Java.security file

Is the java.security file the only file that specify the default key store type?
I am building a web services using netbeans. While an error came out saying "invalid keystore format". I think that is because I used to change the default key store type to "jceks" in the java.security file in the [java installation path]\jre\lib\security folder.
I changed it back to "jks". However, the error still exist. I wonder if the java.security file is the only file that defines the default key store type?
Thanks in adv!!!

Hi Rohit,
For more info on java security policy file, please refer
http://java.sun.com/products/jdk/1.2/docs/guide/security/PolicyFiles.html
Hope this helps!
Senthil Babu J

Similar Messages

How to configure java.security file to run j2ee programs

Hi,
I am using Sun one application server to run my j2ee programs.
plz tell me how to configure java.security file inside my appserver so that i can run my servlet program that is using jsse API to create SSL sockets.
I am not able to follow whats there in java.security file.Kindly tell how to configure it.
Waiting for ur replies!
Thanks,
Akshatha

Hi,
I am using Sun one application server to run my j2ee programs.
plz tell me how to configure java.security file inside my appserver so that i can run my servlet program that is using jsse API to create SSL sockets.
I am not able to follow whats there in java.security file.Kindly tell how to configure it.
Waiting for ur replies!
Thanks,
Akshatha

Is it possible to override Java.security file

Hi,
Is there some property which we can pass with -D argument to JVM to specify a custom java.security file, similar to the way we can specify a custom policy file using "java -Djava.security.policy".
My actual requirement is to insert a new Provider which I do not want to do by adding add/insertProvider in my code, nor do I want to change the file
Any workarounds??

Yes:
java -Djava.security.properties=<url> ...
If you use a double equals (==) then you just get the specified property file. If you use a single equals (=) then it appends to the default property file (overwriting duplicate entries with the values in the specified property file).

Security class requires java.security file???

What is the use of java.security file? Which
classes refer this file while creating the instance?
Can we create a class file that will refer this security
file?
When the java program loads security class it needs java.security class?
In what type situation security class look into java.security file???
Pls help me
regards,
namanc

Open the java.security file up in notepad or something.

Error in weblogic7.0 :java.security.NoSuchAlgorithmException:

