Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Search our knowledge base, curated by global Support, for answers ranging from account questions to troubleshooting error messages.
When using Talend Studio, you may encounter the following error while attempting to open a remote project or apply a patch update:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This error typically arises due to a missing or untrusted certificate in the Java keystore required to establish a secure connection. This article provides step-by-step instructions to resolve this issue in two common scenarios:
Verify Java Version:
Download and Install the Required CA Certificate:
Import the CA Certificate into Java Keystore:
Locate the cacerts file (typically at <JAVA_HOME>/jre/lib/security/cacerts).
Open a command prompt or terminal and navigate to the directory containing your cacerts file.
Use the keytool command to import the certificate:
keytool -import -alias <alias_name> -file <path_to_certificate_file> -keystore <path_to_your_jdk>/jre/lib/security/cacerts
Replace:
When prompted, enter the keystore password (default is changeit).
Verify the Import:
List the certificates in the cacerts file using:
keytool -list -v -keystore <path_to_your_jdk>/jre/lib/security/cacerts
Ensure the imported certificate appears in the list.
Verify Java Version:
Download Required CA Certificate:
Import the Certificate into Java Keystore:
Configure Talend Studio to Use the Updated Keystore:
Add the following JVM argument to your Talend Studio talend.ini file:
-Djavax.net.ssl.trustStore=<path_to_your_jdk>/jre/lib/security/cacerts
Replace <path_to_your_jdk> with the path to your JDK installation.
If you are operating behind a corporate proxy, you may need to import the proxy server's SSL certificate into your Java keystore. Similarly, any specific corporate firewall rules that could be blocking connections to Talend Cloud should be reviewed and configured to allow necessary traffic.
The eclipse OSGi framework was unable to promptly identify the installed CommandLine module.
To resolve this issue, a retry mechanism should be implemented to ensure its functionality.
Add -Dinstall.org.eclipse.equinox.p2.transport.ecf.retry=10 after mvn command.
mvn org.talend.ci:builder-maven-plugin:8.0.16:generateAllPoms \
-Dtalend.studio.p2.update='/opt/Patch_20240621_R2024-06_v1-8.0.1' \
-Dlicense.path='/opt/license' \
-Dinstaller.clean=true \
-Dstudio.error.on.component.missing=false \
-Dinstall.org.eclipse.equinox.p2.transport.ecf.retry=10 \
-s ${TALEND_SETTINGS_XML}
When customer is trying to connect to Mysql 8 DB on Talend 8 R2024-05 it is giving the below error:
===============
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:842)
at java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:821)
===============
Customer is using MySQL Driver: mysql-connector-java-8.0.12.jar
It seems that it is a bug with the MySQL driver. It looks like sql drivers 8.0.16 and below are affected.
https://bugs.mysql.com/bug.php?id=93590
https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/news-8-0-16.html
https://bugs.mysql.com/bug.php?id=93590
https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/news-8-0-16.html
The BigQuery component encountered an error, which reads:
"BigQueryException: Connection has closed: javax.net.ssl.SSLException: Connection reset."
The error "BigQueryException: Connection has closed: javax.net.ssl.SSLException: Connection reset" typically signifies that the network connection to BigQuery was unexpectedly terminated. This could be due to various network issues, such as transient disruptions or restrictive network configurations like firewalls or proxies that terminate idle connections.
Here are some strategies to manage and potentially resolve this issue:
Implement a Retry Mechanism:
Use a retry mechanism (tBigQueryXxx-->onSubjobError-->) with exponential backoff to handle connection resets gracefully. When a connection reset occurs, catch the exception, wait for a progressively increasing interval, and then retry the operation. This is especially useful for transient network issues.
Review Firewall and Proxy Configurations:
Ensure that all firewalls and proxy servers within your network path are properly configured to permit long-lived connections necessary for your BigQuery operations. These systems may be closing connections that remain idle for an extended period.
Batch Processing with Pagination:
Instead of attempting to load all results at once, consider breaking your query into smaller chunks. You can modify your query to retrieve subsets of the data and process each subset separately. This approach limits the impact of any single query failure.
{error":"Migration failed, please see migraion logs for more details.","returnCode":1}
Upon reviewing the migration logs, noticed the following error.
