We Keep Coding

ORA-12519 TNS: No appropriate service handler found in JBoss 7.2

I'm migrating some projects from JBoss 6.4 to JBoss 7.2, these projects needs different datasources to configurate DB connections. I added the datasources to the JBoss server config file (standalone.xml):
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<datasource jndi-name="java:/jdbc/SCL" pool-name="SCL" enabled="true">
<connection-url>jdbc:oracle:thin:#someIP:somePort:RCBDDES</connection-url>
<driver>oracle</driver>
<pool>
<min-pool-size>1</min-pool-size>
<max-pool-size>5</max-pool-size>
<prefill>true</prefill>
</pool>
<security>
<user-name>user</user-name>
<password>pass</password>
</security>
</datasource>
<datasource jta="true" jndi-name="java:/jdbc/Oracle" pool-name="jdbc/dsOracle" enabled="true" use-ccm="true" statistics-enabled="false">
<connection-url>jdbc:oracle:thin:#someIP:somePort:RCBDDES</connection-url>
<driver-class>oracle.jdbc.OracleDriver</driver-class>
<driver>oracle</driver>
<pool>
<min-pool-size>25</min-pool-size>
<max-pool-size>35</max-pool-size>
<prefill>true</prefill>
</pool>
<security>
<user-name>user</user-name>
<password>pass</password>
</security>
<validation>
<check-valid-connection-sql>SELECT 1 FROM DUAL</check-valid-connection-sql>
<validate-on-match>false</validate-on-match>
<background-validation>true</background-validation>
<exception-sorter class-name="org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter"/>
</validation>
<timeout>
<set-tx-query-timeout>false</set-tx-query-timeout>
<blocking-timeout-millis>6000</blocking-timeout-millis>
<idle-timeout-minutes>1</idle-timeout-minutes>
<query-timeout>60</query-timeout>
<use-try-lock>0</use-try-lock>
<allocation-retry>0</allocation-retry>
<allocation-retry-wait-millis>0</allocation-retry-wait-millis>
</timeout>
<statement>
<track-statements>true</track-statements>
<prepared-statement-cache-size>100</prepared-statement-cache-size>
<share-prepared-statements>false</share-prepared-statements>
</statement>
</datasource>
<datasource jta="true" jndi-name="java:/jdbc/dsSQLServer" pool-name="jdbc/dsSQLServer" enabled="true" use-ccm="true">
<connection-url>jdbc:sqlserver://someIP:somePort;DatabaseName=name</connection-url>
<driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
<driver>sqlserver</driver>
<pool>
<min-pool-size>25</min-pool-size>
<max-pool-size>35</max-pool-size>
</pool>
<security>
<user-name>user</user-name>
<password>pass</password>
</security>
<timeout>
<idle-timeout-minutes>1</idle-timeout-minutes>
</timeout>
<statement>
<track-statements>true</track-statements>
<prepared-statement-cache-size>100</prepared-statement-cache-size>
<share-prepared-statements>false</share-prepared-statements>
</statement>
</datasource>
<datasource jta="true" jndi-name="java:/jdbc/dsSQLServerHH" pool-name="jdbc/dsSQLServerHH" enabled="true" use-ccm="true">
<connection-url>jdbc:sqlserver://someIP:somePort;DatabaseName=name</connection-url>
<driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
<driver>sqlserver</driver>
<pool>
<min-pool-size>25</min-pool-size>
<max-pool-size>35</max-pool-size>
</pool>
<security>
<user-name>user</user-name>
<password>pass</password>
</security>
<timeout>
<idle-timeout-minutes>1</idle-timeout-minutes>
</timeout>
<statement>
<track-statements>true</track-statements>
<prepared-statement-cache-size>100</prepared-statement-cache-size>
<share-prepared-statements>false</share-prepared-statements>
</statement>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
<driver name="oracle" module="oracle.jdbc">
<driver-class>oracle.jdbc.OracleDriver</driver-class>
</driver>
<driver name="sqlserver" module="com.microsoft">
<driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
</driver>
</drivers>
</datasources>
The server starts without problems and I can execute store procedures used in the project, but I'm receiving constantly the following warning in the server console [ORA-12519] (even without making a request, only starting the server):
[#2020-05-21 17:25:12,983 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (JCA PoolFiller) IJ000610: Unable to fill pool: java:/jdbc/Oracle: javax.resource.ResourceException: IJ031084: Unable to create connection
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:345)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:352)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:287)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1326) [ironjacamar-core-impl-1.4.11.Final-redhat-00001.jar:1.4.11.Final-redhat-00001]
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.fillTo(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1138) [ironjacamar-core-impl-1.4.11.Final-redhat-00001.jar:1.4.11.Final-redhat-00001]
at org.jboss.jca.core.connectionmanager.pool.mcp.PoolFiller.run(PoolFiller.java:97) [ironjacamar-core-impl-1.4.11.Final-redhat-00001.jar:1.4.11.Final-redhat-00001]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_191]
Caused by: java.sql.SQLException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:419)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:536)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:228)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:321)
... 6 more
Caused by: oracle.net.ns.NetException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:386)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1054)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:308)
... 11 more
#]
Can someone give me and advice?

