to the DataSource.  Encountered "": java.sql.SQLRecoverableException: IO Error: Received fatal alert: handshake_failure DSRA0010E: SQL State = 08006, Error Code = 17,002
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:752)
    at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:662)
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:560)
    at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:311)
    at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:235)
    at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:164)
    at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:102)
    at com.ibm.ws.rsadapter.DSConfigHelper$1.run(DSConfigHelper.java:1266)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5384)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5600)
    at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)
    at com.ibm.ws.rsadapter.spi.ServerFunction$6.run(ServerFunction.java:567)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1281)
    at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1189)
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:2071)
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:1947)
    at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionForGUI(DSConfigurationHelper.java:2814)
    at sun.reflect.GeneratedMethodAccessor49.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource2(DataSourceConfigHelperMBean.java:556)
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnection(DataSourceConfigHelperMBean.java:484)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:69)
    at sun.reflect.GeneratedMethodAccessor17.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:272)
    at javax.management.modelmbean.RequiredModelMBean$4.run(RequiredModelMBean.java:1152)
    at java.security.AccessController.doPrivileged(AccessController.java:298)
    at com.ibm.oti.security.CheckedAccessControlContext.securityCheck(CheckedAccessControlContext.java:30)
    at sun.misc.JavaSecurityAccessWrapper.doIntersectionPrivilege(JavaSecurityAccessWrapper.java:41)
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1146)
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:999)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:847)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:783)
    at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1335)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1228)
    at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181)
    at sun.reflect.GeneratedMethodAccessor38.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPConnector.java:488)
    at com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPConnector.java:324)
    at com.ibm.ws.management.connector.soap.SOAPConnection.handleRequest(SOAPConnection.java:65)
    at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:733)
    at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:522)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1864)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.ibm.jsse2.o.a(o.java:30)
    at com.ibm.jsse2.o.a(o.java:23)
    at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:356)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:58)
    at com.ibm.jsse2.SSLSocketImpl.d(SSLSocketImpl.java:762)
    at com.ibm.jsse2.l.flush(l.java:13)
    at com.ibm.jsse2.kb.a(kb.java:223)
    at com.ibm.jsse2.lb.b(lb.java:15)
    at com.ibm.jsse2.lb.a(lb.java:306)
    at com.ibm.jsse2.lb.a(lb.java:156)
    at com.ibm.jsse2.kb.s(kb.java:659)
    at com.ibm.jsse2.kb.a(kb.java:393)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:850)
    at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:63)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:200)
    at com.ibm.jsse2.k.write(k.java:11)
    at oracle.net.ns.Packet.send(Packet.java:419)
    at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
    at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:157)
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:264)
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
    ... 53 more

我尝试了这些文章中所述的不同 SSL 版本和密码组合,既在数据源的“connectionProperties”属性中,也在 Oracle 客户端的 sqlnet.ora 文件中。但我仍然收到相同的握手错误。

答案1

添加javax.net.ssl.keyStore=/opt/oracle/wallet/client.wallet/ewallet.p12;javax.net.ssl.keyStoreType=PKCS12;java.net.ssl.keyStorePassword=password。

相关内容