AnsweredAssumed Answered

Configure activiti to use kerberos

Question asked by per.berge on Feb 10, 2014
Latest reply on Feb 11, 2014 by trademak
In both activiti-rest and activiti-explorer there are settings to configure activiti to use a database.
I've changed it to using the oracle driver and it works fine with a sql users.
In activiti I've deployed a process which runs service tasks which use hibernate and logs in to the same database using kerberos.
<blockcode>
<property name="hibernate.connection.oracle.net.authentication_services">KERBEROS5</property>
<property name="hibernate.connection.oracle.net.kerberos5_mutual_authentication">true</property>
</blockcode>
How would I go about it to use a specified kerberos user to access the oracle database for activiti-rest or activiti-explorer?
I've tried specifying simply specifying username and password directly in db.properties file which gives :
(ORA-01017: invalid username/password; logon denied)
<blockcode>
jdbc.username=user@domain.com
jdbc.password=qqq
</blockcode>
I would expect I need to specify some of the oracle connection properties in java using properties for specifying f.i krb5_realm, krb5_kdc and so on:
(http://docs.oracle.com/cd/B28359_01/java.111/b31224/clntsec.htm#CIHCIDHF).

Is it possible to simply add or replace the necessary properties in the following section from activiti-context.xml:
adding
<blockcode>
    <property name="java.security.krb5.realm" value="domain.com" />
    <property name="java.security.krb5.conf" value="c:/oracle/krb5/krb5.conf" />
</blockcode>

to:
<blockcode>
    <property name="driverClassName" value="${jdbc.driver}" />
    <property name="url" value="${jdbc.url}" />
    <property name="username" value="${jdbc.username}" />
    <property name="password" value="${jdbc.username}" />
</blockcode>

Another alternative is for activiti to use the logged on user on the webserver, in my situation it's using tomcat7.

Anyone have any ideas for which direction to go in to resolve this issue?

Outcomes