Current Position:Home > AccessControlException with third party JCE provider

AccessControlException with third party JCE provider

Update:10-11Source: network consolidation
Advertisement
Hi,
I have a third party cryptographic provider that I must use.
I can't tell if the provider is failing to load or if actual operations are denied. All I do know is that everytime it tries to actually do anything it fails with (the class that subclasses Provider is called IAIK):
Caused by: java.security.AccessControlException: access denied (java.security.SecurityPermission putProviderProperty.IAIK)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
at java.security.Provider.check(Provider.java:341)
at java.security.Provider.put(Provider.java:303)
at iaik.security.provider.IAIK.a(Unknown Source)
at iaik.security.provider.IAIK.<init>(Unknown Source)
It seems to me that the provider is trying to programmatically load and register itself. Obviously I have to grant permission to do this, but I don't know how, because I don't know exactly what its trying to do.
I did find something in the JDK docs mentioning doing something like this to the server.policy:
grant codeBase "file:C:/Sun/AppServer7/domains/domain1/server1/lib/*" {
     permission java.security.SecurityPermission "putProviderProperty.IAIK"
But this not only doesn't work, I also need to understand it.
I've tried using it as a standard extension and it still doesn't work.
Would appreciate any pointers here
Thanks
Sam

The Best Answer

Advertisement
Hi ,
I am using SUN ONE application server and I have a third party cryptographic provider that I must use(BouncyCastleProvide). I've modified server.policy, java.policy files but nothing helped.
// These permissions apply to the RD application
grant codeBase "file:C:/Sun/AppServer7/domains/domain1/server1/lib/*" {
permission java.security.AllPermission;
Please help.
Thanks
INFO: CORE3282: stdout: [02/Mar/2005 14:22:08:866] error: |AESEncryption|prepareMap|1|oSecretKey_file: /WEB-INF/config
/secret_asn1.key
INFO: CORE3282: stdout: [02/Mar/2005 14:22:08:866] error: |AESEncryption|prepareMap|1|oGenrateKeys: no
INFO: CORE3282: stdout: [02/Mar/2005 14:22:08:897] error: |AESEncryption|AESEncryption::Constructor|1|java.security.Ac
cessControlException: access denied (java.security.SecurityPermission putProviderProperty.BC)
INFO: CORE3282: stdout: at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
INFO: CORE3282: stdout: at java.security.AccessController.checkPermission(AccessController.java:401)
INFO: CORE3282: stdout: at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
INFO: CORE3282: stdout: at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
INFO: CORE3282: stdout: at java.security.Provider.check(Provider.java:384)
INFO: CORE3282: stdout: at java.security.Provider.put(Provider.java:339)
INFO: CORE3282: stdout: at org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(BouncyCastleProvider.java:52)
INFO: CORE3282: stdout: at com.sp.fwk.golden.encryption.AESEncryption.<init>(AESEncryption.java:48)
INFO: CORE3282: stdout: at com.sp.fwk.golden.encryption.AESEncryption.getInstance(AESEncryption.java:71)
INFO: CORE3282: stdout: at com.sp.fwk.golden.presentation.FwkServlet.init(FwkServlet.java:72)
INFO: CORE3282: stdout: at javax.servlet.GenericServlet.init(GenericServlet.java:258)
INFO: CORE3282: stdout: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
INFO: CORE3282: stdout: at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:658)
INFO: CORE3282: stdout: at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:229)
INFO: CORE3282: stdout: at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
INFO: CORE3282: stdout: at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
INFO: CORE3282: stdout: at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
INFO: CORE3282: stdout: at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:203)
INFO: CORE3282: stdout: at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
INFO: CORE3282: stdout: at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
INFO: CORE3282: stdout: at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
  • AccessControlException with third party JCE provider Update:10-11

    Hi, I have a third party cryptographic provider that I must use. I can't tell if the provider is failing to load or if actual operations are denied. All I do know is that everytime it tries to actually do anything it fails with (the class that subcla

  • AccessControlException while adding new JCE Update:11-30

    Hi folks, I get an AccessConrolException while adding a new JCE when the application is run via web start, although all-permissions has been defined. JVM is 1.5.0_04-b05 on Windows and Linux Do I have to specify something extra, or is it not possible

  • JCE requires: java.lang.RuntimePermission requires accessClassInPackage.sun.security.provider Update:11-30

    I'm trying to use the JCE with JWS1.0.2. All I want to do is generate a KeyPair and I can NOT use a signed application. The code is: public static KeyPair genDHKeyPair() throws Exception { // properties... DHParameterSpec dhSkipParamSpec; dhSkipParam

  • Is that an JCE problem? Please help! Update:11-30

    Hi, I have followed the JWSDP1.4 tutorial to setup and run the "xws-security\samples\simple" sample with Tomcat as the container and assembla_msks_jce.jar as the JCE provider, but always got the exception shown below when running the TestClient.

  • EJB using JCE Update:11-30

    Hello everyone.... Recently I've been trying to use JCE 1.2 in order to decrypt a username. This is supposed to be done through a jsp invoking a bussiness method through the bean's remote interface. However, when dynamically creating a provider throu

  • Applet Error:java.security.AccessControlException: access denied Update:10-11

    Hi, I just successful deploy an business component project to oralce 8.1.6 as an EJB Session bean, and the test of application module is successful. In the same workspace, I create an new project with an applet(which contains only an grid control)as

  • How can i deal with java.security.AccessControlException? Update:10-11

    Hi all, I need to implement JavaMail using Servlet and deploy throught J2EE deployment tool. But when i test out the servlet i will always encounter this exception thrown. How can i solve this? java.security.AccessControlException: access denied (jav

  • Java.security.AccessControlException when calling web service from applet Update:10-11

    I have an applet that calls a webservce (Xmethods' delayed stock quote service). When I run the applet in appletviewer, I get the following: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.security.AccessControlException: ac

  • JCE Jurisdiction does not allow Portal to start Update:10-11

    Hi, I've a EP 6.0 SP9 on WAS 6.40. Someone has moved JDK files and I've to re-install full JDK. Now when I try to restart the Portal the message serve and enqueue server come up but the dispatcher,server,sdm part fails. I check for the logs and in bo

  • AccessControlException with Windows Vista Update:10-11

    I have Java-Applet running for several month and alot of customers are working well. Now I get a customer reply that it's not possible to log in. On my machine everything is working well, but the customer is using Windows Vista, which I don't have. T