Prabath Siriwardana wrote: > On Fri, Aug 20, 2010 at 12:10 AM, Thilina Mahesh Buddhika > <[email protected]> wrote: > >> Thanks Amila. I will try that. >> >> But can we ask users to follow these steps before running IS ? It will break >> the 'extract and run' practice we have been maintaining with Carbon. >> >> WDYT? >> > > +1 - We can do it at the code level.. > Hi Prabath, Please guide me on how to do this at code level. A reference would be sufficient. Thanks AmilaJ > Thanks & regards, > -Prabath > > >> Thanks, >> Thilina >> >> On Thu, Aug 19, 2010 at 11:58 PM, Amila Jayasekara <[email protected]> wrote: >> >>> Hi Thilina, >>> This exception usually occurs if Bouncy Castle is not registered as >>> a security provider in your JVM. To resolve this issue follow the steps >>> given below, >>> 1. Find the JVM you are running (Use update-java-alternatives -l >>> command) >>> 2. Find java.security in /path_to_your_jvm/jre/lib/security >>> 3. Add >>> security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider >>> (X is the next number in sequence) >>> >>> After adding BC provider, java.security would look like as below, >>> >>> security.provider.1=sun.security.provider.Sun >>> security.provider.2=sun.security.rsa.SunRsaSign >>> security.provider.3=com.sun.net.ssl.internal.ssl.Provider >>> security.provider.4=com.sun.crypto.provider.SunJCE >>> security.provider.5=sun.security.jgss.SunProvider >>> security.provider.6=com.sun.security.sasl.Provider >>> security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI >>> security.provider.8=sun.security.smartcardio.SunPCSC >>> security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider >>> >>> [1] is a good reference on this. Also it has a test program to check >>> whether BC is installed or not. >>> >>> If this doesnt solve the issue, please let me know. >>> >>> [1] >>> >>> http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html >>> >>> Thanks >>> AmilaJ >>> >>> >>> >>> Thilina Mahesh Buddhika wrote: >>> >>>> Hi AmilaJ, >>>> >>>> I tried starting an IS pack built from latest trunk and the following >>>> exception was thrown from identity provider initialization code. >>>> >>>> java.lang.SecurityException: JCE cannot authenticate the provider BC >>>> at javax.crypto.Cipher.getInstance(DashoA12275) >>>> at javax.crypto.Cipher.getInstance(DashoA12275) >>>> at org.wso2.carbon.core.util.CryptoUtil.encrypt(CryptoUtil.java:76) >>>> at >>>> >>>> org.wso2.carbon.core.util.CryptoUtil.encryptAndBase64Encode(CryptoUtil.java:98) >>>> at >>>> >>>> org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStore(KeyStoreAdmin.java:225) >>>> at >>>> >>>> org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStoreWithFilePath(KeyStoreAdmin.java:173) >>>> at >>>> >>>> org.wso2.carbon.identity.provider.Initializer.addKeyStores(Initializer.java:113) >>>> at >>>> org.wso2.carbon.identity.provider.Initializer.init(Initializer.java:64) >>>> at >>>> >>>> org.wso2.carbon.identity.provider.internal.IdentityProviderServiceComponent.activate(IdentityProviderServiceComponent.java:80) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>> at >>>> >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>> at java.lang.reflect.Method.invoke(Method.java:592) >>>> at >>>> >>>> org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:230) >>>> >>>> >>>> Then I removed ApacheDS related bundles and replaced the user-mgt.xml >>>> of IS with a default user-mgt.xml. Then it started up fine. >>>> >>>> Down in the stack trace, I could observe the following lines. >>>> >>>> Caused by: java.util.jar.JarException: >>>> >>>> file:/home/thilina/projects/carbon/trunk/products/is/modules/distribution/target/wso2is-3.0.0-SNAPSHOT/repository/components/configuration/org.eclipse.osgi/bundles/12/1/.cp/apacheds-all-1.5.7.jar >>>> has unsigned entries - >>>> org/apache/directory/server/core/partition/avl/AvlIndex.class >>>> at javax.crypto.SunJCE_d.b(DashoA12275) >>>> at javax.crypto.SunJCE_d.a(DashoA12275) >>>> at javax.crypto.SunJCE_d.a(DashoA12275) >>>> at javax.crypto.SunJCE_b.b(DashoA12275) >>>> at javax.crypto.SunJCE_b.a(DashoA12275) >>>> >>>> I doubt whether this error is the cause for the above exception. >>>> >>>> Thanks, >>>> Thilina >>>> >>>> On Mon, Aug 16, 2010 at 10:35 AM, Amila Jayasekara <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Hi All, >>>> Just to inform you that IS is now integrated with in-built >>>> ApacheDS >>>> server. To achieve this we are replacing some tokens in >>>> user-mgmt.xml. >>>> Token replacement in user-mgmt.xml is not trivial and i had to >>>> introduce >>>> some new code into user-mgmt.xml to achieve this. >>>> In summary this is how we do token replacement in user-mgmt.xml. >>>> Introduce a new tag called "<ISUserStoreManager >>>> class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager">" >>>> and >>>> this is quite similar to <UserStoreManager >>>> "org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager"> tag. But >>>> in >>>> default configuration this is commented. >>>> When building IS comment all existing <UserStoreManager> tags and >>>> replace <!--ISUserStoreManager> with <UserStoreManager>. >>>> >>>> This approach is quite fragile. For example if someone introduce a >>>> comment to a default <UserStoreManager>, build will break. >>>> >>>> I believe we should be able to improve the way we replace >>>> tokens >>>> in user-mgmt.xml. I guess the best way to achieve this is by >>>> separating >>>> UserStoreManager and their properties or maybe to introduce a >>>> enable, >>>> disable attribute to <UserStoreManager> tag. >>>> >>>> Feedback appreciated. >>>> >>>> Thankx >>>> AmilaJ >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] <mailto:[email protected]> >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>>> >>>> >>>> -- >>>> Thilina Mahesh Buddhika >>>> Senior Software Engineer >>>> WSO2 Inc. ; http://wso2.com >>>> lean . enterprise . middleware >>>> >>>> phone : +94 77 44 88 727 >>>> blog : http://blog.thilinamb.com >>>> ------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >> >> -- >> Thilina Mahesh Buddhika >> Senior Software Engineer >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 77 44 88 727 >> blog : http://blog.thilinamb.com >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> >> > > > >
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