Can't create Quartz tables: org.hibernate.exception.SQLGrammarException: could not execute statement
database schema migration failed.
javax.persistence.PersistenceException: org.hibernate.exception.SQLGrammarException: could not execute statement
at org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:154)
at org.talend.migration.quartz.QuartzMigrationUtils.<init>(QuartzMigrationUtils.java:79)
at org.talend.migration.TalendMigrationApplication.call(TalendMigrationApplication.java:320)
at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:103)
org.hibernate.engine.query.spi.NativeSQLQueryPlan.performExecuteUpdate(NativeSQLQueryPlan.java:10)
at org.hibernate.internal.SessionImpl.executeNativeUpdate(SessionImpl.java:1509)
at
Caused by: org.postgresql.util.PSQLException: ERROR: relation "qrtz_job_details" already exists
at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2725)
Note: Quartz can store Job and scheduling information in a relational database and quartz can automatically create tables with initialize-schema
Verify the list of database tables and rename or drop any tables that contain the prefix "qrtz" in their names.
Migrating database X to database Y
What does each table for quartz scheduler signify?
A task containing tMysqlOutput component, which performs insert/update operations, has been blocked/suspended due to a PAGEIOLATCH_SH wait type status and has been pending for several hours.
Often reasons for excessive PAGEIOLATCH_SH wait type are:
To resolve the issue of high PAGEIOLATCH_SH wait type, you can check the following:
Always keep in mind that in case of high safety Mirroring or synchronous-commit availability in AlwaysOn AG, increased/excessive PAGEIOLATCH_SH can be expected.
Based on the SQL query check we figured out the avg_fragmentation_in_percent showing 90%+ , which means the index is maintenance badly.
USE DBName;
GO
-- Find the average fragmentation percentage of all indexes
-- in the HumanResources.Employee table.
SELECT a.index_id, name, avg_fragmentation_in_percent
FROM sys.dm_db_index_physical_stats (DB_ID(N'DBName'),
OBJECT_ID(N'dbo.TableName'), NULL, NULL, NULL) AS a
JOIN sys.indexes AS b
ON a.object_id = b.object_id AND a.index_id = b.index_id;
GO
==Detecting Fragmentation==
The first step in deciding which defragmentation method to use is to analyze the index to determine the degree of fragmentation. By using the system function sys.dm_db_index_physical_stats, you can detect fragmentation in a specific index, all indexes on a table or indexed view, all indexes in a database, or all indexes in all databases. For partitioned indexes, sys.dm_db_index_physical_stats also provides fragmentation information for each partition.
The result set returned by the sys.dm_db_index_physical_stats function includes the following columns.
Column | Description |
---|---|
avg_fragmentation_in_percent | The percent of logical fragmentation (out-of-order pages in the index) |
fragment_count | The number of fragments (physically consecutive leaf pages) in the index |
avg_fragment_size_in_pages | Average number of pages in one fragment in an index |
avg_fragmentation_in_percent value | Corrective statement |
---|---|
> 5% and < = 30% | ALTER INDEX REORGANIZE |
> 30% | ALTER INDEX REBUILD WITH (ONLINE = ON)* |
* Rebuilding an index can be executed online or offline. Reorganizing an index is always executed online. To achieve availability similar to the reorganize option, you should rebuild indexes online.
These values provide a rough guideline for determining the point at which you should switch between ALTER INDEX REORGANIZE and ALTER INDEX REBUILD. However, the actual values may vary from case to case. It is important that you experiment to determine the best threshold for your environment. Very low levels of fragmentation (less than 5 percent) should not be addressed by either of these commands because the benefit from removing such a small amount of fragmentation is almost always vastly outweighed by the cost of reorganizing or rebuilding the index.
In general, fragmentation on small indexes is often not controllable. The pages of small indexes are sometimes stored on mixed extents. Mixed extents are shared by up to eight objects, so the fragmentation in a small index might not be reduced after reorganizing or rebuilding the index.
Question
How do you update the image used in the Preview Picture section in the HTML that is created when selecting Generate Doc as HTML?
You can update the image by editing the job in the designer view and then saving it.
For example, if you place a random component in the job designer, save the job, and select Generate Doc as HTML, the image used in the Preview Picture section will update showing the newest image of your job.
If you are looking for how to generate detailed documentation in HTML of the Jobs or Routes, please refer to Qlik Talend Official Documentation for more information.