Hi All
thanks in advance.
i am facing a peculiar problem while using SunJce provider
i have some classes to encrypt& decrypt some information using
DeffieHellman protocol.
Problem 1
while i am running those classes in command prompts
some time it gives me correct results where as other time during decryption i am unable to get the plaintext (i am getting some junk character),where as some time it gives me Badpadding exception
I am using JDK1.3 which comes with weblogic and jce1.2.2
for classpath and path setting
set path=D:\bea\jdk131_03\bin
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\ jce1_2_2.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\sunjce_provider.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\local_policy.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\ext\US_export_policy.jar
my BEA_HOME=d\bea and JAVA_HOME=D:\bea\jdk131_03\jre
Problem 2
While i am using those classes in servlet and jsp which are deployed in weblogic 7
Some time i am getting correct results
but as i stop and start the weblogic server ,i am getting .NoSuchAlgorithmException.
So mainly i am having two classes DiffieHellmanKeyGeneRation and DHEncryptDecrypt given below
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
import com.sun.crypto.provider.SunJCE;
public class DiffieHellmanKeyGeneRation {
PublicKey alicePubKey=null;
     PublicKey bobPubKey=null;
     KeyAgreement aliceKeyAgree =null;
     KeyAgreement bobKeyAgree =null;
* DiffieHellmanKeyGeneRation() constructor -Set the mode and call run method to generate Keypairs
* and assigns it to the instance variables .
* @param nil
* @returns nil
public DiffieHellmanKeyGeneRation(){
     try {
String mode = "GENERATE_DH_PARAMS";
               run(mode);
} catch (Exception e) {
System.err.println("Error: " + e);
System.exit(1);
* getAlicePubKey() -Return the Instance Variable alicePubKey
* @param nil
* @returns PublicKey
public PublicKey getAlicePubKey()
return alicePubKey;
* getBobPubKey() -Return the Instance Variable bobPubKey
* @param nil
* @returns PublicKey
public PublicKey getBobPubKey()
return bobPubKey;
* getAliceKeyAgree() -Return the Instance Variable aliceKeyAgree
* @param nil
* @returns KeyAgreement
     public KeyAgreement getAliceKeyAgree()
return aliceKeyAgree;
* getBobKeyAgree() -Return the Instance Variable bobKeyAgree
* @param nil
* @returns KeyAgreement
public KeyAgreement getBobKeyAgree()
return bobKeyAgree;
*run() method -Generate Algorithm instance,KeySpec,and keypair
* and assigns it to the instance variables .
* @param String
* @returns nil
private void run(String mode) throws Exception {
DHParameterSpec dhSkipParamSpec=null;
// System.out.println("Creating Diffie-Hellman parameters (takes VERY long) ...");
AlgorithmParameterGenerator paramGen=AlgorithmParameterGenerator.getInstance("DH");
paramGen.init(512);
AlgorithmParameters params = paramGen.generateParameters();
dhSkipParamSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class);
* Alice creates her own DH key pair, using the DH parameters from
* above
// System.out.println("ALICE: Generate DH keypair ...");
KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(dhSkipParamSpec);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
// Alice creates and initializes her DH KeyAgreement object
// System.out.println("ALICE: Initialization ...");
aliceKeyAgree = KeyAgreement.getInstance("DH");
aliceKeyAgree.init(aliceKpair.getPrivate());
// Alice encodes her public key, and sends it over to Bob.
byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded();
* Let's turn over to Bob. Bob has received Alice's public key
* in encoded format.
* He instantiates a DH public key from the encoded key material.
KeyFactory bobKeyFac = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc);
alicePubKey = bobKeyFac.generatePublic(x509KeySpec);
* Bob gets the DH parameters associated with Alice's public key.
* He must use the same parameters when he generates his own key
* pair.
DHParameterSpec dhParamSpec = ((DHPublicKey)alicePubKey).getParams();
// Bob creates his own DH key pair
// System.out.println("BOB: Generate DH keypair ...");
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamSpec);
KeyPair bobKpair = bobKpairGen.generateKeyPair();
// Bob creates and initializes his DH KeyAgreement object
// System.out.println("BOB: Initialization ...");
bobKeyAgree = KeyAgreement.getInstance("DH");
bobKeyAgree.init(bobKpair.getPrivate());
// Bob encodes his public key, and sends it over to Alice.
byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
* Alice uses Bob's public key for the first (and only) phase
* of her version of the DH
* protocol.
* Before she can do so, she has to instanticate a DH public key
* from Bob's encoded key material.
KeyFactory aliceKeyFac = KeyFactory.getInstance("DH");
x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc);
bobPubKey = aliceKeyFac.generatePublic(x509KeySpec);
2)
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
import sun.misc.*;
import com.sun.crypto.provider.SunJCE;
public class DHEncryptDecrypt {
PublicKey alicePubKey=null;
     PublicKey bobPubKey=null;
     KeyAgreement aliceKeyAgree =null;
     KeyAgreement bobKeyAgree =null;
     SecretKey bobDesKey = null;
     SecretKey aliceDesKey =null;
* DHEncryptDecrypt constructor -it intancetiate DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
