ODSI support for return type "PL/SQL TABLE"?
Hello!
We are trying to connect our ODSI to an Oracle function with return type "PL/SQL TABLE". The ODSI "wizard" (used to create the physical data service) seems to understand the interface during creation, but when executed it fails. The ODSI server complains about wrong type (PLS-00382: expression is of wrong type) when we execute it from the "test tab".
The function's metadata is looks like this:
<params xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xdt="http://www.w3.org/2004/07/xpath-datatypes" xmlns:pn1="ld:physical/rekondis/CALC_DEBITING" >
<param name="RETURN_VALUE" kind="return" xqueryType="pn1:RETURN_VALUE_ROW" nativeTypeCode="1111" nativeType="PL/SQL TABLE"/>
<param name="PIN_CASE_ID" kind="in" xqueryType="xs:decimal" nativeTypeCode="3" nativeType="NUMBER"/>
<param name="PIN_ACTION_CODE" kind="in" xqueryType="xs:decimal" nativeTypeCode="3" nativeType="NUMBER"/>
<param name="PI_AD_NAME" kind="in" xqueryType="xs:string" nativeTypeCode="12" nativeType="VARCHAR2"/>
</params>
Any ideas how we can make this work!? Or is this not even supported in ODSI 10.3?
Thanks!
// Mikael
Please refer to the documentation - http://download.oracle.com/docs/cd/E13162_01/odsi/docs10gr3/datasrvc/Create%20Physical%20Data%20Services%20from%20Stored%20Procedures.html
Similar Messages
-
WebLogic SSO receiving "KDC has no support for encryption type (14)" error
Hello,
I am trying to implement SSO using an Off-the-Shelf app running on WebLogic, but receiving "KDC has no support for encryption type (14)" error. I have set the AD Server to Use DES encryption types for this account . I have added 'allowtgtsessionkey' registry entry on the client machine as well as the Windows Server on which WebLogic is running. My klist results on the client machine still seems to indicate AD is sending RC4 encryption format (please confirm looking at the results below). I am also attaching the WebLogic error log. I am slo seeing 2 errors at the very beginning of the WebLogic log when I restart the appserver.
% KLIST output
C:\Program Files\Resource Kit>klist tickets
Cached Tickets: (2)
Server: krbtgt/[email protected]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 8/27/2008 1:52:56
Renew Time: 9/2/2008 15:52:56
Server: HTTP/[email protected]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 8/27/2008 1:52:56
Renew Time: 9/2/2008 15:52:56
% WebLogic Error
<Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.realm was not defined, this could cause problems using Kerberos for negotiation>
<Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.kdc was not defined, this could cause problems using Kerberos for negotiation>
<Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <Default Authorization isAccessAllowed(): returning PERMIT>
<Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <DefaultAdjudicatorImpl.adjudicate results: PERMIT >
<Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <AuthorizationManager.isAccessAllowed returning adjudicated: true>
<Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
<Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null KeyTab is devmax01.http.keytab refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
KeyTab: load() entry length: 60
KeyTabInputStream, readName(): DEV.DENVERWATER.ORG
KeyTabInputStream, readName(): HTTP
KeyTabInputStream, readName(): devmax01principal's key obtained from the keytab
principal is HTTP/[email protected]
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbAsReq etypes are: 3 1 1
KrbKdcReq send: kdc=10.143.60.1 UDP:88, timeout=30000, number of retries =3, #bytes=252
KDCCommunication: kdc=10.143.60.1 UDP:88, timeout=30000,Attempt =1, #bytes=252
KrbKdcReq send: #bytes read=1311
KrbKdcReq send: #bytes read=1311
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
KrbAsRep cons in KrbAsReq.getReply HTTP/devmax01Added server's keyKerberos Principal HTTP/[email protected] Version 4key EncryptionKey: keyType=3 keyBytes (hex dump)=
0000: B3 86 A4 E5 83 0E 6D 9E
[Krb5LoginModule] added Krb5Principal HTTP/[email protected] to Subject
Commit Succeeded
Found key for HTTP/[email protected]
Entered Krb5Context.acceptSecContext with state=STATE_NEW
<Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> < GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - IdentityAssertionException>dins wrote:Do you think the klist output in my original posting confirms that AD is not encrypting tickets in DES format ?Yes, the current line prove it :
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)The fact is that Microsoft seems to use by default the RC4-HMAC-MD5 encryption type for AD.
Try to specify only des for encryption type in both your krb5.conf
[libdefaults]
default_realm = ...
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
...and kdc.conf
[realms]
REALM = {
kadmind_port = ...
max_life = ...
max_renewable_life = ...
master_key_type = ddes-cbc-md5 des-cbc-crc des3-cbc-sha1
supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
kdc_supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
}If it still does not work, I'm out of ammo ;-). -
KDC has no support for encryption type (14)
I have come across a posting on "KDC has no support for encryption type (14)" - " http://www.webservertalk.com/message1277232.html"
and believe that I am hitting the same problem. However, there is no solution. Can anybody help?
I have done all the necessary steps suggested, including changing the registry and removing the unwanted SPN, but the error still there. The only different is probably I combined WebLogic and AD in one machine. But, does that make any difference?
