I'm interested in generating the Oracle network trace file using the Oracle JDBC thin client. In particular, I'm interested in the details of the network encryption negotiation and validating the specific algorithm being used for the connection.
From other Oracle clients, such as SQL*Plus, this is accomplished by updating the $ORACLE_HOME/network/admin/sqlnet.ora file with the following content:
DIAG_ADR_ENABLED=off
TRACE_DIRECTORY_CLIENT=/tmp
TRACE_FILE_CLIENT=nettrace
TRACE_LEVEL_CLIENT=16
This produces a trace file that contains all the details I'm interested, e.g.
(2017502720) [09-MAR-2017 13:43:25:133] na_tns: Authentication is not active
(2017502720) [09-MAR-2017 13:43:25:133] na_tns: Encryption is active, using AES256
(2017502720) [09-MAR-2017 13:43:25:133] na_tns: Crypto-checksumming is active, using SHA1
I'd like to accomplish the same thing from my Java application.
I've already enabled Oracle tracing in my app by doing the following:
including the ojdbc7_g.jar on the classpath
creating a logging.properties file with oracle.level = ALL
specifying the following system properties: -Doracle.jdbc.Trace=true -Djava.util.logging.config.file=/path/to/logging.properties
This provides detailed Oracle jdbc logging, including some oracle.net log messages, but does not contain the same detailed content as the tracing configured in sqlnet.ora (specifically, for example, I can't see which encryption algorithm is being used).
How can I get this detailed net tracing from my Oracle JDBC application? Are there any corresponding thin client connection properties that can be provided to my OracleDataSource (I didn't notice any related oracle.jdbc.OracleConnection constants, which is where I set some other properties that are typically specified in sqlnet.ora)?
It is an old whitepaper, but maybe it is still possible to enable it for the thin client like this:
https://www.oracle.com/technetwork/database/enterprise-edition/11-2.pdf
[..]
Not all issues can be resolved by looking at the JDBC logging messages. For some it is helpful tolook at the network packets the driver exchanges with the server. The OCI C library has anetwork trace mode that provides this information. This is well documented and can be found in the OCI documentation. The Thin driver does not use the OCI C library so that does not help when you are using the Thin driver. Beginning with Oracle Database Release 11.2, the OracleJDBC Thin driver include a network trace capability. Like all other JDBC logging, it uses java.util.logging.In order to generate network level trace information add the following line to your config file:oracle.net.ns.level = FINEST
[..]
Related
I try to access DB server by Oracle SQL Developer then I found following display below.
I try to fixed on other posts already but it didn't work.
There are two ways to fix this:
don't make a connection request that is trying to pull in the OCI library - in other words, stay with JDBC THIN
configure SQL Developer such that your Oracle Client can be loaded for a THICK (OCI) connection
Option 1:
In your connection properties, if you're using TNS, use a Network Alias, NOT a Connect Identifier.
Otherwise, as long as you do not have 'Use OCI' enabled in your advanced connection properties or Advanced Database Preferences, you should have a THIN connection.
Option 2:
Go into the preferences and correctly configure the Oracle Client section of the Advanced Database page.
I talk about this in more detail here.
I have been using Oracle cloud PAAS linux server for my DB machine (Oracle 11g) and having linux application server where i can run all my Java applications.
Assume i have spring based web application which can connect cloud DB machine. I have tried to access the schema in Toad for oracle, it is working as expected but when i try to hit the DB for retrieving the data from application it gives below error.
java.sql.SQLException: Io exception: Oracle Error ORA-12650
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:146)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:255)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:387)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:420)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:165)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:35)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:801)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:154)
at GetConnection.main(GetConnection.java:35)
I have also tried to extend the service access from SID to service name in DB machine. Still give same error. Same code works fine in another cloud machine, which was set by us. But this cloud machine was done by oracle team and most of the things are by default.
Please share your suggestion to fix this issue.
This issue is because of Oracle DB machine encryption ENCRYPTION_SERVER settings. As i understood which is default and set it to enabled, when we set it to disabled or comment the line then application will work as expected. Below is the file name for reference,
Filename : sqlnet.ora (We have to disable ENCRYPTION_SERVER settings)
File Location : ../oracle/product/11.2.0/dbhome_1/network/admin
Hope this helps some one.!
It did not help me at all. Actually I followed your solution and I ended up having another error more critical and serious than the one trying to solve.
Let me explain. First of all the value "disabled" that you mentioned is not even an accepted value for this parameter. According to Oracle (Oracle Docs) these are the accepted values that anyone can use:
SQLNET.ENCRYPTION_SERVER
Purpose
To turn encryption on for the database server.
Default
accepted
Values
accepted: to enable the security service if required or requested by the other side.
rejected: to disable the security service, even if the required by the other side.
requested: to enable the security service if the other side allows it.
required: to enable the security service and disallow the connection if the other side is not enabled for the security service.
