Some files are encrypted with the empty user password (but not empty
owner password), that is why you can open them. In Adobe Reader, you
will see "(PROTECTED)" in the title bar. (or something similar in
another language)
My understanding is that this is the call that doesn't work:
Security.addProvider(new BouncyCastleProvider());
1) change your code so that this piece of code is at the start of your
software
2) Does it work? I assume it won't.
3) prepare a minimal webstart application, i.e. just with bouncycastle
4) Assuming it still doesn't work, ask your question on stackoverflow.
Don't forget to add webstart and bouncycastle as labels, and include all
relevant files. You will probably be more successful there.
Tilman
Am 24.09.2015 um 14:13 schrieb Eric Douglas:
I have all separate jars on my system. pdfbox-2.0.0.jar,
fontbox-2.0.0.jar, bcprov-jdk15on-152.jar ...
There is something in the system telling this not to work. This Java works
on a different system and I can't tell what's different between the two.
I am getting this error still on my system on PDDocument.load now even on
non-secured PDF.
On Thu, Sep 24, 2015 at 6:16 AM, Andreas Lehmkühler <andr...@lehmi.de>
wrote:
Hi,
Eric Douglas <edoug...@blockhouse.com> hat am 18. September 2015 um
16:53
geschrieben:
I'm trying to read a PDF using pdfbox, and on one system I get this
error:
cannot create instance of
org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings
: java.security.AccessControlException: access denied
("java.security.SecurityPermission"
"putProviderProperty.BC")
java.lang.InternalError: cannot create instance of
org.bouncycastle.jcajce.
provider.digest.GOST3411$Mappings : java.security.AccessControlException:
access denied ("java.security.SecurityPermission"
"putProviderProperty.BC")
org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown
Source)
org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source)
org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown
Source)
org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source)
java.security.AccessController.doPrivileged(Native Method)
org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
org.apache.pdfbox.pdmodel.encryption.SecurityHandlerFactory.<clinit>(
SecurityHandlerFactory.java:44)
org.apache.pdfbox.pdmodel.encryption.PDEncryption.<init>
(PDEncryption.java:96)
org.apache.pdfbox.pdfparser.PDFParser.prepareDecryption(PDFParser.java:436)
org.apache.pdfbox.pdfparser.PDFParser.initialParse(PDFParser.java:321)
org.apache.pdfbox.pdfparser.PDFParser.parse(PDFParser.java:373)
org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:890)
org.apache.pdfbox.pdmodel.PDDocument.load(PDDocument.java:821)
I looked up where and how to put this grant stuff. This sounds
complicated.
https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#FileSyntax
I'm running webstart. This should work for my client and server? I just
have to update the server? This goes in the
jdk1.8.0_60\jre\lib\security\java.security
file? I have to manually put this here for each server, and do it again
any time we install a new Java version?
I put this in my jnlp file. It apparently didn't help this issue.
<security>
<all-permissions/>
</security>
Is there a way to make this work without manually editing files we'll
have
to worry about later? This is just for an application, server and
clients
are all on local network.
I'm not an expert, but there are several possible reasons.
Did you sign the jars you are using? Starting with 1.7.0_45 (I hope to
remember
the correct version) signing the jars is mandantory. And there are some
other
restrictions for the JNLP file itself.
Do you use the pdfbox-app jar? This could be problematic as the repacking
of the
jar destroys the signature of the bouncy castle jar, which is needed for a
JNLP
usage.
Is there a way to call PDDocument.load without using BouncyCastle, or
without installing it in java security?
The bouncy castle stuff is needed as long as your pdfs are using encrypted
data
and according to the stack trace it looks like you do.
BR
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org