Client
====
Name: ssoclient.ssow2k.com
OS: Win XP SP2
Server
=====
Name: ssow2kserver.ssow2k.com
OS: Windows 2000 Advanced Server SP4
WLS: BEA WebLogic 8.1.4
<<Registry>>
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01
The following is the WebLogic myserver log for your reference:
========================================================================================
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=console, contextPath=/console, uri=/*>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Admin>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Operator>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Deployer>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Monitor>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(Admin,Operator,Deployer,Monitor)}>
####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(Admin,Operator,Deployer,Monitor)} successfully deployed for resource type=<url>, application=console, contextPath=/console, uri=/*>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> < PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Found Negotiate with SPNEGO token>
####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at sun.security.jgss.GSSContextImpl.acceptSecContext (GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity (SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm (CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Exception weblogic.security.providers.utils.NegotiateTokenException: GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
weblogic.security.providers.utils.NegotiateTokenException : GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:419)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity (PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java :199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute (ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
========================================================================================
The following are some krb5 packets captured. I suspected it is due to the encryption type used - RC4-HMAC:
========================================================================================
KRB5 (AS-REQ)
============
No. Time Source Destination Protocol Info
125 10.301166 10.122.1.2 10.122.1.200 KRB5 AS-REQ
Frame 125 (345 bytes on wire, 345 bytes captured)
Arrival Time: Apr 6, 2006 13:49:54.848903000
Time delta from previous packet: 0.008330000 seconds
Time since reference or first frame: 10.301166000 seconds
Frame Number: 125
Packet Length: 345 bytes
Capture Length: 345 bytes
Protocols in frame: eth:ip:udp:kerberos
Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Source: 10.122.1.2 (00:0c:29:17:9a:be)
Type: IP (0x0800)
Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 331
Identification: 0x0158 (344)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x208d [correct]
Source: 10.122.1.2 (10.122.1.2 )
Destination: 10.122.1.200 (10.122.1.200)
User Datagram Protocol, Src Port: 1075 (1075), Dst Port: kerberos (88)
Source port: 1075 (1075)
Destination port: kerberos (88)
Length: 311
Checksum: 0x1133 [correct]
Kerberos AS-REQ
Pvno: 5
MSG Type: AS-REQ (10)
padata: PA-ENC-TIMESTAMP PA-PAC-REQUEST
Type: PA-ENC-TIMESTAMP (2)
Type: PA-PAC-REQUEST (128)
KDC_REQ_BODY
Padding: 0
KDCOptions: 40810010 (Forwardable, Renewable, Canonicalize, Renewable OK)
Client Name (Principal): ssouser
Realm: SSOW2K.COM
Server Name (Service and Instance): krbtgt/SSOW2K.COM
till: 2037-09-13 02:48:05 (Z)
rtime: 2037-09-13 02:48:05 (Z)
Nonce: 1870983219
Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
Encryption type: rc4-hmac (23)
Encryption type: rc4-hmac-old (-133)
Encryption type: rc4-md4 (-128)
Encryption type: des-cbc-md5 (3)
Encryption type: des-cbc-crc (1)
Encryption type: rc4-hmac-exp (24)
Encryption type: rc4-hmac-old-exp (-135)
HostAddresses: SSOCLIENT<20>
KRB5 (AS-REP)
============
No. Time Source Destination Protocol Info
126 10.303156 10.122.1.200 10.122.1.2 KRB5 AS-REP
Frame 126 (1324 bytes on wire, 1324 bytes captured)
Arrival Time: Apr 6, 2006 13:49:54.850893000
Time delta from previous packet: 0.001990000 seconds
Time since reference or first frame: 10.303156000 seconds
Frame Number: 126
Packet Length: 1324 bytes
Capture Length: 1324 bytes
Protocols in frame: eth:ip:udp:kerberos
Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
Destination: 10.122.1.2 (00:0c:29:17:9a:be)
Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Type: IP (0x0800)
Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1310
Identification: 0x0a0f (2575)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1403 [correct]
Source: 10.122.1.200 (10.122.1.200)
Destination: 10.122.1.2 (10.122.1.2)
User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1075 (1075)
Source port: kerberos (88)
Destination port: 1075 (1075)
Length: 1290
Checksum: 0xb637 [correct]
Kerberos AS-REP
Pvno: 5
MSG Type: AS-REP (11)
Client Realm: SSOW2K.COM
Client Name (Principal): ssouser
Ticket
enc-part rc4-hmac
Encryption type: rc4-hmac (23)
Kvno: 1
enc-part: E3610239EACDD0E6D4E89AA7D81A355F6C93B95D95B13B56...
KRB5 (TGS-REQ)
============
No. Time Source Destination Protocol Info
127 10.309350 10.122.1.2 10.122.1.200 KRB5 TGS-REQ
Frame 127 (1307 bytes on wire, 1307 bytes captured)
Arrival Time: Apr 6, 2006 13:49:54.857087000
Time delta from previous packet: 0.006194000 seconds
Time since reference or first frame: 10.309350000 seconds
Frame Number: 127
Packet Length: 1307 bytes
Capture Length: 1307 bytes
Protocols in frame: eth:ip:udp:kerberos
Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Source: 10.122.1.2 (00:0c:29:17:9a:be)
Type: IP (0x0800)
Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1293
Identification: 0x0159 (345)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1cca [correct]
Source: 10.122.1.2 (10.122.1.2)
Destination: 10.122.1.200 ( 10.122.1.200)
User Datagram Protocol, Src Port: 1076 (1076), Dst Port: kerberos (88)
Source port: 1076 (1076)
Destination port: kerberos (88)
Length: 1273
Checksum: 0xd085 [correct]
Kerberos TGS-REQ
Pvno: 5
MSG Type: TGS-REQ (12)
padata: PA-TGS-REQ
Type: PA-TGS-REQ (1)
KDC_REQ_BODY
Padding: 0
KDCOptions: 40800000 (Forwardable, Renewable)
Realm: SSOW2K.COM
Server Name (Service and Instance): HTTP/ssow2kserver.ssow2k.com
till: 2037-09-13 02:48:05 (Z)
Nonce: 1871140380
Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
Encryption type: rc4-hmac (23)
Encryption type: rc4-hmac-old (-133)
Encryption type: rc4-md4 (-128)
Encryption type: des-cbc-md5 (3)
Encryption type: des-cbc-crc (1)
Encryption type: rc4-hmac-exp (24)
Encryption type: rc4-hmac-old-exp (-135)
KRB5 (TGS-REP)
============
No. Time Source Destination Protocol Info
128 10.310791 10.122.1.200 10.122.1.2 KRB5 TGS-REP
Frame 128 (1290 bytes on wire, 1290 bytes captured)
Arrival Time: Apr 6, 2006 13:49:54.858528000
Time delta from previous packet: 0.001441000 seconds
Time since reference or first frame: 10.310791000 seconds
Frame Number: 128
Packet Length: 1290 bytes
Capture Length: 1290 bytes
Protocols in frame: eth:ip:udp:kerberos
Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
Destination: 10.122.1.2 (00:0c:29:17:9a:be)
Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
Type: IP (0x0800)
Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1276
Identification: 0x0a10 (2576)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1424 [correct]
Source: 10.122.1.200 (10.122.1.200)
Destination: 10.122.1.2 (10.122.1.2)
User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1076 (1076)
Source port: kerberos (88)
Destination port: 1076 (1076)
Length: 1256
Checksum: 0x1318 [correct]
Kerberos TGS-REP
Pvno: 5
MSG Type: TGS-REP (13)
Client Realm: SSOW2K.COM
Client Name (Principal): ssouser
Ticket
enc-part rc4-hmac
Encryption type: rc4-hmac (23)
Kvno: 1
enc-part: 4D2A9E8590CC716EA6571B093B6FAF89537B0B89F832C073...
