Ok, in case anyone still cares:
The answer is in the system property java.protocol.handler.pkgs. This property
controls how the URL gets parsed (among other things). If the property is not
set, the VM defaults to "sun.net.www.protocol" package. In the class init of
Tomcat, the property is set to the package for tomcat url loading. This package
must not correctly handle loading resources from signed jar files (or something
like that). The workaround is to set the property to sun.net.www.protocol on the
command line with
-Djava.protocol.handler.pkgs=sun.net.www.protocol. Then the tomcat one gets
tacked on to the end of the default sun implementation like it should. According
to Graham, this problem is fixed in 3.2b6.
John Ellis wrote:
> I found out (through trial and error method) what the problem is, but I am not
> sure of the solution. The problem is with the static block of code in
> org.apache.tomcat.startup.Tomcat.java. When I comment that block of code out,
> it works just fine. Of course, I imagine that it would not, now, load any war
> files, but during development, I don't use war files anyway. Any ideas out
> there on a better fix (like one that still works with war files and doesn't
> involve a tomcat source code change)? Should i too, give up and move to
> 3.2b6?
>
> Graham Wright wrote:
>
> > I gave up trying to get Tomcat 3.1 to work with JCE. Tomcat 3.2b6 works
> > fine.
> >
> > Graham
> >
> > John Ellis wrote:
> >
> > > Hi,
> > >
> > > I have seen several emails, here and on the forums at javasoft with this
> > > same problem, but I have not seen an answer.
> > >
> > > If I use the jce cryptography in the same VM as tomcat, I get the
> > > exception stack trace below.
> > >
> > > Unfortunately, the JCE does not distribute with source, so I cannot look
> > > there to find out what type of call is throwing the security exception,
> > > but it is something in a static block of code (class initialization).
> > > When I run the same cod in its own VM, the problem doesn't happen and
> > > the cryptography orks fine. Since the SunJCE implementation includes
> > > some signed jar files to store its certificates, I am suspecting it is a
> > > problem with the classloader that is used in tomcat, but I cannot
> > > confirm that. Can anyone help me??
> > >
> > > thanks,
> > >
> > > John
> > >
> > > java.lang.ExceptionInInitializerError: java.lang.SecurityException:
> > > Cannot set u
> > > p certs for trusted CAs
> > > at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
> > > at
> > > javax.crypto.SecretKeyFactory.getInstance([DashoPro-V1.2-120198])
> > > at
> > > com.inetbasics.iap.core.jsp.ConnectedSessionTag.encryptUserPassword(C
> > > onnectedSessionTag.java:284)
> > > at
> > > com.inetbasics.iap.core.jsp.ConnectedSessionTag.savePassword(Connecte
> > > dSessionTag.java:381)
> > > at
> > > com.inetbasics.iap.core.jsp.ConnectedSessionTag.getCurrentContext(Con
> > > nectedSessionTag.java:163)
> > > at
> > > com.inetbasics.iap.core.jsp.ConnectedSessionTag.doStartTag(ConnectedS
> > > essionTag.java:210)
> > > at
> > > _0002fmenu_0002ejspmenu_jsp_0._jspService(_0002fmenu_0002ejspmenu_jsp
> > > _0.java:64)
> > > at
> > > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:126)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > at
> > > org.apache.jasper.runtime.JspServlet$JspServletWrapper.service(JspSer
> > > vlet.java:174)
> > > at
> > > org.apache.jasper.runtime.JspServlet.serviceJspFile(JspServlet.java:2
> > > 61)
> > > at
> > > org.apache.jasper.runtime.JspServlet.service(JspServlet.java:369)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > at
> > > org.apache.tomcat.core.ServletWrapper.handleRequest(ServletWrapper.ja
> > > va:503)
> > > at
> > > org.apache.tomcat.core.ContextManager.service(ContextManager.java:559
> > > )
> > > at
> > > org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processCon
> > > nection(Ajp12ConnectionHandler.java:156)
> > > at
> > > org.apache.tomcat.service.TcpConnectionThread.run(SimpleTcpEndpoint.j
> > > ava:338)
> > > at java.lang.Thread.run(Unknown Source)
> > > With root
> > > java.lang.SecurityException: Cannot set up certs for trusted CAs
> > > at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
> > > at
> > > javax.crypto.SecretKeyFactory.getInstance([DashoPro-V1.2-120198])
> > > at
> > > com.inetbasics.iap.core.jsp.ConnectedSessionTag.encryptUserPassword(C
> > > onnectedSessionTag.java:284)
> > > at
> > > com.inetbasics.iap.core.jsp.ConnectedSessionTag.savePassword(Connecte
> > > dSessionTag.java:381)
> > > at
> > > com.inetbasics.iap.core.jsp.ConnectedSessionTag.getCurrentContext(Con
> > > nectedSessionTag.java:163)
> > > at
> > > com.inetbasics.iap.core.jsp.ConnectedSessionTag.doStartTag(ConnectedS
> > > essionTag.java:210)
> > > at
> > > _0002fmenu_0002ejspmenu_jsp_0._jspService(_0002fmenu_0002ejspmenu_jsp
> > > _0.java:64)
> > > at
> > > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:126)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > at
> > > org.apache.jasper.runtime.JspServlet$JspServletWrapper.service(JspSer
> > > vlet.java:174)
> > > at
> > > org.apache.jasper.runtime.JspServlet.serviceJspFile(JspServlet.java:2
> > > 61)
> > > at
> > > org.apache.jasper.runtime.JspServlet.service(JspServlet.java:369)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > at
> > > org.apache.tomcat.core.ServletWrapper.handleRequest(ServletWrapper.ja
> > > va:503)
> > > at
> > > org.apache.tomcat.core.ContextManager.service(ContextManager.java:559
> > > )
> > > at
> > > org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processCon
> > > nection(Ajp12ConnectionHandler.java:156)
> > > at
> > > org.apache.tomcat.service.TcpConnectionThread.run(SimpleTcpEndpoint.j
> > > ava:338)
> > > at java.lang.Thread.run(Unknown Source)
