Support for SQLNET encryption
2 years ago
Originally Published: 2018-10-11
Article Number
000041672
Applies To
RSA Product Set: RSA Identity Governance and Lifecycle
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.1.0
Platform:
Platform (Other): null
O/S Version: null
Product Name: RSA Identity Governance and Lifecycle
Product Description: null
Issue
Customers in some countries using a remote database may be legally required to encrypt the traffic between client and server.  This is enabled in Oracle by setting the parameter:
SQLNET.ENCRYPTION_SERVER = required
in the $ORACLE_HOME/network/admin/sqlnet.ora file on the database server

However, SQLNET encryption is not supported in RSA Identity Governance & Lifecycle 7.1.0 and the application may fail with the following stack trace seen in aveksaServer.log

08/27/2018 11:59:30.298 ERROR (ServerService Thread Pool -- 106) [org.hibernate.hql.spi.id.IdTableHelper] Unable to use JDBC Connection to create Statement
java.sql.SQLRecoverableException: Closed Connection
 at oracle.jdbc.driver.PhysicalConnection.needLine(PhysicalConnection.java:4220)
 at oracle.jdbc.driver.OracleStatement.closeOrCache(OracleStatement.java:1431)
 at oracle.jdbc.driver.OracleStatement.close(OracleStatement.java:1410)
 at oracle.jdbc.driver.OracleStatementWrapper.close(OracleStatementWrapper.java:102)
 at org.jboss.jca.adapters.jdbc.WrappedStatement.internalClose(WrappedStatement.java:1491)
 at org.jboss.jca.adapters.jdbc.WrappedStatement.close(WrappedStatement.java:178)
 at org.hibernate.hql.spi.id.IdTableHelper.executeIdTableCreationStatements(IdTableHelper.java:91)
 at org.hibernate.hql.spi.id.global.GlobalTemporaryTableBulkIdStrategy.finishPreparation(GlobalTemporaryTableBulkIdStrategy.java:125)
 at org.hibernate.hql.spi.id.global.GlobalTemporaryTableBulkIdStrategy.finishPreparation(GlobalTemporaryTableBulkIdStrategy.java:42)
 at org.hibernate.hql.spi.id.AbstractMultiTableBulkIdStrategyImpl.prepare(AbstractMultiTableBulkIdStrategyImpl.java:88)
 at org.hibernate.internal.SessionFactoryImpl.<init>(SessionFactoryImpl.java:455)
 at org.hibernate.boot.internal.SessionFactoryBuilderImpl.build(SessionFactoryBuilderImpl.java:444)
 at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:711)
 at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:727)
 at com.aveksa.server.db.persistence.PersistenceServiceProvider.initializeSessionFactory(PersistenceServiceProvider.java:334)
 at com.aveksa.server.db.persistence.PersistenceServiceProvider.initializeSessionFactory(PersistenceServiceProvider.java:312)
 at com.aveksa.server.db.PersistenceManager.getInstance(PersistenceManager.java:88)
 at com.aveksa.server.db.PersistenceManager.find(PersistenceManager.java:211)
 at com.aveksa.server.audit.AuditServiceProvider.loadEnabledEvents(AuditServiceProvider.java:264)
 at com.aveksa.server.audit.AuditServiceProvider.start(AuditServiceProvider.java:58)
 at com.aveksa.init.Startup.getAuditService(Startup.java:114)
 at com.aveksa.init.Startup.init(Startup.java:57)
 at com.aveksa.gui.core.ACMFramework.init(ACMFramework.java:94)
 at com.aveksa.gui.core.ACMFramework.initInstance(ACMFramework.java:83)
 at com.aveksa.init.InitServlet.init(InitServlet.java:42)
 at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
 at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.handle(RunAsLifecycleInterceptor.java:65)
 at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:76)
 at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
 at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:250)
 at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:133)
 at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:546)
 at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:517)
 at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
 at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:559)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)
 at org.jboss.threads.JBossThread.run(JBossThread.java:320) 

 
Cause
This is because Identity Governance & Lifecycle 7.1.0 uses ojdbc7 which does not support an encrypted connection.
Resolution
To resolve this issue upgrade to Identity Governance & Lifecycle 7.1.1  It uses ojdbc8 which does support an encrypted connection.
Workaround
Don't use SQLNET encryption

In $ORACLE_HOME/network/admin/sqlnet.ora set the following parameter:

SQLNET.ENCRYPTION_SERVER = accepted

Related Articles

Trending Articles

Don't see what you're looking for?