<div dir="ltr"><div>We went with a different JCE algorithm earlier; but for Beta3 we use PBEWithMD5AndDES (which is part of the standard JCE files and listed in your email).<br><br></div>I'd recommend you therefore try with Beta3....<br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On 6 June 2013 12:00, kappert <span dir="ltr"><<a href="mailto:kappert@hotmail.com" target="_blank">kappert@hotmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thank you for your reply!<br>
I have now tried on a local Tomcat 7 and have discovered the first<br>
exception, which may (or may not...) cause other problems. It occurs already<br>
when deploying Guvnor 6:<br>
<br>
2013-06-06 11:11:58,246 [http-apr-8080-exec-3] ERROR Unable to encrypt<br>
org.jasypt.exceptions.EncryptionOperationNotPossibleException: *Encryption<br>
raised an exception. A possible cause is you are using strong encryption<br>
algorithms and you have not installed the Java Cryptography Extension (JCE)<br>
Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine*<br>
at<br>
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:999)<br>
~[jasypt-1.9.0.jar:na]<br>
at<br>
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:868)<br>
~[jasypt-1.9.0.jar:na]<br>
at<br>
org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)<br>
~[jasypt-1.9.0.jar:na]<br>
at<br>
org.uberfire.backend.server.config.DefaultPasswordServiceImpl.encrypt(DefaultPasswordServiceImpl.java:28)<br>
~[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]<br>
at<br>
org.uberfire.backend.server.config.DefaultPasswordServiceImpl$Proxy$_$$_WeldClientProxy.encrypt(DefaultPasswordServiceImpl$Proxy$_$$_WeldClientProxy.java)<br>
[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]<br>
at<br>
org.uberfire.backend.server.config.ConfigurationFactoryImpl.newSecuredConfigItem(ConfigurationFactoryImpl.java:46)<br>
[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]<br>
at<br>
org.uberfire.backend.server.repositories.RepositoryServiceImpl.cloneRepository(RepositoryServiceImpl.java:93)<br>
[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]<br>
at<br>
org.uberfire.backend.server.repositories.RepositoryServiceImpl$Proxy$_$$_WeldClientProxy.cloneRepository(RepositoryServiceImpl$Proxy$_$$_WeldClientProxy.java)<br>
[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]<br>
at<br>
org.kie.guvnor.backend.server.AppSetup.assertPlayground(AppSetup.java:69)<br>
[AppSetup.class:na]<br>
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br>
~[na:1.7.0_17]<br>
at<br>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)<br>
~[na:1.7.0_17]<br>
at<br>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
~[na:1.7.0_17]<br>
at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_17]<br>
at<br>
org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:267)<br>
[weld-core-1.1.8.Final.jar:2012-04-29 10:45]<br>
...<br>
<br>
<br>
Indeed I have found the same exception now in the Jelastic logs.<br>
<br>
The error message makes sense: I am not in the USA and neither is our<br>
Jelastic hosting provider (we are in Switzerland). My local Tomcat is<br>
running with a current Oracle JDK (jdk1.7.0_17). But "Unlimited Strength<br>
Jurisdiction Policy Files" sounds like something the USA does not like to<br>
share with the rest of the world :-) But I am just guessing.<br>
<br>
I see now that I could download the missing files<br>
