#470 JDBC Connections fail upgrading from version 11.0 to 11.1

[Bruce]

We use the datasource configuration for websphere liberty as follows:

<server>
    <dataSource id="DB_JDBC" jndiName="jdbc/database" transactional="false" isolationLevel="TRANSACTION_NONE">
        <connectionManager minPoolSize="1" maxPoolSize="5"/>
        <jdbcDriver libraryRef="toolbox-lib"/>
        <properties.db2.i.toolbox
                databaseName="mydb"
                serverName="myserver"
                libraries="lib1,lib2"
                user="user"
                password="pass"
                autoCommit="false"
                transactionIsolation="none"
                naming="system"
                dateSeparator="-"
                timeSeparator="."
                timeFormat="iso"
                dateFormat="iso"
        />
    </dataSource>

    <library id="toolbox-lib">
        <fileset dir="${server.config.dir}/lib" includes="jt400*.jar"/>
    </library>
</server>

While upgrading from version 11.0 to 11.1 the server fails to connect with errors:

[INFO] [WARNING ] DSRA8021W: Warning: error setting 'password'=******: java.lang.NoSuchMethodException: [C.<init>(java.lang.String)
[INFO]  at java.base/java.lang.Class.getConstructor0(Class.java:3585)
[INFO]  at java.base/java.lang.Class.getConstructor(Class.java:2271)
[INFO]  at com.ibm.ws.jdbc.internal.JDBCDriverService.setProperty(JDBCDriverService.java:1005)
[INFO]  at com.ibm.ws.jdbc.internal.JDBCDriverService.access$200(JDBCDriverService.java:76)
[INFO]  at com.ibm.ws.jdbc.internal.JDBCDriverService$1.run(JDBCDriverService.java:301)
[INFO]  at com.ibm.ws.jdbc.internal.JDBCDriverService$1.run(JDBCDriverService.java:262)
[INFO]  at java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
[INFO]  at com.ibm.ws.jdbc.internal.JDBCDriverService.create(JDBCDriverService.java:262)
[INFO]  at com.ibm.ws.jdbc.internal.JDBCDriverService.createAnyPreferLegacyOrder(JDBCDriverService.java:405)
[INFO]  at com.ibm.ws.jdbc.DataSourceService.init(DataSourceService.java:608)
[INFO]  at com.ibm.ws.jca.cm.AbstractConnectionFactoryService$2.run(AbstractConnectionFactoryService.java:522)
[INFO]  at com.ibm.ws.jca.cm.AbstractConnectionFactoryService$2.run(AbstractConnectionFactoryService.java:519)
[INFO]  at java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
[INFO]  at com.ibm.ws.jca.cm.AbstractConnectionFactoryService.initPrivileged(AbstractConnectionFactoryService.java:519)
[INFO]  at com.ibm.ws.jca.cm.AbstractConnectionFactoryService.createResource(AbstractConnectionFactoryService.java:149)
[INFO]  at com.ibm.ws.injectionengine.osgi.internal.IndirectJndiLookupObjectFactory.createResourceWithFilterPrivileged(IndirectJndiLookupObjectFactory.java:383)
[INFO]  at com.ibm.ws.injectionengine.osgi.internal.IndirectJndiLookupObjectFactory.access$100(IndirectJndiLookupObjectFactory.java:57)
[INFO]  at com.ibm.ws.injectionengine.osgi.internal.IndirectJndiLookupObjectFactory$3.run(IndirectJndiLookupObjectFactory.java:365)
[INFO]  at java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
[INFO]  at com.ibm.ws.injectionengine.osgi.internal.IndirectJndiLookupObjectFactory.createResourceWithFilter(IndirectJndiLookupObjectFactory.java:362)
[INFO]  at com.ibm.ws.injectionengine.osgi.internal.IndirectJndiLookupObjectFactory.createResource(IndirectJndiLookupObjectFactory.java:338)
[INFO]  at com.ibm.ws.injectionengine.osgi.internal.IndirectJndiLookupObjectFactory.getObjectInstance(IndirectJndiLookupObjectFactory.java:134)
[INFO]  at com.ibm.ws.injectionengine.osgi.internal.IndirectJndiLookupObjectFactory.getObjectInstance(IndirectJndiLookupObjectFactory.java:100)
[INFO]  at com.ibm.wsspi.injectionengine.InjectionBinding.getInjectionObjectInstance(InjectionBinding.java:1558)
[INFO]  at com.ibm.wsspi.injectionengine.InjectionBinding.getInjectionObject(InjectionBinding.java:1434)
[INFO]  at com.ibm.wsspi.injectionengine.InjectionBinding.getInjectableObject(InjectionBinding.java:1374)
[INFO]  at com.ibm.wsspi.injectionengine.InjectionTarget.inject(InjectionTarget.java:104)
[INFO]  at com.ibm.ws.cdi.impl.weld.injection.WebSphereInjectionServicesImpl.inject(WebSphereInjectionServicesImpl.java:198)
[INFO]  at com.ibm.ws.cdi.impl.weld.injection.WebSphereInjectionServicesImpl.inject(WebSphereInjectionServicesImpl.java:150)
[INFO]  at com.ibm.ws.cdi.impl.weld.injection.WebSphereInjectionServicesImpl.access$000(WebSphereInjectionServicesImpl.java:74)
[INFO]  at com.ibm.ws.cdi.impl.weld.injection.WebSphereInjectionServicesImpl$1.run(WebSphereInjectionServicesImpl.java:134)
[INFO]  at com.ibm.ws.cdi.impl.weld.injection.WebSphereInjectionServicesImpl$1.run(WebSphereInjectionServicesImpl.java:130)