* and assigns it to the instance variables .
* @param nil
* @returns nil
     public DHEncryptDecrypt()
          try{
          init();
     }catch(Exception e){e.printStackTrace();}
* init() -it DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
* and assigns it to the instance variable ds.
* @param nil
* @returns nil
private void init() throws Exception
     System.out.println("Initialising...");
               DiffieHellmanKeyGeneRation dhPubKey=new DiffieHellmanKeyGeneRation();
               alicePubKey=dhPubKey.getAlicePubKey();
               bobPubKey=dhPubKey.getBobPubKey();
aliceKeyAgree=dhPubKey.getAliceKeyAgree();
               bobKeyAgree=dhPubKey.getBobKeyAgree();
//System.out.println("ALICE: Execute PHASE1 ...");
aliceKeyAgree.doPhase(bobPubKey, true);
     * Bob uses Alice's public key for the first (and only) phase
     * of his version of the DH
     * protocol.
// System.out.println("BOB: Execute PHASE1 ...");
bobKeyAgree.doPhase(alicePubKey, true);
* At this stage, both Alice and Bob have completed the DH key
* agreement protocol.
* Both generate the (same) shared secret.
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
int aliceLen = aliceSharedSecret.length;
byte[] bobSharedSecret = new byte[aliceLen];
int bobLen;
/* try {
// show example of what happens if you
// provide an output buffer that is too short
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 1);
} catch (ShortBufferException e) {
System.out.println(e.getMessage());
// provide output buffer of required size
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 0);
          if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
throw new Exception("Shared secrets differ");
//System.out.println("Shared secrets are the same");
// System.out.println("Return shared secret as SecretKey object ...");
// Bob
// Note: The call to bobKeyAgree.generateSecret above reset the key
// agreement object, so we call doPhase again prior to another
// generateSecret call
bobKeyAgree.doPhase(alicePubKey, true);
bobDesKey = bobKeyAgree.generateSecret("DES");
// Alice
// Note: The call to aliceKeyAgree.generateSecret above reset the key
// agreement object, so we call doPhase again prior to another
// generateSecret call
aliceKeyAgree.doPhase(bobPubKey, true);
aliceDesKey = aliceKeyAgree.generateSecret("DES");
* encrypt() - Alice encrypts, using DES in ECB mode
* and assigns it to the instance variable ds.
* @param String
* @returns String
          public String encrypt(String ClearText) throws Exception
     String CipherText=null;
               try{
               // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
          Cipher aliceCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
     aliceCipher.init(Cipher.ENCRYPT_MODE, aliceDesKey);
               byte[] cleartext = ClearText.getBytes();
               //System.out.println("cleartext Array:"+ cleartext.size);
               byte[] ciphertext = aliceCipher.doFinal(cleartext);
// BASE64Encoder b64e = new BASE64Encoder();
               //CipherText = b64e.encode(ciphertext);
               CipherText = new String(ciphertext);
               }catch(Exception e){e.printStackTrace();}
     return CipherText;
* encrypt() - Bob Decrypts, using DES in ECB mode
* and assigns it to the instance variable ds.
* @param String
* @returns String
public String decrypt(String CipherText) throws Exception
String Recovered=null;
     try{
          // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
// System.out.println("Length of String is:"+CipherText.length());
               Cipher bobCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
          bobCipher.init(Cipher.DECRYPT_MODE, bobDesKey);
               byte[] CipherTextBytes=CipherText.getBytes();
byte[] recovered = bobCipher.doFinal(CipherTextBytes);
               Recovered=new String(recovered);
          // System.out.println("Decryption:"+Recovered+"length:="+Recovered.length());
}catch(Exception e){e.printStackTrace();}
     return Recovered;
and i am using following logic to encrypt and decrypt
String MyPlainText ="sm_user=residential&csol_account=383784";
//String MyPlainText ="This is my message";
     System.out.println("\nPlain Text:="+MyPlainText+"\n\n");
try{
     DHEncryptDecrypt ed=new DHEncryptDecrypt();
String CipherText=(ed.encrypt(MyPlainText));
               BASE64Encoder b64e = new BASE64Encoder();
               String CipherText1 = b64e.encode(CipherText.getBytes());
System.out.println("\n\nUserInfo="+CipherText1);
     String DecryptedMessage=ed.decrypt(CipherText);
System.out.println("\n\nDecrypedMessage=:"+DecryptedMessage);
     }catch(Exception e){e.printStackTrace();}
and my java.security file in D:\ bea\jdk131_03\jre\lib\security
is changed to add the provider as
# List of providers and their preference orders (see above):
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.crypto.provider.SunJCE
security.provider.3=com.sun.rsajca.Provider
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
policy.provider=sun.security.provider.PolicyFile
Pls help me to resolve the magic shown by these classes.....some time right and some time worng
mainly i need help in
Badpadding Exception and NosuchAlogorithm exception in weblogic
Thanks
And regards
Arati