Example
SQLNET.ENCRYPTION_SERVER=accepted
In my case being a 12c Oracle Cloud database the default was set to "required" giving me the error "Io exception: Oracle Error ORA-12650" when trying to start my application.
Setting the parameter to "accepted" solved the issue and managed to start my application.
In case you still get the error you can also set the following parameter to accepted:
SQLNET.CRYPTO_CHECKSUM_SERVER = accepted
if you see that in your sqlnet.ora the value is set to "required".
Please have in mind that my application as well as my OCI setup are for testing purposes only and they are not intended to be used in production environment. Setting the value of SQLNET.ENCRYPTION_SERVER and SQLNET.CRYPTO_CHECKSUM_SERVER to "accepted" will significantly lower your Database's security making it vulnerable to any attacks from any application that has access to it. The best case scenario is to modify your application to use the ENCRYPTION as "required".
Downgrading the OJDBC jar to version7 also works - Replace higher version(ojdbc14.jar was the culprit in my case) with ojdbc7.jar in your dependency files
I cannot connect to Microsoft SQL Server v. 2008 in Websphere IIB (formerly, Message Broker) with a JDBC provider.
I've created the provider according to the IBM documentation - Setting up a JDBC provider for type 4 connections and specified a valid security identity.
I've also tried using the latest versions of sqljdbc4.jar and sqljdbc41.jar from Microsoft.
I'm trying to get the connection using:
Connection conn = getJDBCType4Connection(THE_NAME_OF_THE_PROVIDER,JDBC_TransactionType.MB_TRANSACTION_AUTO)
I get the following error trace:
Exception details: message: java.lang.ExceptionInInitializerError stack trace: [java.lang.J9VMInternals.initialize(J9VMInternals.java:259)
javax.crypto.KeyAgreement.getInstance(Unknown Source)
com.ibm.jsse2.lb.g(lb.java:44)
com.ibm.jsse2.lb.a(lb.java:108)
com.ibm.jsse2.l$c_.a(l$c_.java:6)
com.ibm.jsse2.l.a(l.java:80)
com.ibm.jsse2.m.a(m.java:15)
com.ibm.jsse2.m.h(m.java:13)
com.ibm.jsse2.qc.a(qc.java:38)
com.ibm.jsse2.qc.<init>(qc.java:632)
com.ibm.jsse2.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:16)
com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1606)
com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1324)
com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:992)
com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:828)
com.microsoft.sqlserver.jdbc.SQLServerDataSource.getConnectionInternal(SQLServerDataSource.java:629)
com.microsoft.sqlserver.jdbc.SQLServerPooledConnection.createNewConnection(SQLServerPooledConnection.java:60)
com.microsoft.sqlserver.jdbc.SQLServerPooledConnection.<init>(SQLServerPooledConnection.java:42)
com.microsoft.sqlserver.jdbc.SQLServerXAConnection.<init>(SQLServerXAConnection.java:30)
com.microsoft.sqlserver.jdbc.SQLServerXADataSource.getXAConnection(SQLServerXADataSource.java:51)
com.ibm.broker.jdbctype4.jdbcdbasemgr.JDBCType4Connection.createXAConnection(JDBCType4Connection.java:244)
com.ibm.broker.jdbctype4.jdbcdbasemgr.JDBCType4DatabaseManager.getThreadOwnedConnections(JDBCType4DatabaseManager.java:308)
com.ibm.broker.jdbctype4.localtrxn.JDBCType4SinglePhaseTrxnHandler.getConnection(JDBCType4SinglePhaseTrxnHandler.java:262)
com.ibm.broker.jdbctype4.localtrxn.JDBCType4SinglePhaseTrxnHandler.getConnection(JDBCType4SinglePhaseTrxnHandler.java:154)
com.ibm.broker.jdbctype4.connfact.JDBCType4ConnectionFactory.getConnection(JDBCType4ConnectionFactory.java:163)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:94)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
java.lang.reflect.Method.invoke(Method.java:619)
com.ibm.broker.plugin.MbNode.getJDBCType4Connection(MbNode.java:1575)
ru.cinimex.fr2back.FR2BACK_DB_InsertMessage_JavaCompute.fillInCache(FR2BACK_DB_InsertMessage_JavaCompute.java:115)
ru.cinimex.fr2back.FR2BACK_DB_InsertMessage_JavaCompute.createCache(FR2BACK_DB_InsertMessage_JavaCompute.java:102)
ru.cinimex.fr2back.FR2BACK_DB_InsertMessage_JavaCompute.evaluate(FR2BACK_DB_InsertMessage_JavaCompute.java:38)
com.ibm.broker.javacompute.MbRuntimeJavaComputeNode.evaluate(MbRuntimeJavaComputeNode.java:339)
com.ibm.broker.plugin.MbNode.evaluate(MbNode.java:1491)
I think the SQL server driver is trying to use SSL which comes into a conflict with IBM's Java. Is there a way to prevent it from using SSL at all?