[INFO]  at java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
[INFO]  at com.ibm.ws.cdi.impl.weld.injection.WebSphereInjectionServicesImpl.callInject(WebSphereInjectionServicesImpl.java:130)
[INFO]  at com.ibm.ws.cdi.impl.weld.injection.WebSphereInjectionServicesImpl.injectJavaEEResources(WebSphereInjectionServicesImpl.java:112)
[INFO]  at com.ibm.ws.cdi.impl.weld.injection.WebSphereInjectionServicesImpl.aroundInject(WebSphereInjectionServicesImpl.java:317)
[INFO]  at org.jboss.weld.injection.InjectionContextImpl.run(InjectionContextImpl.java:46)
[INFO]  at org.jboss.weld.injection.producer.ResourceInjector.inject(ResourceInjector.java:71)
[INFO]  at org.jboss.weld.injection.producer.BasicInjectionTarget.inject(BasicInjectionTarget.java:117)
[INFO]  at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:161)
[INFO]  at org.jboss.weld.contexts.AbstractContext.get(AbstractContext.java:96)
[INFO]  at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100)
[INFO]  at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:140)
[INFO]  at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
[INFO]  at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:102)
[INFO]  at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:131)
[INFO]  at com.company.health.DatabaseHealthCheck$Proxy$_$$_WeldClientProxy.call(Unknown Source)
[INFO]  at io.openliberty.microprofile.health31.services.impl.HealthCheck31CDIBeanInvokerImpl.checkAllBeans(HealthCheck31CDIBeanInvokerImpl.java:84)
[INFO]  at jdk.internal.reflect.GeneratedMethodAccessor955.invoke(Unknown Source)
[INFO]  at java.base/java.lang.reflect.Method.invoke(Method.java:568)
[INFO]  at com.ibm.ws.context.service.serializable.ContextualInvocationHandler.invoke(ContextualInvocationHandler.java:77)
[INFO]  at com.ibm.ws.context.service.serializable.ContextualInvocationHandler.invoke(ContextualInvocationHandler.java:99)
[INFO]  at jdk.proxy21/jdk.proxy21.$Proxy110.checkAllBeans(Unknown Source)
[INFO]  at io.openliberty.microprofile.health31.services.impl.HealthCheck31ExecutorImpl.runHealthChecks(HealthCheck31ExecutorImpl.java:102)
[INFO]  at io.openliberty.microprofile.health31.internal.HealthCheck31ServiceImpl.performHealthCheck(HealthCheck31ServiceImpl.java:164)
[INFO]  at io.openliberty.microprofile.health31.internal.HealthCheck31ServiceImpl.performHealthCheck(HealthCheck31ServiceImpl.java:95)
[INFO]  at io.openliberty.microprofile.health31.internal.servlet.HealthCheckServlet.service(HealthCheckServlet.java:43)
[INFO]  at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:587)
[INFO]  at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1258)
[INFO]  at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:746)
[INFO]  at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:443)
[INFO]  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:193)
[INFO]  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:98)
[INFO]  at com.ibm.ws.app.manager.wab.internal.OsgiDirectoryProtectionFilter.doFilter(OsgiDirectoryProtectionFilter.java:90)
[INFO]  at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
[INFO]  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
[INFO]  at com.ibm.ws.security.jaspi.JaspiServletFilter.doFilter(JaspiServletFilter.java:56)
[INFO]  at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
[INFO]  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
[INFO]  at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:1002)
[INFO]  at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1140)
[INFO]  at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5078)
[INFO]  at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:316)
[INFO]  at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1007)
[INFO]  at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:281)
[INFO]  at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:1246)
[INFO]  at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.wrapHandlerAndExecute(HttpDispatcherLink.java:468)
[INFO]  at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:427)
[INFO]  at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:567)
[INFO]  at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:501)
[INFO]  at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:361)
[INFO]  at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.ready(HttpInboundLink.java:328)
[INFO]  at com.ibm.ws.http.channel.h2internal.H2StreamProcessor$Http2Ready.run(H2StreamProcessor.java:1789)
[INFO]  at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:245)
[INFO]  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
[INFO]  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
[INFO]  at java.base/java.lang.Thread.run(Thread.java:833)
[INFO]