It is obviously caused by the fact that the listener was not accepting connections, Could you connect your database through sqlplus? Also, you can navigate through the Jboss admin console/localhost:9990 by default/ and click test connection button to check your configuration. Maybe your database client version and DB version are not compatible. You may have connection leak that means there is no room for your pool size of respective datasource or at the database. And check out this link http://www.dba-oracle.com/sf_ora_12519_tns_no_appropriate_service_handler_found.htm

WildFly Postgres DataSource remote connection-url ignored

I am running into some configuration troubles in setting up a Keycloak server in standalone clustered mode. Despite configuring the datasource to use a postgres database on {REMOTE_IP}, it is failing to start the server complaining that it cannot connect to localhost:5432.
I've been searching all over but I'm befuddled why the DataSource would try to connect to localhost when the connection-url is set to a remote host.
Is there any mistake in my configuration? How can I figure out why PG is trying to connect to localhost instead of {REMOTE_IP}
My setup is 1 Postgres database server and 2 Keycloak servers
I followed the installation instructions for using a relational database and have added the JDBC drivers v9.4.1212 for Postgres.
My DataSource configuration is as follows:
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:postgresql://{REMOTE_IP}:5432/keycloak</connection-url>
<driver>postgresql</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<user-name>keycloak</user-name>
<password>{PASSWORD}</password>
</security>
</datasource>
The error message from the logs reads:
...
Caused by: org.postgresql.util.PSQLException: Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:262)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
at org.postgresql.Driver.makeConnection(Driver.java:404)
at org.postgresql.Driver.connect(Driver.java:272)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:247)
at org.postgresql.ds.common.BaseDataSource.getConnection(BaseDataSource.java:86)
at org.postgresql.ds.PGPoolingDataSource.getConnection(PGPoolingDataSource.java:309)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:312)
... 43 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at org.postgresql.core.PGStream.<init>(PGStream.java:61)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:144)
... 52 more
I've verified that I can connect to postgres using psql
# psql -h {REMOTE_IP} keycloak keycloak
psql (9.5.7)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384,
bits: 256, compression: off)
Type "help" for help.
keycloak=>

I managed to figure this out for my case. The JDBC driver for postgres was configured to use a PGPoolingDataSource and had a datasource-class defined.
<driver name="postgresql" module="org.postgresql">
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
<datasource-class>org.postgresql.ds.PGPoolingDataSource</datasource-class>
</driver>
When the datasource-class is defined, the connection url must be passed through a connection-property instead of connection-url. I updated my configuration and the server booted up fine.
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:postgresql://{REMOTE_IP}:5432/keycloak</connection-url>
<connection-property name="url">jdbc:postgresql://{REMOTE_IP}:5432/keycloak</connection-property>
<driver>postgresql</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<driver-class>org.postgresql.Driver</driver-class>
<security>
<user-name>keycloak</user-name>
<password>{PASSWORD}</password>
</security>
</datasource>
This issue is noted in the wildfly issue tracker
https://issues.jboss.org/browse/WFLY-6157

a) Below is the snapshot of standalone.xml of wildfly 18.0.1.Final :
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<datasource jndi-name="java:jboss/jdbc/myapp-ds" pool-name="myapp-ds" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:postgresql://mydatabase.mycompany.com:5445/customerdb</connection-url>
<connection-property name="url">
jdbc:postgresql://mydatabase.mycompany.com:5445/customerdb
</connection-property>
<driver>postgresql</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<user-name>postgres</user-name>
<password>password123$</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
<driver name="postgresql" module="org.postgresql">
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
<datasource-class>org.postgresql.ds.PGPoolingDataSource</datasource-class>
</driver>
</drivers>
</datasources>
b) Also make sure that following files are added in the path wildfly-18.0.1.Final\modules\org\postgresql\main (create if the folder does not exist):
module.xml:
postgresql-42.2.22.jar (download the jar file from internet)
Module.xml:
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.0" name="org.postgresql">
<resources>
<resource-root path="postgresql-42.2.22.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
</module>

Wildfly Login With Username And Role

For an integration test EAR I need my Wildfly to be able to log in different users with a specific role.
org.jboss.security.auth.spi.SimpleServerLoginModule doesn't allow me to specify a role
org.jboss.security.auth.spi.IdentityLoginModule doesn't allow different users
So evidently I need to use something different. I tried to use a temporary database like this:
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName" value="java:/AcmeDS" />
<module-option name="principalsQuery" value="SELECT ?" />
<module-option name="rolesQuery" value="SELECT 'my_role', 'Roles'" />
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
...aaand:
<datasources>
<datasource jndi-name="java:/AcmeDS" pool-name="AcmeDS" enabled="true">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>
<driver>h2</driver>
<pool>
<min-pool-size>10</min-pool-size>
<max-pool-size>20</max-pool-size>
<prefill>true</prefill>
</pool>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
As suggested in the JBoss tutorial. Still I get the following exception for the clients:
java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms
at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)
at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:77)
at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)
at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:155)
at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:115)
5 minutes later I got (I'm not aware of any changes): all available authentication mechanisms failed
(It worked right until the point where I needed a role, so I guess the setup for the client side is okay.)
What did I do I wrong? How can I get the Wildfly to at least show exceptions or something so I can debug the problem? Is there a better way to get the Wilfly to acknowledge different users with a specific role?