========================================================================================
Can anybody enlighten me on how you solve this problem? Thanks.I ran into this error and caught the error code to remind me to edit the registry.
if (sError.contains("KDC has no support for encryption type (14)")){
JOptionPane.showMessageDialog(null,"Error " + ThisErrorCode.myErrorCode() + '\n' +
" http://support.microsoft.com/default.aspx?scid=kb;en-us;308339" + '\n' + '\n' +
"There is a known issue involving Windows clients running Windows 2000 SP4, XP SP2." + '\n' +
"To avoid the error, administrators need to update the Windows registry." + '\n' +
"The registry key, allowtgtsessionkey, should be added, and its value set correctly" + '\n' +
"to allow session keys to be sent in the Kerberos Ticket-Granting Ticket." + '\n' + '\n' +
"Windows XP SP2, add the registry entry:" + '\n' +
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\" + '\n' +
"Value Name: allowtgtsessionkey" + '\n' +
"Value Type: REG_DWORD" + '\n' +
"Value: 0x01" ,null, JOptionPane.ERROR_MESSAGE);
System.exit(-1); -
Problem: KDC has no support for encryption type (14)
hi, I have dealing the problem for long time and no response in bea forum.
I feel very exhausted when checking mit's kerberos mailist and sun forum. Any try every method they provide but not success.
first I generate the keytab using w2k's ktpass
ktpass -princ HTTP/[email protected] -mapuser weblogic -pass weblogic -out dlsvr_keytab -crypto des-cbc-crc
and it turn out to be successful.
My W2KSP4 KDC Config is:
c:\winnt\krb5.ini-----------------------------
[libdefaults]
default_realm = DLSVR.COM
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
ticket_lifetime = 600
[realms]
DLSVR.COM = {
kdc = 192.168.2.231
admin_server = dlserver
default_domain = DLSVR.COM
[domain_realm]
.dlsvr.com= DLSVR.COM
[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
i also set des type in AD Accout and also reset password after that
i create my keytab using des-cbc-crc as you can see in the log below :
<2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
KeyTab: load() entry length: 50
KeyTabInputStream, readName(): DLSVR.COM
KeyTabInputStream, readName(): host
KeyTabInputStream, readName(): weblogic
KeyTab: load() entry length: 44
KeyTabInputStream, readName(): dlsvr.com
KeyTabInputStream, readName(): weblogic
EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
crc32: e9889c7a
crc32: 11101001100010001001110001111010
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbAsReq etypes are: 1
KrbKdcReq send: kdc=192.168.2.231 UDP:88, timeout=30000, number of retries =3, #bytes=216
KDCCommunication: kdc=192.168.2.231 UDP:88, timeout=30000,Attempt =1, #bytes=216
KrbKdcReq send: #bytes read=1217
KrbKdcReq send: #bytes read=1217
EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
crc32: 54c176ae
crc32: 1010100110000010111011010101110
KrbAsRep cons in KrbAsReq.getReply host/weblogicFound key for host/[email protected]
Entered Krb5Context.acceptSecContext with state=STATE_NEW
<2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no
support for encryption type (14))
GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProvider
Impl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
So i don't know why win2k's KDC not support the des-cbc-crc,
Any Help or Clue woud be highly appreciated!
davidException was: javax.naming.AuthenticationException: KDC has no support for encryption type (14) [Root exception is KrbException: KDC has no support for encryption type (14)]
at com.sco.tta.server.security.java14.KerberosAuth.login(KerberosAuth.java:286)
at com.sco.tta.server.login.ADLoginAuthority.authenticate(ADLoginAuthority.java:39 0)
Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2.
Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.
On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01 ( default is 0 )
By default, the value is 0; setting it to "0x01" allows a session key to be included in the TGT. -
GSSException"KDC has no support for encryption type (14)" on token exchange
I'm stumped. Just started working with an MIT KDC v5 1.3.1 running on Linux and trying to get the IBM sample apps (GSSClient and GSSServer) working. The apps are here: http://www-106.ibm.com/developerworks/java/library/j-gss-sso/
I have two principals set up using defaults: one for the client and one for the server. The GSSClient, GSSServer and KDC are all running on the same machine in the same Realm.
I start the server just fine and it waits with:
GSSServer starts... Waiting for incoming connectionWhen I run the client the client authentictes and the context is successsfully created. However, the GSSServer throws an Exception:
GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at com.ourcorp.caa.security.GSSServer.run(GSSServer.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at com.ourcorp.caa.security.GSSServer.startServer(GSSServer.java:98)
at com.ourcorp.caa.security.GSSServer.main(GSSServer.java:71)
The client also throws an Exception:
GSSClient... Getting client credentials
GSSClient... GSSManager creating security context
GSSClient...Sending token to server over secure context
GSSClient...Secure context initialized
GSSClient...Written 511 bytes
GSSClient...Exception nulljava.io.EOFException
at java.io.DataInputStream.readInt(DataInputStream.java:448)
at com.ourcorp.caa.security.GSSClient.run(GSSClient.java:184)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:320)
at com.ourcorp.caa.security.GSSClient.login(GSSClient.java:117)
at com.ourcorp.caa.security.GSSClient.main(GSSClient.java:63)
Client authentication denied...
This happens consistently and I cannot get passed this point! The weird thing is, is that the same thing happens using the Windows 2003 Server KDC! Same Exception.
Can anyone help me understand what is causing this? The Exception mentions "KDC has no support for encryption type (14)" but we're not specifying any encryption type other than the defaults. The principals are the same as far as I know.
Thanks.Interesting I managed to get this example to work but I had to create two principals (one for the client one for the server) with encryption types of "des-cbc-crc:normal" only . It seems that a with principal with "des-cbc-crc:normal" and "des3-hmac-sha1:normal" encryption types causes the Exception. So, the question I have is: does the GSS API support TripleDES or what? The KDC is obviosuly trying to use it for the user-user exchange but fails.
Anyone got any ideas? Thanks. -
KDC has no support for encryption type (14) in windows 2008
The active directory is a windows 2008 box. I am not mentioning any encryption types in krb5.ini. I know that we should add some registry entries in Windows 2003 and XP. But I was not able to find something similar to those, corresponding to windows 2008. I also tried adding the registry that was meant for windows 2003. But it din't work.
Any help appreciated.
Thanks in advanceSorry for a very late response and for not providing adequate information in my question.
