ORA-28040: No matching authentication protocol error

We have got following error in Application logs and we were made to cross-check our JVM settings.

ERROR [2016-06-06 03:32:55,521]|[server.startup : 1]|[null]|getConnection
java.sql.SQLException: ORA-28040: No matching authentication protocol
DSRA0010E: SQL State = 99999, Error Code = 28,040
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:441)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOSESSKEY(T4CTTIoauthenticate.java:404)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:385)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:546)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:236)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:280)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:207)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:139)

It was determined that removing JVM parameter -Doracle.jdbc.thinLogonCapability=o3 will fix the ORA-28040: No matching authentication protocol error. I remembered that we added this JVM parameter for certain applications during the WebSphere 7 upgrade. The problem was that certain applications running on WebSphere 7 with JDK 1.6 and ojdbc6.jar was not able to login to the Database. This was because of an Oracle driver “issue” when dealing with external 3rd party JCE libraries such as BouncyCastle.

How to access Tomcat Manager from Eclipse

It has been observed that Tomcat Manager is not accessible after starting the Tomcat Server from Eclipse. Even after doing changes in file – $TOMCAT_HOME/conf/tomcat-users.xml changes are not getting reflected back.

Therefore, we need to configure Eclipse to take control over from Tomcat, we need to do double-click the Tomcat Server entry in Servers tab and then we will get the server configuration. At the left column, under Server Locations, select Use Tomcat installations (If it is grayed-out then delete the Server and add it again). This way Eclipse will take full control over Tomcat and we will be able to access the default Tomcat homepage with the Tomcat Manager when running from inside Eclipse.

Configuration to access Tomcat Manager from Eclipse
Configuration to access Tomcat Manager from Eclipse

Note: Above stated configuration is validated on Apache-Tomcat-8.0.33

How to enable Tomcat Manager

To access the Tomcat Manager page, we need to define users in file – $TOMCAT_HOME/conf/tomcat-users.xml. By default, there is NO user which means that no one can access the Tomcat Manager page.

To access the above mentioned page, we need to add a user(s) as the role “manager-gui”

	<role rolename="manager-gui"/>
	<user username="admin" password="admin" roles="manager-gui"/>

Once done then save the file and restart the Tomcat Server and we should able to access the default manager page (http://localhost:8080/manager) with user = “admin” and password = “admin”

Note: Above stated configuration is validated on Apache-Tomcat-8.0.33