replace all calls of getBytes() and new String(text) with the versions where you can state a charset: getBytes(charset), new String(text, charset). i use "iso-8859-1" as the charset.
this should at least fix your "Badpadding exception" problem (it did fix it for me).

Help : java.security.UnrecoverableKeyException: excess private key

Hi,
I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
The full stack trace is as follows
------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
     at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
     at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
     at java.security.KeyStore.getKey(KeyStore.java:289)
     at com.security.Security.generatePKCS7Signature(Security.java:122)
     at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
     at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
I had tested the program under following scenarios...
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
I changed the java.security file as follows(only changed content)
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=com.ibm.security.cert.IBMCertPath
security.provider.8=com.ibm.security.cmskeystore.CMSProvider
I have used PKCS12(PFX) file for digital signature
which is same for all environment(i have described as above)
I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
So what could be the problem for such exception?????
I am on this issue since last one month...
I know very little about security.
Thanks in advance
PLEASE HELP ME(URGENT)
Edited by: user10935179 on Sep 27, 2010 2:47 AM
Edited by: user10935179 on Sep 27, 2010 2:54 AM

user10935179 wrote:
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) If the program was working fine without changing the java.security policy file, why have you changed it to put the IBM Providers ahead of the SunRsaSign provider?
While I cannot be sure (because I don't have an IBM provider to test this), the error is more than likely related to the fact that the IBM Provider implementations for handling RSA keys internally are different from the SunRsaSign provider. Since you've now forced the IBM provider ahead of the original Sun provider, you're probably running into interpretation issues of the encoded objects inside the keystore.
Change your java.security policy back to the default order, and put your IBM Providers at the end of the original list and run your application to see what happens.
Arshad Noor
StrongAuth, Inc.

Java.security.AccessControlException: access denied (java.util.PropertyPerm

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
at com.sun.ba.tool.baApplet.init(baApplet.java:46)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
... 7 more
any help would be appriciated so much.
thanks
mehmad

I dont know, but It may be that an Applet can only access the local machine. ie. If you run the applet on computer A and you want to edit the config on computer B, I do not believe you can. The applet can only talk to Computer A. You would have to:
1) Run an application on computer A and the applet would tell the application what to change.
2)Maybe sign the applet in a JAR File
You will probably have to do #1.
US101

Java.security.AccessControlException: access denied (java.util.PropertyPer

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
     at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
     at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
     at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
     at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
     at com.sun.ba.tool.baApplet.init(baApplet.java:46)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
     at java.lang.System.getProperty(Unknown Source)
     at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
     ... 7 more
any help would be appriciated so much.
thanks
mehmad

Hi,
Please make changes in the java.security files present in the jdk1.3/lib/jre/security/java.security.There you make the changes in the property which gives you the error.See if this helps..
regards vickyk

Java.security.ProviderException: unable to parse algorithm params.

java.security.ProviderException: unable to parse algorithm params.
Anyone any idea how to get around this problem? Is it something to do with the java.security file?

i may or may not be very helpful depending on your setup.
1. when you say "this works fine for sun plugins, but not for the MS JVM", what do you mean? where is the Sun VM used (client or server side) and where is the MS VM used (client or server side)?
2. how are you obtaining the binary key encoding (that is then BASE64-encoded)? i assume you are calling java.security.Key.getEncoded. are you getting a standard PKCS8Encoding for a private key? you can check via Key.getFormat. make sure if you are switching between VM's, that both VM's are encoding the key in a format that you expect. in particular, if they both claim to export into PKCS8, then make sure the encoded bytes are identical.
3. how are you re-constituting the key? are you using the java.security.spec.KeySpec APIs? i believe these were added in J2SE 1.2, which means i don't believe they are available in the MS VM (which is only 1.1.X-compliant if i recall correctly).
based on all of the above, i don't think the java.security file is the culprit - but perhaps incompatible key encodings between different vendor VM's.

I have One Question about java security

In java.security file, there are many option...
(Ex) java.security
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
policy.provider=sun.security.provider.PolicyFile
but, I can't understand where "sun.security.provider.PolicyFile" class is located.
please, tell me where this class located, and How can I customized this PolicyFile

<waving the magic wand>
abracadabra
</waving the magic wand>
check up the rt.jar file and u will c the classes.
have fun

