On reading more in the release notes
(http://tomcat.apache.org/tomcat-5.5-doc/RELEASE-NOTES.txt), I figured
I'd give the shared/lib idea a try. I found that just by moving the
BouncyCastle JCE jar into shared/lib and out of the WEB-INF/lib of the
various webapps, all seems to work okay.
Note that when using a security manager, I had to add the following
additional GRANTs before TC would actually start up, so these should
probably be added to the default catalina.policy file in the
distribution (under the default grant {} entry):
// Extra permission found by Yozons that need to be set for whatever reason
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.*";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.compiler";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.util.net";
David
David Wall wrote:
Since upgrading from Tomcat from 5.5.9 to 5.5.17, I found that my two
webapps that both need to use encryption via JCE providers are not
working. Only the "first to load" webapp works as it installs the
provider just fine, but the other cannot and then fails.
It seems that a single JVM can only load the security providers once.
When running tomcat with a security manager, it appears that the first
webapp to initialize loads the provider successfully (says in slot
7). The second webapp tries to also load the provider, gets the
routine error saying it was installed in slot -1, but now fails to be
able to find the provider.
If I turn off the security manager in TC (no -security startup
option), it works fine, even though the second to load still gets the
"-1 slot" error installing the JCE provider. This all worked fine
under 5.5.9 with a security manager.
So, the problem appears to be with the security manager in 5.5.17 is
not able to find the provider as it once could because it's been
loaded into the JVM by another webapp. At the bottom is the exception
stack trace.
I am running Tomcat 5.5.17 with a security manager (started with
-security) under RedHat Linux using BouncyCastle JCE 1.33 with JDK 1.5.
Thanks,
David
java.security.NoSuchAlgorithmException: class configured for
SecretKeyFactory(provider: BC)cannot be found.
at java.security.Provider$Service.getImplClass(Provider.java:1178)
at java.security.Provider$Service.newInstance(Provider.java:1129)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
at javax.crypto.SunJCE_b.a(DashoA12275)
at javax.crypto.SecretKeyFactory.getInstance(DashoA12275)
at com.test.cryptotest.PbeUtil.<init>(PbeUtil.java:48)
at com.test.BootService.<init>(BootService.java:62)
at com.test.Context.loadSessionKeys(YoContext.java:547)
at com.test.Context.<init>(YoContext.java:154)
at com.test.Application.init(Application.java:825)
at
com.test.servlet.ContextListener.contextInitialized(ContextListener.java:38)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3729)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4187)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:737)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:608)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at
org.apache.catalina.core.StandardService.start(StandardService.java:450)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Caused by: java.lang.ClassNotFoundException:
org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES3Key
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1352)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198)
at java.security.Provider$Service.getImplClass(Provider.java:1172)
... 37 more
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]