I have Active Directory is in windows 2008 box and my application runs in a windows 2003 box. Its a very simple configuration and there is just one domain configured in the AD(no forest, no parent-child domains).
my login.config file looks like this
KerbAuth4Portal{
com.sun.security.auth.module.Krb5LoginModule required debug=true refreshKrb5Config=true;
and the krb5.conf looks like this
[libdefaults]
default_realm = KERB.WHIGFIELD.COM
[domain_realm]
.kerb.whigfield.com = KERB.WHIGFIELD.COM
[realms]
KERB.WHIGFIELD.COM = {
kdc = Ferrari-w2k8Vm1.kerb.whigfield.com
This is my method
public void authenticateForPortal(String userName, String password)
throws AuthenticationException {
LoginContext lc = null;
Subject subject = null;
try {
// String pwd= EncryptData.decryptString(password);
// userName = "[email protected]";
// userName = helper.convertDN2KerberosPrincipal(userName);
// password = "control";
lc = new LoginContext("KerbAuth4Portal", new LdapCallbackHandler(
userName, password));
lc.login();
logTicketAttributes(lc);
subject = lc.getSubject();
log.debug("Authenticated subject" + subject);
} catch (LoginException le) {
log.error("Login failed-", le);
throw new AuthenticationException("Failed to login -"
+ le.getMessage());
and this is the exception I am getting
javax.naming.AuthenticationException: Failed to login -KDC has no support for encryption type (14)
But if I set the useTicketCache to true, then I am not getting this issue, but it the authentication happens with the user present in ticket cache and not with the user passed in my method
Any help appreciated.
Thanks in advance -
KDC has no support for encryption type
Hi,
I hope not too much people are not reading this post because of the very common error message. But I'm really somewhat confused:
For testing Kerberos 5 SSO I set up a little domain controller running Windows 2003 Server and a client in the domain running Windows XP. In the active directory I created a service account with the logon test-service and a user account test-user. The switch "Use DES encryption types for this account" is set for both accounts and I reseted the passwords after setting the switch. Additionally I added a service principal name test/test.krbtest.local to the service account.
On the client machine I execute a very simple JAVA client program that tries to obtain a service ticket for the service test/test.krbtest.local. If I configure the client to prompt for a password, the service ticket is obtained without a problem using etype 3 (sun.security.krb5.internal.crypto.DesCbcMd5EType). But when trying to read the existing TGT from the native windows cache the client exits with:
KDC has no support for encryption type (14)The debug output tells the following:
>>> Obtained TGT from LSA: Credentials:
[email protected]
server=krbtgt/[email protected]
authTime=20070413112833Z
startTime=20070413112833Z
endTime=20070413212833Z
renewTill=20070420112833Z
flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
EType (int): 0
Principal is [email protected]
Commit Succeeded
Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Apr 13 23:28:33 CEST 2007
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Apr 13 23:28:33 CEST 2007
Service ticket not found in the subject
Credentials acquireServiceCreds: same realmUsing builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
EType: sun.security.krb5.internal.crypto.NullEType...Note that it says "Etype (int): 0" which I think is no valid encryption type at all. klist (from the windows resource kit) tells me that my tickets look like:
Server: krbtgt/[email protected]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 4/13/2007 23:28:33
Renew Time: 4/20/2007 13:28:33
...But as mentioned above I set the option "Use DES encryption types for this account" for both the user and service account. Am I doing something wrong here??
Additionally I thought JAVA 1.5.11 would support RC4-HMAC, is that wrong?
Even more confusing:
If I remove the "Use DES encryption types for this account" switch for the two accounts and configure my JAVA client program to prompt for a password, a ticket is obtained using the RC4-HMAC encryption type 23 (sun.security.krb5.internal.crypto.ArcFourHmacEType). But using the ticket from the cache again does not work.
I'd appreciate any comments on that since I'm totally confused by now and have no idea on how to get this SSO thing working correctly in JAVA.
Cheers
P.S.:
I just wanted to mention that adding
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmacto my krb5.ini has no effect on the desribed behaviour
Message was edited by:
sherazadeOk,
perhaps I should have looked around the forum a little bit more in-depth...
Setting the AllowTGTSessionKey registry key to 1 solves this issue...
thanks -
Specify two conditions for button type: pl/sql function body return boolean
Hello,
Can anyone help me out with this issue.
I am using Oracle APEX 3.2 version.
I have page zero select list with submit items P0_ITEM1, P0_ITEM2, P0_ITEM3
and i also have a button on page zero. Now I want to make this button conditional
like only show the button only when all the three items are selected. For this I am having the below condition which is working perfectly fine.
Type: PL/SQL function returning boolean.
RETURN NVL(:P0_ITEM1,'%'||'null%') != '%'||'null%' AND
NVL(:P0_ITEM2,'%'||'null%') != '%'||'null%' AND
NVL(:P0_ITEM3,'%'||'null%') != '%'||'null%' ;Now I want to add one more condition to the button --
the condition is that, the buttton should be displayed only on the pages 1,2,3,4
so can anyone please help me out how do i change the code to include the additional condition.
thanks,
Orton
Edited by: orton607 on Jul 28, 2010 2:02 PMTry:
Type: PL/SQL function returning boolean.
RETURN NVL(:P0_ITEM1,'%'||'null%') != '%'||'null%' AND
NVL(:P0_ITEM2,'%'||'null%') != '%'||'null%' AND
NVL(:P0_ITEM3,'%'||'null%') != '%'||'null%' AND
:app_page_id in (1, 2, 3, 4);http://download.oracle.com/docs/cd/E17556_01/doc/user.40/e15517/concept.htm#sthref156 -
ERROR WHEN RETURNING A PL/SQL TABLE?
Hi,
I try to call a Oracle 9i function from Oracle 8i via TEST9.WORLD dblink.
The function returns me a pl/sql table.
It compiles but when I try to execute I get the following error
The following error has occurred:
ORA-02068: following severe error from TEST9.WORLD
ORA-06512: at "TBSDEV.GETDATA", line 12
ORA-06512: at line 2
Note: I test the code in a single database instance
and it works fine. The problem occurs when I move the getData function to 8i and
call the package function via a dblink.
What can I do?
what might be the problem?
Does not Oracle permit us move table of records between 2 database instances?
]f it does not, it is very tragic because we can get the SQL Server record sets to
Oracle 9i through a gateway but we could not move these records sets within Oracle?
!!!!!!!!!!! All of the code .} use is listed below.
thanks in advance.