Generating-html-documentation
The documentation of Talend Data Catalog v8.1 states that:
In fact, HA deployment is only available on the MM most advanced edition as the license stored in the shared database must be enabled to support both the Active and Passive servers (obviously on different host ids).
To be more precise, only the "Advanced Plus" version (the Data Governance version in v8.1) supports HA mode.
Talend Data Catalog High Availability Considerations
When the runtime network environment is strictly restricted and the network firewall exception cannot be opened for repo1.maven.org, it leads to unresolved jar dependencies, causing service deployment failure and generating "Unable to resolve xxx.jar" errors in <Talend Runtime Home>/log/tesb.log.
Download the jar locally and upload it to correct folder following maven2 structure, as Talend Runtime will use local maven cache to copy needed jars into <Talend Runtime Home>/system folder.
For each jar download, use a centralized network control.
Then, Talend Runtime can use this mirror repo to access dependency jars.
Strict network control from Talend Runtime server.
The task was published from Talend Studio using Java 17. The project properties within Talend Studio is currently set to Java 17 compatibility mode, and the Remote Engine is also utilizing Java 17. Nevertheless, the execution summary of the task indicates that Java 8 is being used.
The environmental setting JAVA_HOME of the Remote Engine from which it run is set for Java 8 home path. Some servers require multiple Java environments and have the Remote Engine's JDK set in the <Remote Engine Installation Home>/bin/setenv or the <Remote Engine Installation Home>/etc/wrapper file. The Job launcher will take it's lead from JAVA_HOME, thereby causing the Job to execute with Java 8.
org.talend.remote.jobserver.commons.config.JobServerConfiguration.JOB_LAUNCHER_PATH=/<JDK HOME>/bin/java
When running the Talend Installer with root user and sudo permission, the installation failed with an error:
Error: There has been an error.
Error running /bin/sh -c "/tmp/create_user_4ce8b0db.sh" : /bin/sh: /tmp/create_user_4ce8b0db.sh: Permission denied
Collaborate with the Linux administrator to temporarily remove nonexec from /etc/fstab, and once the installation is complete, you may reactivate the nonexec option out of security concern.
The /tmp folder was mounted with the nonexec option, which disables execution. By default, Talend will use the /tmp folder to extract the temporary installer file for execution.
To verify this, you can type
cat /etc/fstab
and find the line for
/dev/mapper/vgroot-lvtmp /tmp xfs nodev,nosuid,noexec 0 0.
Cannot publish a Job to Talend Cloud from Talend Studio, the following message appears on the pop-up in Talend Studio:
Could not resolve dependencies for project <Project>.job:<JOB>:jar:0.1.0: The following artifacts could not be resolved: <Project>_jobs.code:routines:jar:8.0.1 (absent): Cannot access central (https://repo1.maven.org/maven2/) in offline mode and the artifact org.example.mse_jobs.code:routines:jar:8.0.1 has not been downloaded from it before. -> [Help 1]
Cause 1
Cause 2
Solution 1
Solution 2
Please note that merely editing the <Talend_Studio_Home>/path/Talend-Studio-xxx.ini file may not be sufficient. In cases where you are launching via a Windows/Mac/Linux GUI shortcut, please ensure that the -vm option is configured to point to the Java 17 bin.
On the Servers page of Talend Administration Center, the status of servers listed shows as:
UP, but the MonitoringPort is misconfigured
When this error occurs, please check the following:
Verify the Runtime status and ensure that the MonitoringPort is not misconfigured in the TalendJobserver.properties files located in the <installation_folder>/agent/conf directory.
Typically, this issue arises when multiple Talend JobServer/Runtime are using the same port. If this is the case, modify the MonitoringPort so that the same Monitoring port is not being used by more than one process and then restart Talend JobServer/Runtime.
When attempting to install Talend on Windows or Linux, the following error appears.
Unrecognized VM option 'UseConcMarkSweepGC'
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
Note: The UseConcMarkSweepGC garbage collector option has been deprecated and subsequently removed in the latest versions of Java, starting from Java 14.
In general, this error indicates that you are attempting to run the installer in an environment with Java 15 or a later version. While you have specified Java 8 as your version, it is possible that this setting is not system-wide, but rather specific to your user environment.
Please ensure that the %JAVA_HOME% variable in the system environment is pointing to the correct version.