Have a look at the Java Security Quickstart Archetype. It has Java EE Security worked out, at least at the level I think you are trying to do.
In short, you need to have a security-domain, more like so:
<security-domain name="jboss-security-quickstart" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/ExampleDS"/>
<module-option name="principalsQuery" value="SELECT PASSWORD FROM USER WHERE EMAIL=?"/>
<module-option name="rolesQuery" value="SELECT R.ROLE, 'Roles' FROM ROLE R INNER JOIN USER_ROLE UR ON UR.ROLES_ID = R.ID INNER JOIN USER U ON U.ID = UR.USER_ID WHERE U.EMAIL=?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="hashCharset" value="utf-8"/>
</login-module>
</authentication>
</security-domain>
You need to have a jboss-web.xml in your WEB-INF directory that points to it:
<!DOCTYPE jboss-web>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.org/schema/jbossas
http://www.jboss.org/schema/jbossas/jboss-web_7_2.xsd">
<!-- Configure usage of the security domain "javaee-security-quickstart" -->
<security-domain>javaee-security-quickstart</security-domain>
<disable-audit>true</disable-audit>
</jboss-web>
And a web.xml that uses it:
<security-constraint>
<web-resource-collection>
<web-resource-name>User Views</web-resource-name>
<url-pattern>/views/user/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/views/login.xhtml</form-login-page>
<form-error-page>/views/login.xhtml?Retry=True</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ADMIN</role-name>
</security-role>
<security-role>
<role-name>USER</role-name>
</security-role>
These are the basics, but it's a little easier to see it in action.

How to configure multiple datasources with the single security policy in wildfly

I have setup successfully two data sources using different encrypted password policies as follows:
Security policy 1
<security-domain name="policy1" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="user1"/>
<module-option name="password" value="-16de44"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=DATASOURCE_1"/>
</login-module>
</authentication>
</security-domain>
Security policy 2
<security-domain name="policy1" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="user2"/>
<module-option name="password" value="-16de44"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=DATASOURCE_2"/>
</login-module>
</authentication>
</security-domain>
Datasource 1
<datasource jndi-name="java:/DATASOURCE_1" pool-name="DATASOURCE_1" enabled="true">
.
.
<security>
<security-domain>policy_1</security-domain>
</security>
</datasource>
Datasource 2
<datasource jndi-name="java:/DATASOURCE_2" pool-name="DATASOURCE_2" enabled="true">
.
.
<security>
<security-domain>policy_2</security-domain>
</security>
</datasource>
However, I would like to know if it's possible to use the same policy for both datasources? I haven't been able to find a way to include more than one pool_name in the managedConnectionFactoryName policy attribute:
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=DATASOURCE_1 ??????, DATASOURCE_2 ?????"/>
Is the managedConnectionFactoryName attribute absolutely necessary? what could be a side effect if this attribute is not added?

Does this answer your question? https://access.redhat.com/solutions/304063
That means:
<module-option name="managedConnectionFactoryName">jboss.jca:name=DS1,service=LocalTxCM</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:name=DS2,service=LocalTxCM</module-option>

It seems that Wildfly 8.2 prefers this syntax:
<module-option name="managedConnectionFactoryName" value="jboss.jca:name=DS1,service=LocalTxCM"/>
But, It still does not seem to honor the security-domain for more that one datasource.
Does anyone know the significance of
service=LocalTxCM
in the example above? Seems like this would be different for xa-datasouces.

LDAP authentication with JBoss 7

I want to develop a simple java web application with JBoss 7 server to enable login from username/password entered by the user and authenticate with ldap.
So this is what i wrote in web.xml placed in WEB-INF/
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Enter user name and password</realm-name>
</login-config>
then added jboss-web.xml in same folder
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/website-domain</security-domain>
</jboss-web>
Then I added the website-domain realm in standalone.xml
<security-domain name="website-domain" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
<module-option name="bindDN" value="ou=people,dc=mycompany,dc=com" />
<module-option name="bindCredential" value="shad"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="Context.REFERRAL" value="follow"/>
<module-option name="throwValidateError" value="true"/>
<module-option name="allowEmptyPasswords" value="true"/>
</login-module>
</authentication>
</security-domain>
So how the username and password entered will be sent to these modules ? Or do I have to write a custom JAAS realm ? Is their any working example you guys can share me??

I wrote a post in portuguese...
http://jbossdivers.wordpress.com/2012/02/12/utilizando-ldap-login-module-no-jboss-as-7-1/

Your webapp needs to point to your security domain website-domain by adding a line in WEB-INF/jboss-web.xml
<security-domain flushOnSessionInvalidation="true">java:/jaas/website-domain</security-domain>
I believe in Jboss 7 you need to only specify website-domain (no java:/jaas/ prefix)