--BELOW IS MY PACKAGE IN ORACLE 9i SERVER
--THIS PACKAGE GETS DATA FROM SQL SERVER THROUGH TRASPARENT GATEWAY
CREATE OR REPLACE package tgw is
TYPE RefCursorType IS REF CURSOR;
TYPE HisseRecordType IS RECORD( HisseAd VARCHAR2(20) := '' );
TYPE HisseTableType IS TABLE OF HisseRecordType INDEX BY BINARY_INTEGER;
mytable HisseTableType;
myrecord HisseRecordType;
function getRecords return HisseTableType ;
end;
CREATE OR REPLACE package body tgw is
function getRecords return HisseTableType is
rc RefCursorType;
htable HisseTableType;
hrec HisseRecordType;
BEGIN
"ahtha"."getHisseSenetleri"@ata(rc); --CALLS SQL SERVER STORED PROCEDURE
FOR i IN 1..10 LOOP
FETCH rc INTO htable(i);
END LOOP;
CLOSE rc;
RETURN htable;
END;
end;
--HERE IS THE PROCEDURE IN OUR MAIN ORACLE 8i SERVER
-- TGW9i ]S THE dblink to the oracle 9i
-- THE BELOW CODE COMPILES BUT GIVES THE ERROR I MENTIONED ABOVE
PROCEDURE getdata is
htable tgw9i.mytable%TYPE;
hrec tgw9i.myrecord%TYPE;
begin
htable:=tgw9i.getRecords(10);
FOR i IN 1..10 LOOP
DBMS_OUTPUT.PUT_LINE(htable(i).HisseAd);
END LOOP;
end;The problem might be passing PL/SQL Tables or Records over your database link. You might run some more simple tests with PL/SQL Records and Tables over your link.
1) I still suggest you use a GLOBAL TEMPORARY TABLE to pass your information, attempt to do everything in a few SQL statements to pass the informaiton. And then process it on the other side. Database links tend to be a bit slow, and so you want to try to reduce the number of times you extract information through the link.
2) Someone else may have more experience with DB links, and calling procedures through them.
I wish you luck that you find your answer soon,
Eric Kamradt -
Returning multiple pl/sql tables to VB using ADO + Oracle's OLE DB
Windows XP
VB 6
ADO 2.7
Oracle 9i Client (OLE DB 9.2.0.1)
Oracle DB 8.1.7.2
I have just upgraded a VB5/NT (RDO + MS ODBC for Oracle) app to VB6/XP (ADO + Oracle's OLE DB). The calls to stored procedures that returns tables are not working now. I get following error:
-214721900 ORA-06550: line 1, column 42:
PLS-00201:identifier 'LO_AUDIT_ID_TBL' must be declared
ORA-06550: line 1, column 7:
PL/SQL: Statement ignored
Please provide hint/help.Yes, the LO_AUDIT_ID_TBL is a variable (of table type) being returned from the stored procedure.
I tried changing case of table is in pl/sql.
I tried removing the table(s) from the Call statement...
and I get error message that there are missing parameters.
THANKS SO MUCH FOR YOUR HELP.
I have been reading OLE DB User's guide in which there are examples of Ref Cursors and has no documentation regarding how to achieve same using tables (in stead of Ref Curs). I am also looking for documentation that would describe all different Registry attributes that could be turned on or off to do things, but have not been able to find any.
I am trying to use the PLSQLRSet to retrieve rowsets from pl/sql tables. You can see that in my VB code below, in GetSPResultSet function.
The VB Code is:
Public Function Retrieve() As ADODB.Recordset
Dim inparam(-2 To -1) As Variant 'set to be ignored by GetSPResultSet method
Dim outparam(0) As Variant
Dim strSQL As String
strSQL = "{ CALL PckPLAudit.Sel_Smmry( ?,{resultset 1000, lo_audit_id_tbl, lo_audit_dt_tbl, lo_audit_type_tbl, " & _
"lo_audit_status_tbl, lo_qty_selected_tbl, lo_qty_deselect_tbl, lo_qty_sent_tbl, lo_qty_follow_tbl, " & _
"lo_qty_received_tbl, lo_qty_ncpl_tbl, lo_qty_security_tbl, lo_qty_closed_tbl, lo_qty_sentsec_tbl}, {resultset 1, lo_res_tbl} ) }"
Set rdoRs = mConnection.GetSPResultSet(strSQL, inparam(), outparam())
BuildCollection
Set Retrieve = rdoRs
End Function
Public Function GetSPResultSet(ByVal szSQL As String, InParam() As Variant, OutParam() As Variant) As ADODB.Recordset
'============================================================================
'submits a call to a stored procedure that returns table output parameters.
'out params are interpreted as ADODB.Recordset
'szSQL : SQL call to stored procedure
'InParam() : array of input parameter values
'OutParam() : array of output parameter values set in this function
'============================================================================
Dim qry As New ADODB.Command
Dim ParamIn As ADODB.Parameter
Dim ParamOut As ADODB.Parameter
Dim RS As ADODB.Recordset
Dim inti As Integer
Dim intj As Integer
Dim blnret As Boolean
Dim mErrors As New cErrors
Dim retVal As Double
'Dim itmp As Integer
Dim ParmType As DataTypeEnum
Dim i
On Error GoTo errGetSPResultSet
blnret = True
Set qry = New ADODB.Command
qry.ActiveConnection = mrdoCn
qry.CommandType = adCmdText
qry.CommandText = szSQL
'load rdoParameter object(s) from InParam array if InParam exists
For inti = 0 To UBound(InParam)
'qry.Parameters(i).Value = InParam(inti)
Set ParamIn = New ADODB.Parameter
Select Case TypeName(InParam(inti))
Case "Integer"
ParmType = adDouble
Case "Double"
ParmType = adDouble
Case "String"
ParmType = adChar
Case "Null"
ParmType = adDouble
Case "Date"
ParmType = adDate
Case "Long"
ParmType = adDouble 'jks 12/19/2002
End Select
Set ParamIn = qry.CreateParameter(ParamIn, ParmType, adParamInput)
ParamIn.Value = InParam(inti)
If TypeName(InParam(inti)) = "Null" Then
ParamIn.Size = 0
Else
ParamIn.Size = Len(InParam(inti))
End If
qry.Parameters.Append ParamIn
Next
For intj = 0 To UBound(OutParam)
Set ParamOut = New ADODB.Parameter
Select Case TypeName(OutParam(intj))
Case "Integer"
ParmType = adDouble
Case "Double"
ParmType = adDouble
Case "String"
ParmType = adChar
