[rules-users] Guvnor 6.0.0.Beta2 on Tomcat 7 - should problems be reported?
Michael Anstis
michael.anstis at gmail.com
Thu Jun 6 07:05:13 EDT 2013
We went with a different JCE algorithm earlier; but for Beta3 we use
PBEWithMD5AndDES (which is part of the standard JCE files and listed in
your email).
I'd recommend you therefore try with Beta3....
On 6 June 2013 12:00, kappert <kappert at hotmail.com> wrote:
> Thank you for your reply!
> I have now tried on a local Tomcat 7 and have discovered the first
> exception, which may (or may not...) cause other problems. It occurs
> already
> when deploying Guvnor 6:
>
> 2013-06-06 11:11:58,246 [http-apr-8080-exec-3] ERROR Unable to encrypt
> org.jasypt.exceptions.EncryptionOperationNotPossibleException: *Encryption
> raised an exception. A possible cause is you are using strong encryption
> algorithms and you have not installed the Java Cryptography Extension (JCE)
> Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine*
> at
>
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:999)
> ~[jasypt-1.9.0.jar:na]
> at
>
> org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:868)
> ~[jasypt-1.9.0.jar:na]
> at
>
> org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)
> ~[jasypt-1.9.0.jar:na]
> at
>
> org.uberfire.backend.server.config.DefaultPasswordServiceImpl.encrypt(DefaultPasswordServiceImpl.java:28)
> ~[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
> at
>
> org.uberfire.backend.server.config.DefaultPasswordServiceImpl$Proxy$_$$_WeldClientProxy.encrypt(DefaultPasswordServiceImpl$Proxy$_$$_WeldClientProxy.java)
> [uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
> at
>
> org.uberfire.backend.server.config.ConfigurationFactoryImpl.newSecuredConfigItem(ConfigurationFactoryImpl.java:46)
> [uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
> at
>
> org.uberfire.backend.server.repositories.RepositoryServiceImpl.cloneRepository(RepositoryServiceImpl.java:93)
> [uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
> at
>
> org.uberfire.backend.server.repositories.RepositoryServiceImpl$Proxy$_$$_WeldClientProxy.cloneRepository(RepositoryServiceImpl$Proxy$_$$_WeldClientProxy.java)
> [uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
> at
> org.kie.guvnor.backend.server.AppSetup.assertPlayground(AppSetup.java:69)
> [AppSetup.class:na]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.7.0_17]
> at
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_17]
> at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_17]
> at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_17]
> at
>
> org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:267)
> [weld-core-1.1.8.Final.jar:2012-04-29 10:45]
> ...
>
>
> Indeed I have found the same exception now in the Jelastic logs.
>
> The error message makes sense: I am not in the USA and neither is our
> Jelastic hosting provider (we are in Switzerland). My local Tomcat is
> running with a current Oracle JDK (jdk1.7.0_17). But "Unlimited Strength
> Jurisdiction Policy Files" sounds like something the USA does not like to
> share with the rest of the world :-) But I am just guessing.
>
> I see now that I could download the missing files
> <
> http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
> >
> and it would be legal to use unlimited strength cryptography in most
> countries. But I don't think it is a good idea if I try to fix this on my
> side, because I cannot change it in Jelastic.
>
> Is it really necessary to use unlimited encryption for Guvnor?
>
> Maybe this helps: I found this little program that lists the supported
> crypto algorithms and providers
> <
> http://stackoverflow.com/questions/3683302/how-to-find-out-what-algorithm-encryption-are-supported-by-my-jvm
> >
> . Here is the output for the JDK I am using with Tomcat, so these would be
> the algorithms available in every country of the world:
>
> Provider: SUN
> Algorithm: SHA1PRNG
> Algorithm: SHA1withDSA
> Algorithm: NONEwithDSA
> Algorithm: DSA
> Algorithm: MD2
> Algorithm: MD5
> Algorithm: SHA
> Algorithm: SHA-256
> Algorithm: SHA-384
> Algorithm: SHA-512
> Algorithm: DSA
> Algorithm: DSA
> Algorithm: DSA
> Algorithm: X.509
> Algorithm: JKS
> Algorithm: CaseExactJKS