See my error java.security.AccessControlException: access denied how change

hi master
sir wrote connection class that run and give me right result
but when i call data from applet then
java give me error
java.security.AccessControlException: access denied (java.util.PropertyPermission oracle.jserver.version read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
=======
sir i serch in net i got some idea
i. change java.policy
and put this code
grant codeBase "http://ib-s01/-" {
permission java.security.AllPermission;
sir please give me idea i serch java.policy in my system that show many java.policy file
sir which file i use and where i put
this code
grant codeBase "http://ib-s01/-" {
permission java.security.AllPermission;
second idea got from net change the java.security
2. change java.security
and put this code
policy.url.1=file:${java.home}/lib/security/java.policy
sir please give me idea i serch java.policy in my system that show many java.security file
sir which file i use and where i put
this code
policy.url.1=file:${java.home}/lib/security/java.policy
please give me idea how i chang my java.policy and java.security file
thank you
aamir

Amir,
You have to make your applet a signed applet.
Please search the Internet to find out how to do this.
Good Luck,
Avi.

Weblogic 8.1 JAAS login.configuration.provider from java.security does not seem to work?

We configure a custom implementation of the JAAS
javax.security.auth.login.Configuration class for our applications security
framework in JRE_LIB/security/java.security using the entry
login.configuration.provider=com.foo.SecurityConfiguration
However, this does not seem get picked up and the configuration provider
class instead seems to default to
weblogic.security.service.ServerConfiguration
instead.
Has anyone else seen this?
We're using the JDK bundled with Weblogic 8.1
TIA for your help

Thanks for all the posting re. this issue....
I think the way Weblogic implemented "support" for JAAS in 8.1 totally
blows. In fact, when I asked BEA support about this, they basically sent me
an email saying that "Weblogic owns the JAAS configuration" so if you have a
security framework that is application server agnostic, but leverages JAAS
then you are screwed when deploying on Weblogic 8.1.
I looked for a workaround and believe that instead of using an entry in
java.security for your custom configuration class, if you set the JVM
parameter
-Dlogin.configuration.provider=com.foo.SecurityConfiguration
then what happens is that the Weblogic custom class
weblogic.security.service.ServerConfiguration is invoked by JAAS. It tries
to load the login module configuration and if that fails, it delegates to
com.foo.SecurityConfiguration. So this should enable both the weblogic
security framework and a custom security framework that are both based on
JAAS
I'm currently testing this out
"Lloyd Fernandes" <[email protected]> wrote in message
news:[email protected]...
>
Robert Greig <[email protected]> wrote:
Lloyd Fernandes wrote:
"Lloyd Fernandes" <[email protected]> wrote:
"Prashant Nayak" <[email protected]> wrote:
We configure a custom implementation of the JAAS
javax.security.auth.login.Configuration class for our applications
security
framework in JRE_LIB/security/java.security using the entry
login.configuration.provider=com.foo.SecurityConfiguration
However, this does not seem get picked up and the configuration
provider
class instead seems to default to
weblogic.security.service.ServerConfiguration
instead.
Has anyone else seen this?
We're using the JDK bundled with Weblogic 8.1
TIA for your help
As per documentation in the API JAVADOCS forjavax.security.auth.login.Configuration
>>>>
>>>>
The default Configuration implementation can be changed by settingthe
value of
the "login.configuration.provider" security property (in the Java
security
properties
file) to the fully qualified name of the desired Configurationimplementation
class. The Java security properties file is located in the file named
<JAVA_HOME>/lib/security/java.security,
where <JAVA_HOME> refers to the directory where the JDK was installed.
Have you tried to use a startup class to set the configuration providerusing
javax.security.auth.login.setConfiguration(YourConfigClass);
Weblogic probably uses this to set the configuration class to it'sown.
You have to consider whether this is really something you want to do
however. If you want to get WLS to use a custom authenticator use its
SSPIs. You can configure the order etc. in the admin console.
By overriding the configuration you override it for the server as a
whole which can mean for example that you cannot login to the admin
console. Having said this, from memory, I believe that the property is
ignored in WLS. However you can still call
Configuration.setConfiguration if you really want to.
The fact that there is a "global static" in the Configuration class is
a
Bad Thing IMHO, that was never really designed for an app server
environment.
Robert
If it is a bad thing to have a static how come Weblogic uses it instead ofthe
standard way of modifying the property in java security file - it isbecause
weblogic wants it's own way of implementing instead of using using the'plugable
module' architecture of JAAS.
When weblogic advertised that it will support JAAS the impression was thatWeblogic
would provide a login module that will implement the security mechanism itwanted
- instead it went it's own way.
Also consider the following
1. JAAS specifies a mechanism for multiple configurations based on a'application'.
This is not possible in the current 'weblogic security mechanism'
2. Weblogic says it supports JAAS but what it does not tell you is that inorder
to use available login modules you have to write a whole bunch of code tosupport
principal validators and authenticators. (I begin to wonder if write oncedeploy
anywhere is not part of Sun's certification process anymore)