Case "Null"
ParmType = adEmpty
Case "Empty"
ParmType = adDouble
Case "Date"
ParmType = adDate
Case "Long"
ParmType = adDouble 'jks 12/19/2002
End Select
Set ParamOut = qry.CreateParameter(ParamOut, ParmType, adParamOutput, 255)
qry.Parameters.Append ParamOut
Next
'execute the stored procedure call
qry.Properties("PLSQLRSet") = True
Set RS = qry.Execute() 'rdOpenStatic, rdConcurReadOnly
qry.Properties("PLSQLRSet") = False'
For intj = 0 To UBound(OutParam)
OutParam(intj) = qry.Parameters.Item(inti)
inti = inti + 1
Next
If OutParam(0) <> 0 Then
If OutParam(0) = 999 Then
i = mErrors.DisplayError(Val(OutParam(0)), "SAM")
Else
MsgBox "Database returned error code " & OutParam(0) & "." & vbCrLf & " Unable to complete operation. "
End If
blnret = False
End If
If blnret Then
Set GetSPResultSet = RS
Else
Set GetSPResultSet = Nothing
End If
Set RS = Nothing
Set qry = Nothing
Set ParamIn = Nothing
Set ParamOut = Nothing
exitGetSPResultSet:
Exit Function
errGetSPResultSet:
blnret = ProcessError(Err)
If Not blnret Then Set GetSPResultSet = Nothing
Resume exitGetSPResultSet
End Function
The stored procedure is:
CREATE OR REPLACE PACKAGE BODY D5750PGM.PckPLAudit IS
PROCEDURE Sel_Smmry (
lo_res_cd out number,
LO_AUDIT_ID_TBL out pckclaudit.audit_id_tbl%type,
lo_audit_dt_tbl out pckclaudit.audit_dt_tbl%type,
lo_audit_type_tbl out pckclaudit.audit_type_tbl%type,
lo_audit_status_tbl out pckclaudit.audit_status_tbl%type,
lo_qty_selected_tbl out pckclaudit.audit_smmry_qty_tbl%type,
lo_qty_deselect_tbl out pckclaudit.audit_smmry_qty_tbl%type,
lo_qty_sent_tbl out pckclaudit.audit_smmry_qty_tbl%type,
lo_qty_follow_tbl out pckclaudit.audit_smmry_qty_tbl%type,
lo_qty_received_tbl out pckclaudit.audit_smmry_qty_tbl%type,
lo_qty_ncpl_tbl out pckclaudit.audit_smmry_qty_tbl%type,
lo_qty_security_tbl out pckclaudit.audit_smmry_qty_tbl%type,
lo_qty_closed_tbl out pckclaudit.audit_smmry_qty_tbl%type,
lo_qty_sentsec_tbl out pckclaudit.audit_smmry_qty_tbl%type,
lo_res_tbl out pcktbtable_type.res_tbl%type
IS
BEGIN
PckAudit.Sel_Smmry (pckclglobal.lg_pl_proc, lo_res_cd,
lo_audit_id_tbl,
lo_audit_dt_tbl,
lo_audit_type_tbl,
lo_audit_status_tbl,
lo_qty_selected_tbl,
lo_qty_deselect_tbl,
lo_qty_sent_tbl,
lo_qty_follow_tbl,
lo_qty_received_tbl,
lo_qty_ncpl_tbl,
lo_qty_security_tbl,
lo_qty_closed_tbl,
lo_qty_sentsec_tbl,
lo_res_tbl
END Sel_Smmry;
END PckPLAudit;
also, pckclaudit.audit_id_tbl%type is defined as
TYPE audit_id_tbl_type IS TABLE OF disb_audit.disb_audit_id%TYPE
INDEX BY BINARY_INTEGER ;
and disb_audit.disb_audit_id%TYPE is defined as
CREATE TABLE D5750.DISB_AUDIT
DISB_AUDIT_ID NUMBER(9,0) NOT NULL,
AUDIT_DT DATE NOT NULL,
AUDIT_CODE_TYPE_ID VARCHAR2(5) NOT NULL,
AUDIT_CODE_ID VARCHAR2(2) NOT NULL,
CRTN_ID VARCHAR2(8) NOT NULL,
CRTN_DT_TM DATE NOT NULL,
etc. -
PLS-00630: pipelined functions must have a supported collection return type
Hello, I created an TYPE of OBJECT and a PLSQL Function as shown below, but the function compilation errors with following. Not sure where is the issue?
PLS-00630: pipelined functions must have a supported collection return typeThis is on Oracle 10g r2
CREATE OR REPLACE TYPE cxs_plsql_profiler_object_type AS OBJECT (
cxs_object_name VARCHAR2 (128),
cxs_object_type VARCHAR2 (19),
cxs_object_status VARCHAR2 (7),
cxs_read_execution NUMBER,
cxs_buffer_gets NUMBER,
cxs_disk_reads NUMBER,
cxs_executions NUMBER,
cxs_sorts NUMBER,
cxs_sharable_mem NUMBER,
cxs_address NUMBER,
cxs_hashvalue NUMBER,
cxs_osuser VARCHAR2 (30),
cxs_username VARCHAR2 (30),
cxs_module VARCHAR2 (48),
cxs_machine VARCHAR2 (64),
cxs_status VARCHAR2 (8),
cxs_terminal VARCHAR2 (16),
cxs_percentconsume NUMBER,
cxs_percentrepeat NUMBER,
cxs_plan VARCHAR2 (120),
target_name VARCHAR2 (200),
referenced_name VARCHAR2 (200),
referenced_type VARCHAR2 (200),
targetowner VARCHAR2 (200),
refowner VARCHAR2 (200)
)and here is the API
FUNCTION CXS_GENERATE_PLSQL_PROFILER
RETURN cxs_plsql_profiler_object_type
PIPELINED IS
out_rec cxs_plsql_profiler_object_type ;
plsbatch plsql_batch;
skount integer;
dpendrec depend_tab;
dkount integer;
CURSOR objects
IS
SELECT object_name, object_type
FROM dba_objects
WHERE status = 'VALID'
AND owner NOT IN ('SYS', 'SYSTEM')
AND object_type IN ('PACKAGE', 'PROCEDURE', 'FUNCTION');
CURSOR apis (p_object dba_objects.object_name%TYPE)
IS
SELECT DISTINCT *
FROM (SELECT SUBSTR (a.sql_text, 1, 50) sql_text,
TRUNC
( a.disk_reads
/ DECODE (a.executions,
0, 1,
a.executions
) reads_per_execution,
a.buffer_gets, a.disk_reads, a.executions,
a.sorts, a.sharable_mem, a.address,
a.hash_value, b.osuser, b.username,
b.module, b.machine, b.status, b.terminal,
ROUND
(cxs_db_info.kompute_percentofsql
(a.sharable_mem),
5
) percentkonsume,
cxs_db_info.kount_repeat
(b.osuser,
b.terminal
) percentr,
c.operation explainplan
FROM v$sqlarea a, v$session b, v$sql_plan c
WHERE b.sql_hash_value = a.hash_value
AND b.sql_address = a.address
AND a.hash_value = c.hash_value
AND a.address = c.address
AND b.status = 'ACTIVE'
AND UPPER (a.sql_text) LIKE
'%' || p_object || '%'
AND c.ID = 0
ORDER BY 2 DESC)
WHERE ROWNUM <= 50; --profile option
BEGIN
skount := 0;
dkount := 0;
FOR i IN objects
LOOP
FOR j IN apis (i.object_name)
LOOP
skount := skount + 1;
plsbatch(skount).cxs_object_name := i.object_name;
plsbatch(skount).cxs_object_type := i.object_type;
plsbatch(skount).cxs_object_status := i.object_status;
plsbatch(skount).cxs_read_execution := j.reads_per_execution;
plsbatch(skount).cxs_buffer_gets := j.buffer_gets;
plsbatch(skount).cxs_disk_reads := j.disk_reads;
