9 Replies Latest reply: Apr 17, 2012 1:29 PM by jschellSomeoneStoleMyAlias RSS

    Authentication failure to be returned from Oracle 11g takes 10 seconds

    929783

      Hi,

      We are using the ojdbc5.jar from a 1.5 JVM to connect to a oracle 11g instance.

      When the password is changed on teh oracle database, the java application (both JSE and JEE) receive the reply after 10 secs. This is a bit too strange for us.

      When i work with a JRE 1.6 and ojdbc6.jar i receive this SQL exception (of login denied ) in about 0.001 seconds.

      We started with a application server using a Data source and to narrow down the problem we went wtih a simple application using the driver manager impl and the result was the same. 10 secs to receive this error message.

      Are there are any fixes to the ojdb5.jar shipped with oracle 11g?

      Is there any configuration that we need to touch on the database (not likely as ojdbc6.jar gives us quick answers)?

      Appreciate some inputs

      Thanks
      Ganesh

      Edited by: 926780 on 13-Apr-2012 00:46

        • 1. Re: Authentication failure to be returned from Oracle 11g takes 10 seconds
          929783
          We tried using the setLoginTimeout and that did not seem to have any effect.

          We are tring to play with the oracle.net.CONNECT_TIMEOUT and READ_TIMETOUT which does seem to work but what we are after is the Login time out.

          Appreciate any pointers.
          • 2. Re: Authentication failure to be returned from Oracle 11g takes 10 seconds
            jschellSomeoneStoleMyAlias
            926780 wrote:
            ...we went wtih a simple application using the driver manager impl and the result was the same. 10 secs to receive this error message.
            Possibilities that I can think of are...
            1. Bug in jdbc driver
            2. Expected behavior in jdbc driver
            3. You are using some option in connection string that is just odd
            4. You have misreported the problem here or in some way your test scenario is wrong.

            In terms of a solution if it is 1/2 you know when you are changing the password and you shouldn't be doing it all the time so provide a hook into your application that makes it discard all connections appropriately so you don't experience the delay.
            • 3. Re: Authentication failure to be returned from Oracle 11g takes 10 seconds
              929783
              Hi

              Thanks.

              I did my due-diligence, before seeking inputs here. I will rethink again but i don't believe 4 is a possibility. As part of due-diligence i used DBVisualizer to make a connection to Oracle with ojdbc5 drivers and observed the same 10 sec response.

              1 and 2 are interesting. Where can i find the latest version of ojdbc5.jar? I can't seem to find them and this surprised me.

              I haven't tinkered with the default options and this is issue is observed with the default values.

              I agree that changing the password is not a good idea but the corporate policies do place restrictions on how long a password can remain unchanged etc.

              Also notice that there is no connection to discard in this test case, as i am re-starting servers and there is no connection in the pool to be discarded. Even in the case of a running server, the application server can destroy all the connections in the pool but you have to change the password in the application server and bounce the application server for the changes to take effect.

              Thanks
              Ganesh
              • 4. Re: Authentication failure to be returned from Oracle 11g takes 10 seconds
                EJP
                I believe the 'latest version of odbc5.jar' is actually odbc6.jar. I don't know where the download is but you should be able to find it easily enough. However I doubt that this is the problem. Can you sniff the network to see where the time is going?
                • 5. Re: Authentication failure to be returned from Oracle 11g takes 10 seconds
                  929783
                  Hi EJP

                  The ojdb6.jar is for JDK 1.6. My app server runs on JDK 1.5 so i am constrained to use the ojdbc5.

                  I will try and use some sniffers to see what is happening at TCP level . Thanks for the suggestion.

                  Cheers
                  Ganesh
                  • 6. Re: Authentication failure to be returned from Oracle 11g takes 10 seconds
                    rp0428
                    >
                    The ojdb6.jar is for JDK 1.6. My app server runs on JDK 1.5 so i am constrained to use the ojdbc5.
                    >
                    The official FAQ has the driver and jdk support info and a link to the download page for the drivers.
                    http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-faq-090281.html#02_02
                    >
                    When the password is changed on teh oracle database, the java application (both JSE and JEE) receive the reply after 10 secs.
                    >
                    What do you mean when the password is changed on the oracle database? Are you changing the password 'on' the database? Or using Java code to change the password?

                    Please provide the exact steps you are using.
                    • 7. Re: Authentication failure to be returned from Oracle 11g takes 10 seconds
                      929783
                      Hi,

                      The passwords are changed for the users on the database by the Oracle DBAs. They make these changes based on the corporate rules in this space.

                      The application (and the server) is what we control.

                      Hope that makes things clearer.

                      Cheers
                      Ganesh
                      • 8. Re: Authentication failure to be returned from Oracle 11g takes 10 seconds
                        gimbal2
                        926780 wrote:
                        Hi,

                        The passwords are changed for the users on the database by the Oracle DBAs. They make these changes based on the corporate rules in this space.

                        The application (and the server) is what we control.

                        Hope that makes things clearer.

                        Cheers
                        Ganesh
                        So its a communication problem. Not everything can be solved through code, when they change the passwords that needs to be communicated as a service ticket, that service ticket needs to be picked up by service engineers (for example: you) and as a result the software needs to be adapted.

                        Right now you have automated chaos, you can't make it any more pretty than that. So fix it at the root, or live with it.
                        • 9. Re: Authentication failure to be returned from Oracle 11g takes 10 seconds
                          jschellSomeoneStoleMyAlias
                          926780 wrote:
                          Hi

                          Thanks.

                          I did my due-diligence, before seeking inputs here. I will rethink again but i don't believe 4 is a possibility. As part of due-diligence i used DBVisualizer to make a connection to Oracle with ojdbc5 drivers and observed the same 10 sec response.

                          1 and 2 are interesting. Where can i find the latest version of ojdbc5.jar? I can't seem to find them and this surprised me.

                          I haven't tinkered with the default options and this is issue is observed with the default values.

                          I agree that changing the password is not a good idea but the corporate policies do place restrictions on how long a password can remain unchanged etc.

                          Also notice that there is no connection to discard in this test case, as i am re-starting servers and there is no connection in the pool to be discarded. Even in the case of a running server, the application server can destroy all the connections in the pool but you have to change the password in the application server and bounce the application server for the changes to take effect.
                          You first post said nothing about restarting anything.

                          If and ONLY IF you have the following scenario...
                          1. You run a JDBC only application (_NO_ application servers, no JEE servers, no pools, etc) using a jdbc driver
                          2. You run the app and it connects successfully (less than a second.)
                          3. The pwd is changed.
                          4. You restart the application.
                          5. It takes 10 seconds to connect.

                          Then this is not a java issue. At best it is jdbc driver issue. The only way it can be a jdbc drive issue is if you are using the OCI driver.

                          If you are using the thin driver then it CANNOT be a driver issue.

                          Now if all of the above is true and you are using the thin driver then if it was me I would be rather certain that it was one of the following
                          1. Some configuration option in Oracle is tying new connections to the old user/pwd.
                          2. Some network infrastructure is keeping some sort of tunneled IP route open and it is reusing it (this is like fantasy land stuff but something is impact that traffic route so might as well look for the impossible.)

                          On the other hand if you are using OCI then I would expect that it is caching something somewhere and there is probably an option to make it stop doing that.

                          Alternatively if your scenario is not exactly as I outlined above then you need to explain in detail exactly what your scenario is.