<<a href="http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html" target="_blank">http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html</a>><br>
and it would be legal to use unlimited strength cryptography in most<br>
countries. But I don't think it is a good idea if I try to fix this on my<br>
side, because I cannot change it in Jelastic.<br>
<br>
Is it really necessary to use unlimited encryption for Guvnor?<br>
<br>
Maybe this helps: I found this little program that lists the supported<br>
crypto algorithms and providers<br>
<<a href="http://stackoverflow.com/questions/3683302/how-to-find-out-what-algorithm-encryption-are-supported-by-my-jvm" target="_blank">http://stackoverflow.com/questions/3683302/how-to-find-out-what-algorithm-encryption-are-supported-by-my-jvm</a>><br>
. Here is the output for the JDK I am using with Tomcat, so these would be<br>
the algorithms available in every country of the world:<br>
<br>
Provider: SUN<br>
Algorithm: SHA1PRNG<br>
Algorithm: SHA1withDSA<br>
Algorithm: NONEwithDSA<br>
Algorithm: DSA<br>
Algorithm: MD2<br>
Algorithm: MD5<br>
Algorithm: SHA<br>
Algorithm: SHA-256<br>
Algorithm: SHA-384<br>
Algorithm: SHA-512<br>
Algorithm: DSA<br>
Algorithm: DSA<br>
Algorithm: DSA<br>
Algorithm: X.509<br>
Algorithm: JKS<br>
Algorithm: CaseExactJKS<br>
Algorithm: JavaPolicy<br>
Algorithm: JavaLoginConfig<br>
Algorithm: PKIX<br>
Algorithm: PKIX<br>
Algorithm: LDAP<br>
Algorithm: Collection<br>
Algorithm: com.sun.security.IndexedCollection<br>
Provider: SunRsaSign<br>
Algorithm: RSA<br>
Algorithm: RSA<br>
Algorithm: MD2withRSA<br>
Algorithm: MD5withRSA<br>
Algorithm: SHA1withRSA<br>
Algorithm: SHA256withRSA<br>
Algorithm: SHA384withRSA<br>
Algorithm: SHA512withRSA<br>
Provider: SunEC<br>
Algorithm: EC<br>
Algorithm: EC<br>
Algorithm: NONEwithECDSA<br>
Algorithm: SHA1withECDSA<br>
Algorithm: SHA256withECDSA<br>
Algorithm: SHA384withECDSA<br>
Algorithm: SHA512withECDSA<br>
Algorithm: EC<br>
Algorithm: ECDH<br>
Provider: SunJSSE<br>
Algorithm: RSA<br>
Algorithm: RSA<br>
Algorithm: MD2withRSA<br>
Algorithm: MD5withRSA<br>
Algorithm: SHA1withRSA<br>
Algorithm: MD5andSHA1withRSA<br>
Algorithm: SunX509<br>
Algorithm: NewSunX509<br>
Algorithm: SunX509<br>
Algorithm: PKIX<br>
Algorithm: TLSv1<br>
Algorithm: TLSv1.1<br>
Algorithm: TLSv1.2<br>
Algorithm: Default<br>
Algorithm: PKCS12<br>
Provider: SunJCE<br>
Algorithm: RSA<br>
Algorithm: DES<br>
Algorithm: DESede<br>
Algorithm: DESedeWrap<br>
Algorithm: PBEWithMD5AndDES<br>
Algorithm: PBEWithMD5AndTripleDES<br>
Algorithm: PBEWithSHA1AndRC2_40<br>
Algorithm: PBEWithSHA1AndDESede<br>
Algorithm: Blowfish<br>
Algorithm: AES<br>
Algorithm: AESWrap<br>
Algorithm: RC2<br>
Algorithm: ARCFOUR<br>
Algorithm: DES<br>
Algorithm: DESede<br>
Algorithm: Blowfish<br>
Algorithm: AES<br>
Algorithm: RC2<br>
Algorithm: ARCFOUR<br>
Algorithm: HmacMD5<br>
Algorithm: HmacSHA1<br>
Algorithm: HmacSHA256<br>
Algorithm: HmacSHA384<br>
Algorithm: HmacSHA512<br>
Algorithm: DiffieHellman<br>
Algorithm: DiffieHellman<br>
Algorithm: DiffieHellman<br>
Algorithm: DiffieHellman<br>
Algorithm: DES<br>
Algorithm: DESede<br>
Algorithm: PBE<br>
Algorithm: PBEWithMD5AndDES<br>
Algorithm: PBEWithMD5AndTripleDES<br>
Algorithm: PBEWithSHA1AndDESede<br>
Algorithm: PBEWithSHA1AndRC2_40<br>
Algorithm: Blowfish<br>
Algorithm: AES<br>
Algorithm: RC2<br>
Algorithm: OAEP<br>
Algorithm: DiffieHellman<br>
Algorithm: DES<br>
