[rules-users] Guvnor 6.0.0.Beta2 on Tomcat 7 - should problems be reported?

Michael Anstis michael.anstis at gmail.com
Thu Jun 6 07:05:13 EDT 2013 

We went with a different JCE algorithm earlier; but for Beta3 we use
PBEWithMD5AndDES (which is part of the standard JCE files and listed in
your email).

I'd recommend you therefore try with Beta3....


On 6 June 2013 12:00, kappert <kappert at hotmail.com> wrote:

> Thank you for your reply!
> I have now tried on a local Tomcat 7 and have discovered the first
> exception, which may (or may not...) cause other problems. It occurs
> already
> when deploying Guvnor 6:
>
> 2013-06-06 11:11:58,246 [http-apr-8080-exec-3] ERROR Unable to encrypt
> org.jasypt.exceptions.EncryptionOperationNotPossibleException: *Encryption
> raised an exception. A possible cause is you are using strong encryption
> algorithms and you have not installed the Java Cryptography Extension (JCE)
> Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine*
>         at
>
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:999)
> ~[jasypt-1.9.0.jar:na]
>         at
>
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:868)
> ~[jasypt-1.9.0.jar:na]
>         at
>
> org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)
> ~[jasypt-1.9.0.jar:na]
>         at
>
> org.uberfire.backend.server.config.DefaultPasswordServiceImpl.encrypt(DefaultPasswordServiceImpl.java:28)
> ~[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
>         at
>
> org.uberfire.backend.server.config.DefaultPasswordServiceImpl$Proxy$_$$_WeldClientProxy.encrypt(DefaultPasswordServiceImpl$Proxy$_$$_WeldClientProxy.java)
> [uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
>         at
>
> org.uberfire.backend.server.config.ConfigurationFactoryImpl.newSecuredConfigItem(ConfigurationFactoryImpl.java:46)
> [uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
>         at
>
> org.uberfire.backend.server.repositories.RepositoryServiceImpl.cloneRepository(RepositoryServiceImpl.java:93)
> [uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
>         at
>
> org.uberfire.backend.server.repositories.RepositoryServiceImpl$Proxy$_$$_WeldClientProxy.cloneRepository(RepositoryServiceImpl$Proxy$_$$_WeldClientProxy.java)
> [uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
>         at
> org.kie.guvnor.backend.server.AppSetup.assertPlayground(AppSetup.java:69)
> [AppSetup.class:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.7.0_17]
>         at
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_17]
>         at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_17]
>         at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_17]
>         at
>
> org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:267)
> [weld-core-1.1.8.Final.jar:2012-04-29 10:45]
>         ...
>
>
> Indeed I have found the same exception now in the Jelastic logs.
>
> The error message makes sense: I am not in the USA and neither is our
> Jelastic hosting provider (we are in Switzerland). My local Tomcat is
> running with a current Oracle JDK (jdk1.7.0_17). But "Unlimited Strength
> Jurisdiction Policy Files" sounds like something the USA does not like to
> share with the rest of the world :-) But I am just guessing.
>
> I see now that I could  download the missing files
> <
> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
> >
> and it would be legal to use unlimited strength cryptography in most
> countries. But I don't think it is a good idea if I try to fix this on my
> side, because I cannot change it in Jelastic.
>
> Is it really necessary to use unlimited encryption for Guvnor?
>
> Maybe this helps: I found this little  program that lists the supported
> crypto algorithms and providers
> <
> http://stackoverflow.com/questions/3683302/how-to-find-out-what-algorithm-encryption-are-supported-by-my-jvm
> >
> . Here is the output for the JDK I am using with Tomcat, so these would be
> the algorithms available in every country of the world:
>
> Provider: SUN
>   Algorithm: SHA1PRNG
>   Algorithm: SHA1withDSA
>   Algorithm: NONEwithDSA
>   Algorithm: DSA
>   Algorithm: MD2
>   Algorithm: MD5
>   Algorithm: SHA
>   Algorithm: SHA-256
>   Algorithm: SHA-384
>   Algorithm: SHA-512
>   Algorithm: DSA
>   Algorithm: DSA
>   Algorithm: DSA
>   Algorithm: X.509
>   Algorithm: JKS
>   Algorithm: CaseExactJKS
>   Algorithm: JavaPolicy
>   Algorithm: JavaLoginConfig
>   Algorithm: PKIX
