Thanks Amila. I will try that. But can we ask users to follow these steps before running IS ? It will break the 'extract and run' practice we have been maintaining with Carbon.
WDYT? Thanks, Thilina On Thu, Aug 19, 2010 at 11:58 PM, Amila Jayasekara <[email protected]> wrote: > Hi Thilina, > This exception usually occurs if Bouncy Castle is not registered as > a security provider in your JVM. To resolve this issue follow the steps > given below, > 1. Find the JVM you are running (Use update-java-alternatives -l > command) > 2. Find java.security in /path_to_your_jvm/jre/lib/security > 3. Add > security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider > (X is the next number in sequence) > > After adding BC provider, java.security would look like as below, > > security.provider.1=sun.security.provider.Sun > security.provider.2=sun.security.rsa.SunRsaSign > security.provider.3=com.sun.net.ssl.internal.ssl.Provider > security.provider.4=com.sun.crypto.provider.SunJCE > security.provider.5=sun.security.jgss.SunProvider > security.provider.6=com.sun.security.sasl.Provider > security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI > security.provider.8=sun.security.smartcardio.SunPCSC > security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider > > [1] is a good reference on this. Also it has a test program to check > whether BC is installed or not. > > If this doesnt solve the issue, please let me know. > > [1] > > http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html > > Thanks > AmilaJ > > > > Thilina Mahesh Buddhika wrote: > > Hi AmilaJ, > > > > I tried starting an IS pack built from latest trunk and the following > > exception was thrown from identity provider initialization code. > > > > java.lang.SecurityException: JCE cannot authenticate the provider BC > > at javax.crypto.Cipher.getInstance(DashoA12275) > > at javax.crypto.Cipher.getInstance(DashoA12275) > > at org.wso2.carbon.core.util.CryptoUtil.encrypt(CryptoUtil.java:76) > > at > > > org.wso2.carbon.core.util.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:98) > > at > > > org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStore(KeyStoreAdmin.java:225) > > at > > > org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStoreWithFilePath(KeyStoreAdmin.java:173) > > at > > > org.wso2.carbon.identity.provider.Initializer.addKeyStores(Initializer.java:113) > > at > > org.wso2.carbon.identity.provider.Initializer.init(Initializer.java:64) > > at > > > org.wso2.carbon.identity.provider.internal.IdentityProviderServiceComponent.activate(IdentityProviderServiceComponent.java:80) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > > at java.lang.reflect.Method.invoke(Method.java:592) > > at > > > org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:230) > > > > > > Then I removed ApacheDS related bundles and replaced the user-mgt.xml > > of IS with a default user-mgt.xml. Then it started up fine. > > > > Down in the stack trace, I could observe the following lines. > > > > Caused by: java.util.jar.JarException: > > > file:/home/thilina/projects/carbon/trunk/products/is/modules/distribution/target/wso2is-3.0.0-SNAPSHOT/repository/components/configuration/org.eclipse.osgi/bundles/12/1/.cp/apacheds-all-1.5.7.jar > > has unsigned entries - > > org/apache/directory/server/core/partition/avl/AvlIndex.class > > at javax.crypto.SunJCE_d.b(DashoA12275) > > at javax.crypto.SunJCE_d.a(DashoA12275) > > at javax.crypto.SunJCE_d.a(DashoA12275) > > at javax.crypto.SunJCE_b.b(DashoA12275) > > at javax.crypto.SunJCE_b.a(DashoA12275) > > > > I doubt whether this error is the cause for the above exception. > > > > Thanks, > > Thilina > > > > On Mon, Aug 16, 2010 at 10:35 AM, Amila Jayasekara <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi All, > > Just to inform you that IS is now integrated with in-built > > ApacheDS > > server. To achieve this we are replacing some tokens in > user-mgmt.xml. > > Token replacement in user-mgmt.xml is not trivial and i had to > > introduce > > some new code into user-mgmt.xml to achieve this. > > In summary this is how we do token replacement in user-mgmt.xml. > > Introduce a new tag called "<ISUserStoreManager > > class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager">" and > > this is quite similar to <UserStoreManager > > "org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager"> tag. But > in > > default configuration this is commented. > > When building IS comment all existing <UserStoreManager> tags and > > replace <!--ISUserStoreManager> with <UserStoreManager>. > > > > This approach is quite fragile. For example if someone introduce a > > comment to a default <UserStoreManager>, build will break. > > > > I believe we should be able to improve the way we replace > > tokens > > in user-mgmt.xml. I guess the best way to achieve this is by > > separating > > UserStoreManager and their properties or maybe to introduce a enable, > > disable attribute to <UserStoreManager> tag. > > > > Feedback appreciated. > > > > Thankx > > AmilaJ > > > > _______________________________________________ > > Carbon-dev mailing list > > [email protected] <mailto:[email protected]> > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > > > > > -- > > Thilina Mahesh Buddhika > > Senior Software Engineer > > WSO2 Inc. ; http://wso2.com > > lean . enterprise . middleware > > > > phone : +94 77 44 88 727 > > blog : http://blog.thilinamb.com > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Carbon-dev mailing list > > [email protected] > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- Thilina Mahesh Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