Additionally, kindly confirm that you are using a JDK version that is supported by Talend.
Besides setting and exporting the JAVA_HOME System Variable, it is also recommended to update the PATH environment variable to include the Java bin directory.
CICD build Job fails with the below message:
Failed to execute goal on project: Could not resolve dependencies for project
Solution 1
Solution 2
Qlik Talend Data Integration: CICD build fails and shows an error in the Maven log
If you utilize the aws-java-sdk to customize utility classes under Repository-->Code -> Routines and use this customized class within the components such as tJava / tJavaRow etc, please be aware that the aws-java-sdk is an all-in-one JAR. You might overlook the significance of SDK modularity and opt for an all-in-one JAR, potentially leading to the adverse effects detailed in the article.
1. Increased Application Size:
The all-in-one JAR bundles all AWS service SDKs together, significantly increasing the size of your application. This results in larger deployment artifacts, slower download times, and increased storage consumption, due to the increased size of the Job design (aws-java-sdk.jar: 100-400MB), thereby intensifying the network transfer burden for deployment.
2.Higher Memory Usage:
During application startup, loading the all-in-one JAR into memory demands additional memory, as all AWS service classes are loaded, including those not in use. This can result in increased memory consumption and footprint, and may lead to out-of-memory errors in resource-constrained environments.
3.Reduced Modularity and Flexibility:
Using the all-in-one JAR reduces the modularity of your application. It limits your ability to customize or optimize the inclusion of specific AWS services, leading to a less flexible and maintainable codebase.
Instead of including the entire aws-java-sdk JAR, opt for individual service modules. Include only the specific AWS SDK modules your application needs. For instance, if your application interacts only with S3 and DynamoDB, include only aws-java-sdk-s3 and aws-java-sdk-dynamodb dependencies.
This approach helps minimize the application size, reduces memory footprint, and enhances overall performance by loading only the necessary classes at runtime.
For almost all services or APIs running in production, the requirement exists to secure access to the service. In the rest of this article, we will look at how to ensure the following security requirements:
This article shows you how to implement these concepts when running data services or Routes in the Talend Runtime. The focus is on the cloud runtime, but also applies to on-premises environments. Microservices are not handled in this article.
The attached security.zip file contains a Talend Studio v7.0 project with a sample service and Route to experiment with. It can be imported into any Talend Studio v7.x. In addition, it contains sample configuration files for the LDAP login module described later.
For REST-based services, in a cloud environment, Talend provides support only for basic authentication, where the user name and password are sent in an HTTP header alongside the request in clear text. Therefore it is mandatory to use HTTPS instead of HTTP as the protocol to ensure that the password is encrypted. Contrary to on-premises, for cloud environments, SAML token and OAuth are not supported. If more sophisticated solutions are required, Talend recommends using an API Gateway to secure and control access to the services and APIs. Talend Help provides information on how to integrate with API Gateways and examples for deployment on AWS API Gateway and Azure API Management.
Activating basic authentication for a service or a Route is done in Talend Studio in the corresponding REST component (tRESTRequest in a data service, or cREST in a Route). A data service where authentication is enabled is shown below:
Figure 1: Authentication enabled data service
Enforcing authentication information when sending the request to the service is only half the story. The provided identity must be validated and compared to the set of accepted identities. Talend Runtime provides an authentication framework based on Java Authentication and Authorization Service (JAAS), which allows you to plug in different modules targeting a specific backend to validate identity information. Out of the box, Talend Runtime is configured to support a file-based backend, but among others LDAP can also be used to validate. For a complete list of supported backends, see the Apache Karaf documentation.
The PropertiesLoginModule login module is the one configured by default in the Talend Runtime. It is based on the ${Runtime_Home}/etc/users.properties file, which uses the properties file format. Each property represents an identity. The format of the property is as follows:
user=password[,role][,role]...
Several roles may also be grouped together and the group can be referenced in the user entry:
_g_\:group=role[,role]... user=password[,role][,_g_\:group]...
The figure below shows the users.properties file, which is part of the Talend Runtime installation. In addition to the standard users tadmin, tesb, and karaf, two users alice and bob were added.
Figure 2: Sample users file
Passwords in the properties file are in clear text by default, but can be hashed to ensure protection. To automatically hash passwords after restarting the runtime, open and edit the <Runtime_Home>/etc/org.apache.karaf.jaas.cfg file.