> Algorithm: JavaPolicy
> Algorithm: JavaLoginConfig
> Algorithm: PKIX
> Algorithm: PKIX
> Algorithm: LDAP
> Algorithm: Collection
> Algorithm: com.sun.security.IndexedCollection
> Provider: SunRsaSign
> Algorithm: RSA
> Algorithm: RSA
> Algorithm: MD2withRSA
> Algorithm: MD5withRSA
> Algorithm: SHA1withRSA
> Algorithm: SHA256withRSA
> Algorithm: SHA384withRSA
> Algorithm: SHA512withRSA
> Provider: SunEC
> Algorithm: EC
> Algorithm: EC
> Algorithm: NONEwithECDSA
> Algorithm: SHA1withECDSA
> Algorithm: SHA256withECDSA
> Algorithm: SHA384withECDSA
> Algorithm: SHA512withECDSA
> Algorithm: EC
> Algorithm: ECDH
> Provider: SunJSSE
> Algorithm: RSA
> Algorithm: RSA
> Algorithm: MD2withRSA
> Algorithm: MD5withRSA
> Algorithm: SHA1withRSA
> Algorithm: MD5andSHA1withRSA
> Algorithm: SunX509
> Algorithm: NewSunX509
> Algorithm: SunX509
> Algorithm: PKIX
> Algorithm: TLSv1
> Algorithm: TLSv1.1
> Algorithm: TLSv1.2
> Algorithm: Default
> Algorithm: PKCS12
> Provider: SunJCE
> Algorithm: RSA
> Algorithm: DES
> Algorithm: DESede
> Algorithm: DESedeWrap
> Algorithm: PBEWithMD5AndDES
> Algorithm: PBEWithMD5AndTripleDES
> Algorithm: PBEWithSHA1AndRC2_40
> Algorithm: PBEWithSHA1AndDESede
> Algorithm: Blowfish
> Algorithm: AES
> Algorithm: AESWrap
> Algorithm: RC2
> Algorithm: ARCFOUR
> Algorithm: DES
> Algorithm: DESede
> Algorithm: Blowfish
> Algorithm: AES
> Algorithm: RC2
> Algorithm: ARCFOUR
> Algorithm: HmacMD5
> Algorithm: HmacSHA1
> Algorithm: HmacSHA256
> Algorithm: HmacSHA384
> Algorithm: HmacSHA512
> Algorithm: DiffieHellman
> Algorithm: DiffieHellman
> Algorithm: DiffieHellman
> Algorithm: DiffieHellman
> Algorithm: DES
> Algorithm: DESede
> Algorithm: PBE
> Algorithm: PBEWithMD5AndDES
> Algorithm: PBEWithMD5AndTripleDES
> Algorithm: PBEWithSHA1AndDESede
> Algorithm: PBEWithSHA1AndRC2_40
> Algorithm: Blowfish
> Algorithm: AES
> Algorithm: RC2
> Algorithm: OAEP
> Algorithm: DiffieHellman
> Algorithm: DES
> Algorithm: DESede
> Algorithm: PBEWithMD5AndDES
> Algorithm: PBEWithMD5AndTripleDES
> Algorithm: PBEWithSHA1AndDESede
> Algorithm: PBEWithSHA1AndRC2_40
> Algorithm: PBKDF2WithHmacSHA1
> Algorithm: HmacMD5
> Algorithm: HmacSHA1
> Algorithm: HmacSHA256
> Algorithm: HmacSHA384
> Algorithm: HmacSHA512
> Algorithm: HmacPBESHA1
> Algorithm: SslMacMD5
> Algorithm: SslMacSHA1
> Algorithm: JCEKS
> Algorithm: SunTlsPrf
> Algorithm: SunTls12Prf
> Algorithm: SunTlsMasterSecret
> Algorithm: SunTlsKeyMaterial
> Algorithm: SunTlsRsaPremasterSecret
> Provider: SunJGSS
> Algorithm: 1.2.840.113554.1.2.2
> Algorithm: 1.3.6.1.5.5.2
> Provider: SunSASL
> Algorithm: DIGEST-MD5
> Algorithm: NTLM
> Algorithm: GSSAPI
> Algorithm: EXTERNAL
> Algorithm: PLAIN
> Algorithm: CRAM-MD5
> Algorithm: CRAM-MD5
> Algorithm: GSSAPI
> Algorithm: DIGEST-MD5
> Algorithm: NTLM
> Provider: XMLDSig
> Algorithm: http://www.w3.org/2002/06/xmldsig-filter2
> Algorithm: http://www.w3.org/2000/09/xmldsig#enveloped-signature
> Algorithm: http://www.w3.org/2001/10/xml-exc-c14n#WithComments
> Algorithm: http://www.w3.org/2001/10/xml-exc-c14n#
> Algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
> Algorithm: DOM
> Algorithm: http://www.w3.org/2006/12/xml-c14n11
> Algorithm: http://www.w3.org/2000/09/xmldsig#base64
> Algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
> Algorithm: http://www.w3.org/TR/1999/REC-xpath-19991116
> Algorithm: http://www.w3.org/TR/1999/REC-xslt-19991116
> Algorithm: http://www.w3.org/2006/12/xml-c14n11#WithComments
> Algorithm: DOM
> Provider: SunPCSC
> Algorithm: PC/SC
> Provider: SunMSCAPI
> Algorithm: Windows-PRNG
> Algorithm: Windows-MY
> Algorithm: Windows-ROOT
> Algorithm: NONEwithRSA
> Algorithm: SHA1withRSA
> Algorithm: SHA256withRSA
> Algorithm: SHA384withRSA
> Algorithm: SHA512withRSA
> Algorithm: MD5withRSA
> Algorithm: MD2withRSA
> Algorithm: RSA
> Algorithm: RSA
> Algorithm: RSA/ECB/PKCS1Padding
>
>
>
> --
> View this message in context:
> http://drools.46999.n3.nabble.com/Guvnor-6-0-0-Beta2-on-Tomcat-7-should-problems-be-reported-tp4024142p4024167.html
> Sent from the Drools: User forum mailing list archive at Nabble.com.
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20130606/8c05af36/attachment-0001.html
More information about the rules-users
mailing list