Changing java.security providers

Hi
Does anyone know if changing the default security provider breaks WL 5.1?
/usr/java/jre/lib/security
Before:
security.provider.1=sun.security.provider.Sun
After:
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=sun.security.provider.Sun
Also, does WL or Java have a parameter to use an alternate java security file,
i.e. running different invocations of Java with different files?
Thanks.

It raises a java.io.IOException: "Could not completed immediately a socket unlock operation".Is that the exact text? with the grammar error? if not can you please provide the exact text?
and also the stack trace?

Data loss in the secure file transfer using java

Hi,
My java Appllication uses the sftp(secure file transfer protocol) for file transferring. when the load is high like 150 GB , data loss occuring for some files especially last chunk of data is missing.
Core file transfer code
while (true)
int read = bis.read(buffer); //Reading bytes into the byte array (buffer) from network stream (bis).
if (read==-1) {
break; //Break the loop, if there are no more bytes available in the InputStream.
bos.write(buffer,0,read); //Writing the same number of bytes what we read into buffer byte array into OutputStream
complete.update(buffer,0,read); //Giving the same number of bytes what we read above to the checksum calculation.
bytesSoFar += read; //Incrementing the bytes that we have read from the source.
//if the bytes transferred are equal to the source file size
If (bytesSoFar == fileInfo.getFileSize().intValue())
// Calculate the file checksum.
// Update DbAuditLog with checksum and no. of bytes read
else
// Update DbAuditLog with no. of bytes read
bos.flush();
Please help , why the data loss is happening when the big size files transfer
Note:
1.150 gb not a single file multiple files.
2.SFTP no java specific API, So connection is happening through java .io.sockect connection

so, if you are not getting any exceptions, yet the data is incorrect, it sounds like you are having actual network issues. i'd start looking at things like the actual network cards in the computer as well other equipment involved in the transfer. since you are not getting exceptions, the network stack obviously thinks nothing was lost over the wire, so either the actual hardware has issues, or the network stack, or the issue is on the sending end. the last possibility is that the client is somehow munging the data it is sending. do you control the client code? if so, i'd start checking the client side code for bugs (and/or post it here).
also, i'm assuming that all of the variables included in your original code are thread local (you aren't sharing any of those buffers/streams/etc between multiple threads).