The encryption.enabled property must be set to true. Furthermore, the encryption algorithm in the property encryption.algorithm should be set to something like SHA-256. The configuration file should look like this:
Figure 3: org.apache.karaf.jaas.cfg
The properties file solution is fine to quickly get some identity information defined, for example, when testing, but does not scale well. Furthermore, in many cases, identity information is stored in some LDAP server or Active Directory. Talend runtime provides an LDAP module to validate identity information using the information stored in LDAP or Active Directory.
The security.zip file includes the OSGi Blueprint bundle file authentication/LDAP-login-config.xml, which activates the LDAP login module when deployed into the runtime, and the authentication/org.talend.esb.jaas.ldap.cfg file to configure the login module and adapt it to the specific environment.
Table 1: LDAP login parameters for authentication
Name |
Description |
connection.url |
The LDAP URL, for example, ldap://ldap-host.example.com:389 |
connection.username |
Username to connect to LDAP, for example, cn=admin,dc=example,dc=com. The user requires read access to the part of the Directory Information Tree (DIT) where the user information is stored. |
connection.password |
User password to connect to LDAP. |
user.base.dn |
The LDAP base DN used to look up users, for example, ou=users,dc=example,dc=com. |
user.filter |
The LDAP filter used to locate the user applied to the subtree specified in user.base.dn, for example, (uid=%u) where %u will be replaced by the username. |
user.search.subtree |
If “true”, the user lookup will be recursive (sub). If “false”, the user lookup will be performed only at the first level (one). |
authentication |
Specifies the authentication method used when binding to the LDAP server. The default is simple, where a username and password is required. To enable anonymous, set to none and leave username and password blank. |
Edit the configuration file and adapt the settings to your environment. Table 1 provides a list of the properties to be configured and their meaning. The configuration file also contains the description for each property. The sample values in Table 1 and in the configuration file correspond to the Directory Information Tree (DIT) structure shown in Figure 4.
When finished with editing, copy the configuration file to the directory <Runtime_Home>/etc.
Deploy the authentication/LDAP-login-config.xml file into the Talend Runtime. The easiest way to deploy it is to copy the file to the deploy folder of the Talend Runtime, <Runtime_Home>/deploy.
Often the LDAP server or Active Directory requires the use of Secure LDAP (LDAPS) to ensure the communication is encrypted. The LDAP login module also supports LDAPS, but in addition requires a keystore containing the X.509 certificate of the LDAP server. The location of the keystore and required passwords are specified in the OSGi Blueprint bundle file, which contains the specification of the LDAP login module.
security.zip includes an extended version of the OSGi Blueprint bundle file ldaps/LDAP-login-config.xml with an additional section for the keystore, and ldaps/org.talend.esb.jaas.ldap.cfg with additional properties to configure the keystore-related parameters. Table 2 provides a list of the additional properties that need to be configured.
Name |
Description |
truststore.path |
Absolute path to a trust store containing required Active Directory certificates, for example, /opt/talend/7.2.1/runtime/etc/keystores/ldaptruststore |
truststore.password |
Password for the specified trust store. |
The article Authorization for REST service based routes with HTTP Basic Authentication describes how to enable authorization for a Route, and how to configure the user properties file. If LDAP is used for identity validation, the user information is stored in the roles for authorization. Figure 5 shows a container object groups and three child objects that represent the different groups or roles. Users belonging to a group are referenced through the member attribute, where the fully qualified distinguished name of the user is specified.
Figure 5: Sample LDAP for groups/roles
security.zip includes an extended version of the OSGi Blueprint bundle file authorization/LDAP-login-config.xml with additional configuration parameters to retrieve roles, and authorization/org.talend.esb.jaas.ldap.cfg with additional properties to configure the parameters. Table 3 provides a list of the additional properties that need to be configured.
Table 3: LDAP login parameters for authorization
Name |
Description |
role.base.dn |
The LDAP base DN used to looking for groups/roles, for example, ou=groups,dc=example,dc=com |
role.filter |
The LDAP filter used to look for user’s role, for example, (member=%fqdn) where %fqdn will be replaced by the user's full qualified distinguished name |
role.name.attribute |
The LDAP role attribute containing the group/role string used by Talend Runtime, for example, cn |
Currently, the sample Route provided in article Authorization for REST service based routes with HTTP Basic Authentication and also included in security.zip does not work for Talend version 7.1, 7.2, and 7.3.