Algorithm: DESede<br>
Algorithm: PBEWithMD5AndDES<br>
Algorithm: PBEWithMD5AndTripleDES<br>
Algorithm: PBEWithSHA1AndDESede<br>
Algorithm: PBEWithSHA1AndRC2_40<br>
Algorithm: PBKDF2WithHmacSHA1<br>
Algorithm: HmacMD5<br>
Algorithm: HmacSHA1<br>
Algorithm: HmacSHA256<br>
Algorithm: HmacSHA384<br>
Algorithm: HmacSHA512<br>
Algorithm: HmacPBESHA1<br>
Algorithm: SslMacMD5<br>
Algorithm: SslMacSHA1<br>
Algorithm: JCEKS<br>
Algorithm: SunTlsPrf<br>
Algorithm: SunTls12Prf<br>
Algorithm: SunTlsMasterSecret<br>
Algorithm: SunTlsKeyMaterial<br>
Algorithm: SunTlsRsaPremasterSecret<br>
Provider: SunJGSS<br>
Algorithm: 1.2.840.113554.1.2.2<br>
Algorithm: 1.3.6.1.5.5.2<br>
Provider: SunSASL<br>
Algorithm: DIGEST-MD5<br>
Algorithm: NTLM<br>
Algorithm: GSSAPI<br>
Algorithm: EXTERNAL<br>
Algorithm: PLAIN<br>
Algorithm: CRAM-MD5<br>
Algorithm: CRAM-MD5<br>
Algorithm: GSSAPI<br>
Algorithm: DIGEST-MD5<br>
Algorithm: NTLM<br>
Provider: XMLDSig<br>
Algorithm: <a href="http://www.w3.org/2002/06/xmldsig-filter2" target="_blank">http://www.w3.org/2002/06/xmldsig-filter2</a><br>
Algorithm: <a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a><br>
Algorithm: <a href="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#WithComments</a><br>
Algorithm: <a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a><br>
Algorithm: <a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" target="_blank">http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</a><br>
Algorithm: DOM<br>
Algorithm: <a href="http://www.w3.org/2006/12/xml-c14n11" target="_blank">http://www.w3.org/2006/12/xml-c14n11</a><br>
Algorithm: <a href="http://www.w3.org/2000/09/xmldsig#base64" target="_blank">http://www.w3.org/2000/09/xmldsig#base64</a><br>
Algorithm: <a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" target="_blank">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a><br>
Algorithm: <a href="http://www.w3.org/TR/1999/REC-xpath-19991116" target="_blank">http://www.w3.org/TR/1999/REC-xpath-19991116</a><br>
Algorithm: <a href="http://www.w3.org/TR/1999/REC-xslt-19991116" target="_blank">http://www.w3.org/TR/1999/REC-xslt-19991116</a><br>
Algorithm: <a href="http://www.w3.org/2006/12/xml-c14n11#WithComments" target="_blank">http://www.w3.org/2006/12/xml-c14n11#WithComments</a><br>
Algorithm: DOM<br>
Provider: SunPCSC<br>
Algorithm: PC/SC<br>
Provider: SunMSCAPI<br>
Algorithm: Windows-PRNG<br>
Algorithm: Windows-MY<br>
Algorithm: Windows-ROOT<br>
Algorithm: NONEwithRSA<br>
Algorithm: SHA1withRSA<br>
Algorithm: SHA256withRSA<br>
Algorithm: SHA384withRSA<br>
Algorithm: SHA512withRSA<br>
Algorithm: MD5withRSA<br>
Algorithm: MD2withRSA<br>
Algorithm: RSA<br>
Algorithm: RSA<br>
Algorithm: RSA/ECB/PKCS1Padding<br>
<br>
<br>
<br>
--<br>
View this message in context: <a href="http://drools.46999.n3.nabble.com/Guvnor-6-0-0-Beta2-on-Tomcat-7-should-problems-be-reported-tp4024142p4024167.html" target="_blank">http://drools.46999.n3.nabble.com/Guvnor-6-0-0-Beta2-on-Tomcat-7-should-problems-be-reported-tp4024142p4024167.html</a><br>
<div class="HOEnZb"><div class="h5">Sent from the Drools: User forum mailing list archive at Nabble.com.<br>
_______________________________________________<br>
rules-users mailing list<br>
<a href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/rules-users" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-users</a><br>
</div></div></blockquote></div><br></div>