plsbatch(skount).cxs_executions := j.executions;
plsbatch(skount).cxs_sorts := j.sorts;
plsbatch(skount).cxs_sharable_mem := j.sharable_mem;
plsbatch(skount).cxs_address := j.address;
plsbatch(skount).cxs_hashvalue := j.hashvalue;
plsbatch(skount).cxs_osuser := j.osuser;
plsbatch(skount).cxs_username := j.username;
plsbatch(skount).cxs_module := j.module;
plsbatch(skount).cxs_machine := j.machine;
plsbatch(skount).cxs_status := j.status;
plsbatch(skount).cxs_terminal := j.terminal;
plsbatch(skount).cxs_percentconsume := j.percentconsume;
plsbatch(skount).cxs_percentrepeat := j.percentrepeat;
plsbatch(skount).cxs_plan := j.explainplan;
END LOOP;
FOR dd IN dpend (i.object_name)
LOOP
dkount := dkount + 1;
dependrec (dkount).target_name := dd.NAME;
dependrec (dkount).refname := dd.referenced_name;
dependrec (dkount).reftype := dd.referenced_type;
dependrec (dkount).target_owner := dd.owner;
dependrec (dkount).refowner := dd.referenced_owner;
END LOOP;
END LOOP;
for a in 1..skount loop
out_rec.cxs_object_type := plsbatch(a).object_type;
out_rec.cxs_object_status := plsbatch(a).object_status;
out_rec.cxs_read_execution := plsbatch(a).reads_per_execution;
out_rec.cxs_buffer_gets := plsbatch(a).buffer_gets;
out_rec.cxs_disk_reads := plsbatch(a).disk_reads;
out_rec.cxs_executions := plsbatch(a).executions;
out_rec.cxs_sorts := plsbatch(a).sorts;
out_rec.cxs_sharable_mem := plsbatch(a).sharable_mem;
out_rec.cxs_address := plsbatch(a).address;
out_rec.cxs_hashvalue := plsbatch(a).hashvalue;
out_rec.cxs_osuser := plsbatch(a).osuser;
out_rec.cxs_username := plsbatch(a).username;
out_rec.cxs_module := plsbatch(a).module;
out_rec.cxs_machine := plsbatch(a).machine;
out_rec.cxs_status := plsbatch(a).status;
out_rec.cxs_terminal := plsbatch(a).terminal;
out_rec.cxs_percentconsume := plsbatch(a).percentconsume;
out_rec.cxs_percentrepeat := plsbatch(a).percentrepeat;
out_rec.cxs_plan := plsbatch(a).explainplan;
PIPE ROW(out_rec);
end loop;
for b in 1..dkount loop
out_rec.target_name := dd.NAME;
out_rec.refname := dependrec (b).referenced_name;
out_rec.reftype := dependrec (b).referenced_type;
out_rec.target_owner := dependrec (b).owner;
out_rec.refowner := dependrec (b).referenced_owner;
PIPE ROW(out_rec);
end loop;
RETURN;
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(DBMS_UTILITY.format_error_backtrace);
DBMS_OUTPUT.PUT_LINE(SQLCODE);
DBMS_OUTPUT.PUT_LINE(SQLERRM);
END; and below are tradtional table types that are used in code above.
TYPE type_plsql_rec IS RECORD (
cxs_object_name VARCHAR2 (128),
cxs_object_type VARCHAR2 (19),
cxs_object_status VARCHAR2 (7),
cxs_read_execution NUMBER,
cxs_buffer_gets NUMBER,
cxs_disk_reads NUMBER,
cxs_executions NUMBER,
cxs_sorts NUMBER,
cxs_sharable_mem NUMBER,
cxs_address NUMBER,
cxs_hashvalue NUMBER,
cxs_osuser VARCHAR2 (30),
cxs_username VARCHAR2 (30),
cxs_module VARCHAR2 (48),
cxs_machine VARCHAR2 (64),
cxs_status VARCHAR2 (8),
cxs_terminal VARCHAR2 (16),
cxs_percentconsume NUMBER,
cxs_percentrepeat NUMBER,
cxs_plan VARCHAR2 (120)
TYPE plsql_batch IS TABLE OF type_plsql_rec
INDEX BY BINARY_INTEGER;
TYPE type_depend_tab IS RECORD (
target_name dba_dependencies.NAME%TYPE,
refname dba_dependencies.referenced_name%TYPE,
reftype dba_dependencies.referenced_type%TYPE,
target_owner dba_dependencies.owner%TYPE,
refowner dba_dependencies.referenced_owner%TYPE
TYPE depend_tab IS TABLE OF type_depend_tab
INDEX BY BINARY_INTEGER;
Thank you for your time in reading this post
RThank you Billy and Saubhik,
I have followed your guidelines and was able to resolve this error. Now, after successfully compiling the code, I attempted to execute it in a following way.
SELECT * FROM TABLE (cxs_generate_plsql_profiler);It gives following error: ORA-00904: "CXS_GENERATE_PLSQL_PROFILER": invalid identifier
I also tried putting in quotes like below
SELECT * FROM TABLE ('cxs_generate_plsql_profiler');Then, it gives following error:
ORA-22905: cannot access rows from a non-nested table item
Any Idea where I am doing wrong?
Thanks,
R -
Unit test, how to test a function which returns a PL/SQL table.
I've got the following type definition:
create or replace type method_tbl as table of varchar2(255);
/I've got the following function
function abc(p_param1 in varchar2) return method_tbl;When I create a unit test for this I am not able to specify what the table should contain on return of the function, all I can see is an empty table. Which is off course one of the unit tests. But I also want to test where the table that is returned contains a number of rows.
Is there something that I'm missing?
Typically the function is called like this:
select * from table(abc('a'));Thanks,
Ronald>
When I create a unit test for this I am not able to specify what the table should contain on return of the function, all I can see is an empty table. Which is off course one of the unit tests. But I also want to test where the table that is returned contains a number of rows.
Is there something that I'm missing?
>
You will have to create a collection that represents the result set and then compare that to the actual result set.
Assuming tables A and B you would typically have to do
1. SELECT * FROM A MINUS SELECT * FROM B -- what is in A that is NOT in B
2. SELECT * FROM B MINUS SELECT * FROM A -- what is in B that is NOT in A
You could combine those two queries into one with a UNION ALL but since the results are tables and the comparison is more complex it is common to write a function to determine the comparison result.