When I'm doing the same thing with an Oracle database, everything works well.
It's a requirement to use JDBC and not IIB's native ODBC drivers.
If you want to disable the Microsoft JDBC Driver's use of SSL, it should be possible to do so by setting the "encrypt" data source property to a value of false.
https://msdn.microsoft.com/en-us/library/bb879920%28v=sql.110%29.aspx
The above would apply if you were programmatically creating & configuring the data source. In the case where there is intermediate code handling that, it's likely there would be somewhere to specify name/value pairs of data source properties, for example, in data source configuration or on an API that you are using. Is there anywhere that you have the opportunity to do that? If this were a WebSphere Application Server data source, it would either be in data source custom properties (traditional) or properties.microsoft.sqlserver element nested under dataSource in server.xml (Liberty).
Using jtds 1.2.5 I have this error when I stablish a connection: "No message resource found for message property prop.sokeepalive"
At first, I was using 1.2.2 version but I have this error message. "Error getting jdbc connection: The USE database statement failed because the database collation Serbian_Latin_100_CI_AS is not recognized by older client drivers. Try upgrading the client operating system or applying a service update to the database client software, or use a different collation. See SQL Server Books Online for more information on changing collations."
As solution, I tried to use 1.2.5 version getting the error mentioned at the beggining.
I was looking for hints in jtds documentation, but I can not resolve the problem.
any ideas?
Thanks in advance.
Try running client JVM with -Duser.language=en -Duser.region=US -Duser.country=US options.
This would switch to everywhere-supported US locale.
Maybe this easy solution would be acceptable in your case.
At least, this would reveal if the problem is in lack of i18n messages resource bundle for current locale in jtds package, as I guess.
Update
Try to just copy jtds.jar/net/sourceforge/jtds/jdbc/Messages.properties and add it to classpath or right inside jtds.jar as net/sourceforge/jtds/jdbc/Messages_sr_RS.properties.
Some explaining links:
Message bundle choosing process
net.sourceforge.jtds.jdbc.Messages source
http://www.localeplanet.com/java/sr-RS/
Update 2
Message bundle choosing process should switch to default provided resource anyway.
My second guess is that Messages.properties of jtds package gets eclipsed by some unrelated file with the same name.
Check your classpath.
You should be able to debug net.sourceforge.jtds.jdbc.Messages in order to find what's happening on for sure.
I have tried other jtds versions. from 1.2.2 yo 1.3.1 (recompiled to java 1.6) and all of them has the same error.
"Error getting jdbc connection: The USE database statement failed because the database collation Serbian_Latin_100_CI_AS is not recognized by older client drivers. Try upgrading the client operating system or applying a service update to the database client software, or use a different collation. See SQL Server Books Online for more information on changing collations."
Perhaps jdts does not support this collation.
I'm curious about something... is it possible for an Oracle 11 instance to be configured so that it does not return any ORA-?????? error messages?
I've issued many invalid queries where I've misspelled column names, table names... things where I would expect an ORA error message.
Say for security purposes say if a stray java stack trace got exposed to a browser could you force oracle to always show the same bogus error message in the stack trace?
I always get this one:java.sql.SQLException: IO Error: Size Data Unit (SDU) mismatch
I've googled that error up and down, and I do not have any connection or database configuration issues at all! I get it on a per-query basis.
Not a direct solution but I was having the same problem with the SDU mismatch masking the real error. I found a link (http://www.rajivnarula.com/blog/2013/03/13/table-not-found-or-error-not-found/) that gave an indirect way to expose the error:
I tried swapping the JDBC driver with the older ojdbc14.jar and voila
! The real error was exposed : Good old
ORA-00942 (table or view does not exist)
Once I put the table in- everything works fine- with ojdbc14.jar as
well ojdbc6.jar
Obviously a pain but useful until someone posts a way to get the underlying error with the newer driver...
Basically your setup is not correct. Either on the client or on the server or on both the sdu size has been set and they do not match between client and server. The sdu size can be set on the client in
the sqlnet.ora file or
in the connect descriptor
On the server it can be set with
in the sqlnet.ora file
the dispatchers init.ora parameter
or the listener.ora file.
If you are still not convinced, trace the tns traffic to verify this. Client side tracing can be enabled by adding the following settings to the sqlnet.ora file:
trace_level_client = 10
trace_unique_client = on
trace_file_client = sqlnet.trc
trace_directory_client = <path_to_trace_dir>
Server side settings can be enabled with the following settings:
trace_level_server = 10
trace_file_server = server.trc
trace_directory_server = <path_to_trace_dir>
If level 10 is not sufficient, set the level to 16. This will create a trace file that you can analyze.
You can try to upgrade the Oracle 11g JDBC driver to a version greater than 11.2.0.3.0, as described here
There is another chance whether the table in the query exists in the database or not. Check for table name in the query or try whether you are trying for Oracle Database using mysql driver