1 Reply Latest reply on Jul 30, 2008 9:24 AM by Andrew Keating

    Signed security provider jar inquiry

    Andrew Keating Newbie

      I am implementing a custom handler (GenericSOAPHandler) which uses the JSafeJCE cryptography provider.

      The JSafeJCE jar is signed, and it performs a self-integrity check when one attempts to access any of its contents.

      The self-integrity check is failing in my service, which is generally the result of the signature being broken (for example, if I modified the contents of the jar, this would occur):

      11:13:40,999 ERROR [[TestService]] Servlet.service() for servlet TestService thr
      ew exception
      java.lang.SecurityException: JsafeJCE provider self-integrity check failed
      at com.rsa.jsafe.provider.JsafeJCE.(Unknown Source)

      If I run my JBossWS client within the context of eclipse, however, there are no issues. By this, I mean that I am inserting my custom handler into the HandlerChain within my client (as opposed to setting the @HandlerChain annotation in the deployed service), so the libraries are being referenced from my classpath, and not from JBoss' lib directory.

      I have no idea why the self-integrity check fails in the first case--is it possible that JBoss is somehow modifying/unsigning the JSafe jar?

      Any suggestions would be much appreciated! :)