In the default configuration of the Talend Runtime, both HTTP and HTTPS are enabled, and the private key used for HTTPS is a well-known standard key provided by Talend. If you use HTTPS, replacing the key is a must.
org.osgi.service.http.enabled=false
The file should now look like:
The Server HTTP Configuration section of the Talend ESB Container Administration Guide provides documentation for the HTTP settings in org.ops4j.pax.web.cfg.
When implementing a REST service in a Mediation route using the cREST component as route consumer, Studio provides three ways to authenticate the service: HTTP Basic, SAML token, and OpenID Connect. Only the SAML token provides an option to enable authorization. Unfortunately, the SAML token is not an adequate solution in many use cases because third-party service clients cannot be expected to acquire a SAML token and integrate it into the request. Often HTTP basic authentication, together with HTTPS, is the only way to integrate third-party clients.
Studio does not support authorization when selecting HTTP basic authentication as an authentication type.
In Routes, you can enhance the cRest component to implement role-based authorization with the help of an authorizing filter.
Sources for the project are available in the attached Authorization.zip file.
The cREST component is based on the Camel CXFRS component and the JAX-RS implementation of CXF. In JAX-RS, the runtime is extended and customized through providers. CXF JAX-RS provides a SimpleAuthorizingFilter, extending a REST endpoint with role-based authorization.
One way to add providers in CXFRS is to add the providers option to the endpoint URL of the CXFRS component. The providers are registered as beans in the Camel registry and referenced by name in the providers option. For more information on the exact syntax in the providers option and a complete list of all other options, see the Apache Camel, CXF-RS Component page.
Figure 1 shows a Mediation route in Studio that implements a web service with authentication and authorization.
Figure 1. REST service with authentication and authorization
In the cREST component, you can enforce authentication on the Basic settings tab by enabling the Use Authentication check box and selecting HTTP Basic as the authentication protocol.
Figure 2. Basic settings of the REST endpoint
Enforcing authorization in the cREST component is slightly more involved. It requires setting the additional "providers" option, which is implemented by the bean registered under the name of "authFilter" in the Advanced settings tab, as shown in Figure 3.
Figure 3. Advanced settings of the REST endpoint
In this example, the cBeanRegister component initializes the SimpleAuthorizingFilter, and registers it under the name "authFilter", as shown in Figure 4.
Figure 4. Definition and registration of the authorizing filter
The filter is mainly a wrapper around the SimpleAuthorizingInterceptor, which does the actual work. It is also the interceptor where the roles are specified that authorize the service to execute. In this article, the setGlobalRoles method specifies the roles manager and admin in the beans definition code, which allows them to execute the service. In a real-world use case, you would specify them through a context variable.
The Authorization.zip file, attached to this article, contains an executable sample project (v6.5.1). You can experiment with the project by deploying it in a Talend Runtime and trying different outcomes. For example, you could add a few users to the etc/users.properties file with corresponding roles.
Figure 5 shows a users.properties file where the user alice has the manager and employee role, and user bob only has the employee role. Call the deployed service using the URL (http://localhost:8040/services/test). If authenticating with user alice the call is successful. If authenticating with user bob you should get HTTP return code 403. The sample not only works with the JAAS PropertiesLoginModule but also with the other login modules supported by the Talend Runtime, such as LDAPLoginModule or SyncopeLoginModule.
Figure 5. Sample users file
When connecting to a MySQL database via JDBC, there will occur below connection error message from TAC or Talend tMysqlConnection, tMysqlInput and tMysqlOutput components.
java.sql.SQLNonTransientConnectionException: Public Key Retrieval is not allowed
The error message java.sql.SQLNonTransientConnectionException: Public Key Retrieval is not allowed
typically occurs when you're trying to connect to a MySQL database using JDBC and the connection URL is not correctly configured to allow public key retrieval for SSL connections. This is a regular setting when using MySQL 8.0+ with certain security configurations.
Add client option to your connection URL mysql-connector allowPublicKeyRetrieval=true to allow the client to automatically request the public key from the server.
jdbc:mysql://localhost:3306/db?allowPublicKeyRetrieval=true&useSSL=false