Java.security.cert.CertificateException

Hi,
I am using a JAVA client to connect to a https server which uses certificates for authentication.
The server uses gSOAP certificates for client authentication and encryption of messages.
I am using JSSE coming along with JDK1.6 and generated keystore file from client.pem and cacert.pem files used by the server.
I need to send SOAP messages with attachments.
I am using SAAJ API with JDK 1.6 .
When I try to connect to the server through javax.xml.soap.SOAPConnection, I am getting java.security.cert.CertificateException. Please see the exception below.
Note: Server is responding properly to SOAP UI tool(java testing tool) with certifcates authentication.
I have enabled debug option in SSL.
E:\test\properties\storefile.jks
keyStore is : E:\test\properties\storefile.jks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: E:\test\properties\storefile.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Sat Oct 02 22:38:06 IST 2004 until Tue Oct 02 22:38:06 IST 2007
adding as trusted cert:
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x7
Valid from Sun Dec 25 01:01:53 IST 2005 until Wed Dec 24 01:01:53 IST 2008
adding as trusted cert:
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x8
Valid from Sun Dec 25 01:03:13 IST 2005 until Wed Dec 24 01:03:13 IST 2008
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1155448094 bytes = { 120, 70, 246, 123, 195, 47, 61, 191, 223, 241, 23, 204, 98, 143, 212, 251, 80, 10, 100, 183, 82, 82, 215, 228, 212, 47, 68, 224 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
Thread-3, WRITE: TLSv1 Handshake, length = 73
Thread-3, WRITE: SSLv2 client hello message, length = 98
Thread-3, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1155531752 bytes = { 248, 141, 63, 154, 117, 213, 184, 250, 239, 237, 26, 225, 175, 38, 151, 65, 101, 127, 134, 46, 180, 80, 153, 133, 215, 120, 102, 11 }
Session ID: {100, 201, 98, 232, 113, 191, 163, 129, 1, 101, 251, 29, 233, 245, 144, 203, 231, 208, 202, 248, 160, 99, 84, 248, 86, 16, 235, 234, 20, 73, 231, 148}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
Thread-3, READ: TLSv1 Handshake, length = 1868
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
public exponent: 65537
Validity: [From: Sun Dec 25 01:03:13 IST 2005,
               To: Wed Dec 24 01:03:13 IST 2008]
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
SerialNumber: [    08]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
0010: BA 27 B4 C1 .'..
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
SerialNumber: [    00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
chain [1] = [
Version: V3
Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 106482211752195899275275639329238789380560290379431640534106480581317795742917955972475513891969031216742557266096088552725987675210922796797720103531106400345818891764659480805498923495886457178236281557583158652266656923442983245641013901721295378444704296581436391012531718274035287004196101203604693764023
public exponent: 65537
Validity: [From: Sat Oct 02 22:38:06 IST 2004,
               To: Tue Oct 02 22:38:06 IST 2007]
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
SerialNumber: [    00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
SerialNumber: [    00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 59 9B F6 45 7E 10 3C 79 3B 88 FB 74 B3 2E F7 4F Y..E..<y;..t...O
0010: 67 16 09 C1 2F 4E AC 7A 98 EA B4 12 08 6D 96 37 g.../N.z.....m.7
0020: 1A 70 A0 79 FC 4A A7 54 BA 21 FD 35 FE 67 55 EF .p.y.J.T.!.5.gU.
0030: D9 D9 18 99 5D 7A 03 3B EE DC F8 54 89 73 B8 86 ....]z.;...T.s..
0040: B3 FB 63 4E F8 6A 9B AF A1 2B 39 1F B7 50 63 AB ..cN.j...+9..Pc.
0050: 46 E1 F7 F5 A3 13 D4 3B F0 1D 8A 54 E4 65 3E 94 F......;...T.e>.
0060: 6D 5A 58 77 50 A7 CB 99 E7 2E 28 90 C8 37 67 D2 mZXwP.....(..7g.
0070: 19 E6 78 A3 91 49 E9 08 74 0E FA AF FC 16 B3 0B ..x..I..t.......
Feb 24, 2007 9:50:47 AM com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
SEVERE: SAAJ0009: Message send failed
com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
     at SOAPConnector$1.run(SOAPConnector.java:145)
Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
     at java.security.AccessController.doPrivileged(Native Method)Found trusted certificate:
Version: V3
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
public exponent: 65537
Validity: [From: Sun Dec 25 01:03:13 IST 2005,
               To: Wed Dec 24 01:03:13 IST 2008]
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
SerialNumber: [    08]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
0010: BA 27 B4 C1 .'..
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
SerialNumber: [    00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
Thread-3, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-3, WRITE: TLSv1 Alert, length = 2
Thread-3, called closeSocket()
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
     ... 2 more
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
     ... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
     at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
     ... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
     at sun.security.util.HostnameChecker.matchIP(Unknown Source)
     at sun.security.util.HostnameChecker.match(Unknown Source)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
     ... 17 more
CAUSE:
java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
     at SOAPConnector$1.run(SOAPConnector.java:145)
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
     ... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
     at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
     ... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
     at sun.security.util.HostnameChecker.matchIP(Unknown Source)
     at sun.security.util.HostnameChecker.match(Unknown Source)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
     ... 17 more
CAUSE:
java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
     at SOAPConnector$1.run(SOAPConnector.java:145)
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
     at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
     ... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
     at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
     ... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
     at sun.security.util.HostnameChecker.matchIP(Unknown Source)
     at sun.security.util.HostnameChecker.match(Unknown Source)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
     ... 17 more
Any help is appreciated.

did you find the solution for the issue i am using jscape now...

Java.security file

Similar Messages

Maybe you are looking for