On Fri, Aug 20, 2010 at 12:10 AM, Thilina Mahesh Buddhika <[email protected]> wrote: > Thanks Amila. I will try that. > > But can we ask users to follow these steps before running IS ? It will break > the 'extract and run' practice we have been maintaining with Carbon. > > WDYT?
+1 - We can do it at the code level.. Thanks & regards, -Prabath > > Thanks, > Thilina > > On Thu, Aug 19, 2010 at 11:58 PM, Amila Jayasekara <[email protected]> wrote: >> >> Hi Thilina, >> This exception usually occurs if Bouncy Castle is not registered as >> a security provider in your JVM. To resolve this issue follow the steps >> given below, >> 1. Find the JVM you are running (Use update-java-alternatives -l >> command) >> 2. Find java.security in /path_to_your_jvm/jre/lib/security >> 3. Add >> security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider >> (X is the next number in sequence) >> >> After adding BC provider, java.security would look like as below, >> >> security.provider.1=sun.security.provider.Sun >> security.provider.2=sun.security.rsa.SunRsaSign >> security.provider.3=com.sun.net.ssl.internal.ssl.Provider >> security.provider.4=com.sun.crypto.provider.SunJCE >> security.provider.5=sun.security.jgss.SunProvider >> security.provider.6=com.sun.security.sasl.Provider >> security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI >> security.provider.8=sun.security.smartcardio.SunPCSC >> security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider >> >> [1] is a good reference on this. Also it has a test program to check >> whether BC is installed or not. >> >> If this doesnt solve the issue, please let me know. >> >> [1] >> >> http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html >> >> Thanks >> AmilaJ >> >> >> >> Thilina Mahesh Buddhika wrote: >> > Hi AmilaJ, >> > >> > I tried starting an IS pack built from latest trunk and the following >> > exception was thrown from identity provider initialization code. >> > >> > java.lang.SecurityException: JCE cannot authenticate the provider BC >> > at javax.crypto.Cipher.getInstance(DashoA12275) >> > at javax.crypto.Cipher.getInstance(DashoA12275) >> > at org.wso2.carbon.core.util.CryptoUtil.encrypt(CryptoUtil.java:76) >> > at >> > >> > org.wso2.carbon.core.util.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:98) >> > at >> > >> > org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStore(KeyStoreAdmin.java:225) >> > at >> > >> > org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStoreWithFilePath(KeyStoreAdmin.java:173) >> > at >> > >> > org.wso2.carbon.identity.provider.Initializer.addKeyStores(Initializer.java:113) >> > at >> > org.wso2.carbon.identity.provider.Initializer.init(Initializer.java:64) >> > at >> > >> > org.wso2.carbon.identity.provider.internal.IdentityProviderServiceComponent.activate(IdentityProviderServiceComponent.java:80) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> > >> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> > at >> > >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> > at java.lang.reflect.Method.invoke(Method.java:592) >> > at >> > >> > org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:230) >> > >> > >> > Then I removed ApacheDS related bundles and replaced the user-mgt.xml >> > of IS with a default user-mgt.xml. Then it started up fine. >> > >> > Down in the stack trace, I could observe the following lines. >> > >> > Caused by: java.util.jar.JarException: >> > >> > file:/home/thilina/projects/carbon/trunk/products/is/modules/distribution/target/wso2is-3.0.0-SNAPSHOT/repository/components/configuration/org.eclipse.osgi/bundles/12/1/.cp/apacheds-all-1.5.7.jar >> > has unsigned entries - >> > org/apache/directory/server/core/partition/avl/AvlIndex.class >> > at javax.crypto.SunJCE_d.b(DashoA12275) >> > at javax.crypto.SunJCE_d.a(DashoA12275) >> > at javax.crypto.SunJCE_d.a(DashoA12275) >> > at javax.crypto.SunJCE_b.b(DashoA12275) >> > at javax.crypto.SunJCE_b.a(DashoA12275) >> > >> > I doubt whether this error is the cause for the above exception. >> > >> > Thanks, >> > Thilina >> > >> > On Mon, Aug 16, 2010 at 10:35 AM, Amila Jayasekara <[email protected] >> > <mailto:[email protected]>> wrote: >> > >> > Hi All, >> > Just to inform you that IS is now integrated with in-built >> > ApacheDS >> > server. To achieve this we are replacing some tokens in >> > user-mgmt.xml. >> > Token replacement in user-mgmt.xml is not trivial and i had to >> > introduce >> > some new code into user-mgmt.xml to achieve this. >> > In summary this is how we do token replacement in user-mgmt.xml. >> > Introduce a new tag called "<ISUserStoreManager >> > class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager">" >> > and >> > this is quite similar to <UserStoreManager >> > "org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager"> tag. But >> > in >> > default configuration this is commented. >> > When building IS comment all existing <UserStoreManager> tags and >> > replace <!--ISUserStoreManager> with <UserStoreManager>. >> > >> > This approach is quite fragile. For example if someone introduce a >> > comment to a default <UserStoreManager>, build will break. >> > >> > I believe we should be able to improve the way we replace >> > tokens >> > in user-mgmt.xml. I guess the best way to achieve this is by >> > separating >> > UserStoreManager and their properties or maybe to introduce a >> > enable, >> > disable attribute to <UserStoreManager> tag. >> > >> > Feedback appreciated. >> > >> > Thankx >> > AmilaJ >> > >> > _______________________________________________ >> > Carbon-dev mailing list >> > [email protected] <mailto:[email protected]> >> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > >> > >> > >> > >> > -- >> > Thilina Mahesh Buddhika >> > Senior Software Engineer >> > WSO2 Inc. ; http://wso2.com >> > lean . enterprise . middleware >> > >> > phone : +94 77 44 88 727 >> > blog : http://blog.thilinamb.com >> > ------------------------------------------------------------------------ >> > >> > _______________________________________________ >> > Carbon-dev mailing list >> > [email protected] >> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > >> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > -- > Thilina Mahesh Buddhika > Senior Software Engineer > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thanks & Regards, Prabath Siriwardena http://blog.facilelogin.com http://RampartFAQ.com _______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