{exception=The application server rejected the connection. (Password is not set.) DSRA0010E: SQL State = 08004, Error Code = -99,999, id=jdbc/database}

I am assuming this is do to the item in the release notes for version 11.1:

Deprecate interfaces where password passed as a String

I have tried looking for additional documentation but cannot find what we should be doing now with passwords while trying to create the jdbc connection. We do encrypt our passwords that are supplied to the liberty server.xml.

Any advise is appreciated.

Thanks in advance
Bruce

[John Eberhard]

The JTOpen JDBCDataSources were changed to add a setPassword(char[]) method.
The old setPassword(String) method was deprecated.

This is because putting a password in a String is insecure, as the JVM may cache the string -- thus exposing the password if the process memory is dumped or if the JVM is dumped.

It looks like com.ibm.ws.jdbc.internal.JDBCDriverService.setProperty method is confused and is trying to use the setPassword(char[]) method instead of the setPassword(String) method. It is trying to call a [C.<init>(java.lang.String) to create the char[], but that method does not exist in Java.</init>

Looks like that websphere code needs to change to do one of the following.

1. Use the setPassword(String) method which is still available but is depreciated. This is not a long term solution due to the security concern mentioned above.

2. When dealing with passwords, don't put a password into a String object as this is very insecure. Websphere should create the password in a char[] . The char[] should be used to call the setPassword method. After the method returns, the char[] should be completely overwritten to remove any trace of the password.

[Bruce]

Hello John,

Thank you for the reply, however, we have no control over the code execution. This configuration is in the server.xml for the WebSphere Liberty profile.

We access the code in two potential different ways:

@Resource(lookup = "jdbc/database")
DataSource db;
Connection conn = db.getConnection()

Or I tried getting the Initial Context and getting the JDBC connection manually.

DataSource db = (DataSource) new InitialContext().lookup("jdbc/database");
Connection conn = db.getConnection()

Both of these fail.

Using the documentation provide by IBM @ https://www.ibm.com/docs/en/was-liberty/core?topic=SSD28V_liberty/com.ibm.websphere.wlp.doc/ae/twlp_dep_configuring_ds.htm

So none of the code is on us it is in all internal to either the JT400.jar or the internals of Liberty which are establishing the connection.

How should we proceed with this?

Bruce

[John Eberhard]

You'll need to contact liberty / websphere support to make the changes outlined above.

[Bruce]

Happy to repot that the issue was raised with IBM Support for WebSphere Liberty. Changes were made to the Open Liberty project to fix the issue that was occurring. The fix is available in version 23.0.0.1 and higher.

Here is a link to the issue report -> https://github.com/OpenLiberty/open-liberty/issues/23690

Thanks for the assistance in understanding the issue.