Here is sample code that shows how to create an expected result collection.
DECLARE
expectedItemList sys.OdciVarchar2List;
functionItemList sys.OdciVarchar2List;
newItemList sys.OdciVarchar2List;
expectedCount INTEGER;
countFunctionItemList INTEGER;
BEGIN
expectedItemList := sys.OdciVarchar2List('car','apple','orange','banana','kiwi');
expectedCount := 5; -- or query to count them
functionItemList := sys.OdciVarchar2List('car','apple','orange','peanut');
-- use your function to get the records
-- select * from myFunctino BULK COLLECT INTO functionItemList
IF functionItemList.count != expectedCount THEN
DBMS_OUTPUT.PUT_LINE('Count is ' || functionItemList.count || ' but should be ' || expectedCount);
END IF;
END;
Count is 4 but should be 5If the collections are the same type you can use the MULTISET operators.
See Solomon's reply in this thread for how to use the MULTISET operators on collections.
PLS-00306: wrong number or type of argument in call to 'MULTISET_UNION_ALL'
See MultisetOperators in the SQL Reference doc
http://docs.oracle.com/cd/B13789_01/server.101/b10759/operators006.htm
>
Multiset operators combine the results of two nested tables into a single nested table. -
NESTED Tables for Sub-types when creating table for Super-type
If I create the following types, as an example:
Person with subtypes: Employee and Customer
Appointment
CREATE OR REPLACE TYPE Person_OT AS OBJECT (
person# NUMBER,
personSurname VARCHAR2(50),
personForenames VARCHAR2(50),
personDateOfBirth DATE,
personAddress Address_OT,
) NOT FINAL ;
CREATE OR REPLACE TYPE Employee UNDER Person_OT (
empSalary NUMBER,
empNoSales NUMBER,
makes Appointment_List_OT
) FINAL ;
CREATE OR REPLACE TYPE Appointment_OT AS OBJECT (
some attributes
CREATE OR REPLACE TYPE Appointment_List_OT AS TABLE OF REF Appointment_OT ;
When creating the table to hold objects of Person type, how can the requisite nested table for representing 'makes' be declared? The below approach is not correct, however the table will not compile without naming the nested tables.
CREATE TABLE Person_TBL OF Person_OT (
Person# PRIMARY KEY)
NESTED TABLE makes STORE AS Appointment_List_NTBL;
Advice very much appreciated!CREATE TABLE Person_TBL OF Person_OT(
Person# PRIMARY KEY)
NESTED TABLE TREAT(SYS_NC_ROWINFO$ AS EMPLOYEE).MAKES STORE AS Appointment_List_NTBL
Table created.
SQL> select * from user_nested_tables
2 /
TABLE_NAME TABLE_TYPE_OWNER
TABLE_TYPE_NAME PARENT_TABLE_NAME
PARENT_TABLE_COLUMN
STORAGE_SPEC RETURN_TYPE ELEMENT_SUBSTITUTABLE
APPOINTMENT_LIST_NTBL SCOTT
APPOINTMENT_LIST_OT PERSON_TBL
TREAT(SYS_NC_ROWINFO$ AS "SCOTT"."EMPLOYEE")."MAKES"
DEFAULT VALUE N
SQL> SY. -
No support for content-type in response header?
When loading both movies and images Strobe Media Playback does not recognize content-type from the response header.I can't find any documentation for this, but when i look in the source code, there sees to be support for this kind of metadata. For example in the "canHandelResource" function for ImageLoader has a "MIME_TYPES_SUPPORTED" vector that contains the type "image/jpeg". I can't see way, but this function is always falling back to checking the URL for file extensions.
override public function canHandleResource(resource:MediaResourceBase):Boolean
var rt:int = MediaTypeUtil.checkMetadataMatchWithResource(resource, MEDIA_TYPES_SUPPORTED, MIME_TYPES_SUPPORTED);
if (rt != MediaTypeUtil.METADATA_MATCH_UNKNOWN)
return rt == MediaTypeUtil.METADATA_MATCH_FOUND;
var urlResource:URLResource = resource as URLResource;
if (urlResource != null &&
urlResource.url != null)
var url:URL = new URL(urlResource.url);
return (url.path.search(/\.gif$|\.jpg$|\.png$/i) != -1);
return false;
This makes it impossible to load an image (or movie) from a web-service that don't contain a file extension. Even though the response header from the request contains the correct "Content-type". Example response header:
Date: Wed, 13 Jul 2011 08:07:26 GMT
Server: Apache/2.2.17 (Unix)
Cache-Control: max-age=60
Expires: Wed, 13 Jul 2011 08:08:26 GMT
Content-Length: 34010
Content-Type: image/jpeg
X-Pad: avoid browser bug
200 OK
Anybody that know way this is the case?There is no need for a constructor when all attributes are assigned.Unless there is a date value, apparently ;)
It also works if you explicitly <tt>CAST(SYSDATE AS DATE)</tt> so perhaps the internal limitation is to do with the two internal DATE types (type 12 and 13, if you check DUMP output). -
Will there be support for types other than those listed when one uses the "create table" tool (or APIs to create other types)? For instance, it would be nice to see support for SDO_GEOMETRY when creating tables.
Thank you in advance.
-JustinWell in the create dialog for a table you can type in your data type. However, the display of those datatype will not all be there in 1.0.
-kris
Maybe you are looking for
-
Can't get FCKeditorAPI to load to validate HTML Editor contents
I have an HTML Editor item on my page and wanted to quickly check the length of the text in the editor before submitting the page. It should be possible to get the contents of the HTML Editor using the FCKeditorAPI, but I can't get it to load. I'm do
-
Hello I want make a static Table, a dynamic is not necessary. The person who fill out the form, should be able to do this over more than one page. But I don't know how to make the SAME table over one page?! I have no data link in this table, it shoul
-
Where is the Magic Wand tool in Photoshop CS6?
Desperately need it for a project I'm working on, and seeing as I'm currently going through the painful process of moving from Coral Paint Shop Pro to Photoshop this is slowing it down no end.
-
My Safary 5.1.10 (os x 10.6.8) doesn't work properly
for the last 5 months its getting slower and slower, if i watch a video it will stop after a few seconds and if I open a second page it freezes. what should i do?
-
Issues in installing SAP HANA cloud platform tools
Hello Experts, I am new to AiE/HANA tools. I am trying to install SAP HANA cloud platform tools, but adding the URL Eclipse Kepler (4.3), URL: https://tools.hana.ondemand.com/kepler in the Eclipse menu. However, I get the 'This repository is currentl