On 6 June 2013 12:00, kappert <kappert@hotmail.com> wrote:

Thank you for your reply!
I have now tried on a local Tomcat 7 and have discovered the first
exception, which may (or may not...) cause other problems. It occurs already
when deploying Guvnor 6:

2013-06-06 11:11:58,246 [http-apr-8080-exec-3] ERROR Unable to encrypt
org.jasypt.exceptions.EncryptionOperationNotPossibleException: *Encryption
raised an exception. A possible cause is you are using strong encryption
algorithms and you have not installed the Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine*
at
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.handleInvalidKeyException(StandardPBEByteEncryptor.java:999)
~[jasypt-1.9.0.jar:na]
at
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.encrypt(StandardPBEByteEncryptor.java:868)
~[jasypt-1.9.0.jar:na]
at
org.jasypt.encryption.pbe.StandardPBEStringEncryptor.encrypt(StandardPBEStringEncryptor.java:642)
~[jasypt-1.9.0.jar:na]
at
org.uberfire.backend.server.config.DefaultPasswordServiceImpl.encrypt(DefaultPasswordServiceImpl.java:28)
~[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
at
org.uberfire.backend.server.config.DefaultPasswordServiceImpl$Proxy$_$$_WeldClientProxy.encrypt(DefaultPasswordServiceImpl$Proxy$_$$_WeldClientProxy.java)
[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
at
org.uberfire.backend.server.config.ConfigurationFactoryImpl.newSecuredConfigItem(ConfigurationFactoryImpl.java:46)
[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
at
org.uberfire.backend.server.repositories.RepositoryServiceImpl.cloneRepository(RepositoryServiceImpl.java:93)
[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
at
org.uberfire.backend.server.repositories.RepositoryServiceImpl$Proxy$_$$_WeldClientProxy.cloneRepository(RepositoryServiceImpl$Proxy$_$$_WeldClientProxy.java)
[uberfire-backend-server-0.1.3.Final.jar:0.1.3.Final]
at
org.kie.guvnor.backend.server.AppSetup.assertPlayground(AppSetup.java:69)
[AppSetup.class:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.7.0_17]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[na:1.7.0_17]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.7.0_17]
at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_17]
at
org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:267)
[weld-core-1.1.8.Final.jar:2012-04-29 10:45]
...

Indeed I have found the same exception now in the Jelastic logs.

The error message makes sense: I am not in the USA and neither is our
Jelastic hosting provider (we are in Switzerland). My local Tomcat is
running with a current Oracle JDK (jdk1.7.0_17). But "Unlimited Strength
Jurisdiction Policy Files" sounds like something the USA does not like to
share with the rest of the world :-) But I am just guessing.

I see now that I could download the missing files
<http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html>
and it would be legal to use unlimited strength cryptography in most
countries. But I don't think it is a good idea if I try to fix this on my
side, because I cannot change it in Jelastic.

Is it really necessary to use unlimited encryption for Guvnor?

Maybe this helps: I found this little program that lists the supported
crypto algorithms and providers
<http://stackoverflow.com/questions/3683302/how-to-find-out-what-algorithm-encryption-are-supported-by-my-jvm>
. Here is the output for the JDK I am using with Tomcat, so these would be
the algorithms available in every country of the world:

Provider: SUN
Algorithm: SHA1PRNG
Algorithm: SHA1withDSA
Algorithm: NONEwithDSA
Algorithm: DSA
Algorithm: MD2
Algorithm: MD5
Algorithm: SHA
Algorithm: SHA-256
Algorithm: SHA-384
Algorithm: SHA-512
Algorithm: DSA
Algorithm: DSA
Algorithm: DSA
Algorithm: X.509
Algorithm: JKS
Algorithm: CaseExactJKS
Algorithm: JavaPolicy
Algorithm: JavaLoginConfig
Algorithm: PKIX
Algorithm: PKIX
Algorithm: LDAP
Algorithm: Collection
Algorithm: com.sun.security.IndexedCollection
Provider: SunRsaSign
Algorithm: RSA
Algorithm: RSA
Algorithm: MD2withRSA
Algorithm: MD5withRSA
Algorithm: SHA1withRSA
Algorithm: SHA256withRSA
Algorithm: SHA384withRSA
Algorithm: SHA512withRSA
Provider: SunEC
Algorithm: EC
Algorithm: EC
Algorithm: NONEwithECDSA
Algorithm: SHA1withECDSA
Algorithm: SHA256withECDSA
Algorithm: SHA384withECDSA
Algorithm: SHA512withECDSA
Algorithm: EC
Algorithm: ECDH
Provider: SunJSSE
Algorithm: RSA
Algorithm: RSA
Algorithm: MD2withRSA
Algorithm: MD5withRSA
Algorithm: SHA1withRSA
Algorithm: MD5andSHA1withRSA
Algorithm: SunX509
Algorithm: NewSunX509
Algorithm: SunX509
Algorithm: PKIX
Algorithm: TLSv1
Algorithm: TLSv1.1
Algorithm: TLSv1.2
Algorithm: Default
Algorithm: PKCS12
Provider: SunJCE
Algorithm: RSA
Algorithm: DES
Algorithm: DESede
Algorithm: DESedeWrap
Algorithm: PBEWithMD5AndDES
Algorithm: PBEWithMD5AndTripleDES
Algorithm: PBEWithSHA1AndRC2_40
Algorithm: PBEWithSHA1AndDESede
Algorithm: Blowfish
Algorithm: AES
Algorithm: AESWrap
Algorithm: RC2
Algorithm: ARCFOUR
Algorithm: DES
Algorithm: DESede
Algorithm: Blowfish
Algorithm: AES
Algorithm: RC2
Algorithm: ARCFOUR
Algorithm: HmacMD5
Algorithm: HmacSHA1
Algorithm: HmacSHA256
Algorithm: HmacSHA384
Algorithm: HmacSHA512
Algorithm: DiffieHellman
Algorithm: DiffieHellman
Algorithm: DiffieHellman
Algorithm: DiffieHellman
Algorithm: DES
Algorithm: DESede
Algorithm: PBE
Algorithm: PBEWithMD5AndDES
Algorithm: PBEWithMD5AndTripleDES
Algorithm: PBEWithSHA1AndDESede
Algorithm: PBEWithSHA1AndRC2_40
Algorithm: Blowfish
Algorithm: AES
Algorithm: RC2
Algorithm: OAEP
Algorithm: DiffieHellman
Algorithm: DES
Algorithm: DESede
Algorithm: PBEWithMD5AndDES
Algorithm: PBEWithMD5AndTripleDES
Algorithm: PBEWithSHA1AndDESede
Algorithm: PBEWithSHA1AndRC2_40
Algorithm: PBKDF2WithHmacSHA1
Algorithm: HmacMD5
Algorithm: HmacSHA1
Algorithm: HmacSHA256
Algorithm: HmacSHA384
Algorithm: HmacSHA512
Algorithm: HmacPBESHA1
Algorithm: SslMacMD5
Algorithm: SslMacSHA1
Algorithm: JCEKS
Algorithm: SunTlsPrf
Algorithm: SunTls12Prf
Algorithm: SunTlsMasterSecret
Algorithm: SunTlsKeyMaterial
Algorithm: SunTlsRsaPremasterSecret
Provider: SunJGSS
Algorithm: 1.2.840.113554.1.2.2
Algorithm: 1.3.6.1.5.5.2
Provider: SunSASL
Algorithm: DIGEST-MD5
Algorithm: NTLM
Algorithm: GSSAPI
Algorithm: EXTERNAL
Algorithm: PLAIN
Algorithm: CRAM-MD5
Algorithm: CRAM-MD5
Algorithm: GSSAPI
Algorithm: DIGEST-MD5
Algorithm: NTLM
Provider: XMLDSig
Algorithm: http://www.w3.org/2002/06/xmldsig-filter2
Algorithm: http://www.w3.org/2000/09/xmldsig#enveloped-signature
Algorithm: http://www.w3.org/2001/10/xml-exc-c14n#WithComments
Algorithm: http://www.w3.org/2001/10/xml-exc-c14n#
Algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
Algorithm: DOM
Algorithm: http://www.w3.org/2006/12/xml-c14n11
Algorithm: http://www.w3.org/2000/09/xmldsig#base64
Algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315
Algorithm: http://www.w3.org/TR/1999/REC-xpath-19991116
Algorithm: http://www.w3.org/TR/1999/REC-xslt-19991116
Algorithm: http://www.w3.org/2006/12/xml-c14n11#WithComments
Algorithm: DOM
Provider: SunPCSC
Algorithm: PC/SC
Provider: SunMSCAPI
Algorithm: Windows-PRNG
Algorithm: Windows-MY
Algorithm: Windows-ROOT
Algorithm: NONEwithRSA
Algorithm: SHA1withRSA
Algorithm: SHA256withRSA
Algorithm: SHA384withRSA
Algorithm: SHA512withRSA
Algorithm: MD5withRSA
Algorithm: MD2withRSA
Algorithm: RSA
Algorithm: RSA
Algorithm: RSA/ECB/PKCS1Padding

--
View this message in context: http://drools.46999.n3.nabble.com/Guvnor-6-0-0-Beta2-on-Tomcat-7-should-problems-be-reported-tp4024142p4024167.html

Sent from the Drools: User forum mailing list archive at Nabble.com.
_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users