>   Algorithm: PKIX
>   Algorithm: LDAP
>   Algorithm: Collection
>   Algorithm: com.sun.security.IndexedCollection
> Provider: SunRsaSign
>   Algorithm: RSA
>   Algorithm: RSA
>   Algorithm: MD2withRSA
>   Algorithm: MD5withRSA
>   Algorithm: SHA1withRSA
>   Algorithm: SHA256withRSA
>   Algorithm: SHA384withRSA
>   Algorithm: SHA512withRSA
> Provider: SunEC
>   Algorithm: EC
>   Algorithm: EC
>   Algorithm: NONEwithECDSA
>   Algorithm: SHA1withECDSA
>   Algorithm: SHA256withECDSA
>   Algorithm: SHA384withECDSA
>   Algorithm: SHA512withECDSA
>   Algorithm: EC
>   Algorithm: ECDH
> Provider: SunJSSE
>   Algorithm: RSA
>   Algorithm: RSA
>   Algorithm: MD2withRSA
>   Algorithm: MD5withRSA
>   Algorithm: SHA1withRSA
>   Algorithm: MD5andSHA1withRSA
>   Algorithm: SunX509
>   Algorithm: NewSunX509
>   Algorithm: SunX509
>   Algorithm: PKIX
>   Algorithm: TLSv1
>   Algorithm: TLSv1.1
>   Algorithm: TLSv1.2
>   Algorithm: Default
>   Algorithm: PKCS12
> Provider: SunJCE
>   Algorithm: RSA
>   Algorithm: DES
>   Algorithm: DESede
>   Algorithm: DESedeWrap
>   Algorithm: PBEWithMD5AndDES
>   Algorithm: PBEWithMD5AndTripleDES
>   Algorithm: PBEWithSHA1AndRC2_40
>   Algorithm: PBEWithSHA1AndDESede
>   Algorithm: Blowfish
>   Algorithm: AES
>   Algorithm: AESWrap
>   Algorithm: RC2
>   Algorithm: ARCFOUR
>   Algorithm: DES
>   Algorithm: DESede
>   Algorithm: Blowfish
>   Algorithm: AES
>   Algorithm: RC2
>   Algorithm: ARCFOUR
>   Algorithm: HmacMD5
>   Algorithm: HmacSHA1
>   Algorithm: HmacSHA256
>   Algorithm: HmacSHA384
>   Algorithm: HmacSHA512
>   Algorithm: DiffieHellman
>   Algorithm: DiffieHellman
>   Algorithm: DiffieHellman
>   Algorithm: DiffieHellman
>   Algorithm: DES
>   Algorithm: DESede
>   Algorithm: PBE
>   Algorithm: PBEWithMD5AndDES
>   Algorithm: PBEWithMD5AndTripleDES
>   Algorithm: PBEWithSHA1AndDESede
>   Algorithm: PBEWithSHA1AndRC2_40
>   Algorithm: Blowfish
>   Algorithm: AES
>   Algorithm: RC2
>   Algorithm: OAEP
>   Algorithm: DiffieHellman
>   Algorithm: DES
>   Algorithm: DESede
>   Algorithm: PBEWithMD5AndDES
>   Algorithm: PBEWithMD5AndTripleDES
>   Algorithm: PBEWithSHA1AndDESede
>   Algorithm: PBEWithSHA1AndRC2_40
>   Algorithm: PBKDF2WithHmacSHA1
>   Algorithm: HmacMD5
>   Algorithm: HmacSHA1
>   Algorithm: HmacSHA256
>   Algorithm: HmacSHA384
>   Algorithm: HmacSHA512
>   Algorithm: HmacPBESHA1
>   Algorithm: SslMacMD5
>   Algorithm: SslMacSHA1
>   Algorithm: JCEKS
>   Algorithm: SunTlsPrf
>   Algorithm: SunTls12Prf
>   Algorithm: SunTlsMasterSecret
>   Algorithm: SunTlsKeyMaterial
>   Algorithm: SunTlsRsaPremasterSecret
> Provider: SunJGSS
>   Algorithm: 1.2.840.113554.1.2.2
>   Algorithm: 1.3.6.1.5.5.2
> Provider: SunSASL
>   Algorithm: DIGEST-MD5
>   Algorithm: NTLM
>   Algorithm: GSSAPI
>   Algorithm: EXTERNAL
>   Algorithm: PLAIN
>   Algorithm: CRAM-MD5
>   Algorithm: CRAM-MD5
>   Algorithm: GSSAPI
>   Algorithm: DIGEST-MD5
>   Algorithm: NTLM
> Provider: XMLDSig
>   Algorithm: http://www.w3.org/2002/06/xmldsig-filter2
>   Algorithm: http://www.w3.org/2000/09/xmldsig#enveloped-signature
>   Algorithm: http://www.w3.org/2001/10/xml-exc-c14n#WithComments
>   Algorithm: http://www.w3.org/2001/10/xml-exc-c14n#
>   Algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
>   Algorithm: DOM
>   Algorithm: http://www.w3.org/2006/12/xml-c14n11
>   Algorithm: http://www.w3.org/2000/09/xmldsig#base64
>   Algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
>   Algorithm: http://www.w3.org/TR/1999/REC-xpath-19991116
>   Algorithm: http://www.w3.org/TR/1999/REC-xslt-19991116
>   Algorithm: http://www.w3.org/2006/12/xml-c14n11#WithComments
>   Algorithm: DOM
> Provider: SunPCSC
>   Algorithm: PC/SC
> Provider: SunMSCAPI
>   Algorithm: Windows-PRNG
>   Algorithm: Windows-MY
>   Algorithm: Windows-ROOT
>   Algorithm: NONEwithRSA
>   Algorithm: SHA1withRSA
>   Algorithm: SHA256withRSA
>   Algorithm: SHA384withRSA
>   Algorithm: SHA512withRSA
>   Algorithm: MD5withRSA
>   Algorithm: MD2withRSA
>   Algorithm: RSA
>   Algorithm: RSA
>   Algorithm: RSA/ECB/PKCS1Padding
>
>
>
> --
> View this message in context:
> http://drools.46999.n3.nabble.com/Guvnor-6-0-0-Beta2-on-Tomcat-7-should-problems-be-reported-tp4024142p4024167.html
> Sent from the Drools: User forum mailing list archive at Nabble.com.
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20130606/8c05af36/attachment-0001.html

More information about the rules-users mailing list