4 Replies Latest reply on Jul 16, 2006 9:26 AM by wussykye

    Using JCE crypto in EJBs

    wussykye

      My application uses encryption for storing info in it's tables. When I run the encryption code outside of JBoss, it works fine. When it is called in an EJB, there is a SecurityException thrown with a message about "Cannot locate policy or framework files!" and "Cannot set up certs for trusted CAs". It looks like JBoss is blocking access to cacert file.

      My EJBs don't have any role or authentication defined. Do I need to setup a LoginModule to the EJBs or is there a way to allow read-only access the crypto stuff?

      I'm using Jboss 4.0.3SP1.

      Thanks,

      Colin

        • 1. Re: Using JCE crypto in EJBs
          soshah

          wussykye-

          Try accessing your cert file using a full system path to your cacert file within your EJB to make sure this is not an issue with locating the cacert file.

          Also, did you try getting an input stream to the cert file in your EJB and make sure the file is actually being located and read.


          AFAIK, JBoss does not specifically block access to any crypto related files

          Thanks
          Sohil

          • 2. Re: Using JCE crypto in EJBs
            wussykye

            Sohil,

            I'm not accessing the cacerts file explicitly, I'm calling JCE KeyGenerator to create a key. When I call KeyGenerator.getInstance("DES"), I get the SecurityException when I'm running in container. I don't get this exception while running out of container. As far as I can tell, I'm using the same JVM for both Jboss and outside of jboss.

            Do I need to include the JCE jars in the EJB/EAR or include them in the classpath when I startup JBoss? The JCE jars are in the <java_home>/jre/bin/ext and the cacerts file is in <java_home>/jre/bin/security.

            Thanks,

            Colin

            • 3. Re: Using JCE crypto in EJBs
              soshah

              wussykye-

              are you sure the jars are located in <java_home>/jre/bin and not
              <java_home>/jre/lib

              You might want to look at the following things in your setup:

              1) Make sure the <java_home>/jre/lib/security/java.security file has the proper priority order for the JCE providers you are trying to use

              2) If you are trying to use the SUN_JCE provider make sure its provider is available in the <java_home>/jre/lib/ext directory (sunjce_provider.jar)

              If you are trying to use the built-in JCE providers I don't think you need to include the jar files in the EJB/EAR module.

              • 4. Re: Using JCE crypto in EJBs
                wussykye

                Thanks for the suggestions. In order to fix the problem, I uninstalled all copies of the Java (I had several) and reinstalled the JVM and the security files from sun.

                Thanks,

                Colin