Java Security (JAAS)

Hi!
I created login module using java security (JAAS). In that 'logout' link is working properly at client side. but it is not working at server side.
It is giving following exception at Browser.
The requested URL could not be retrieved
While trying to retrieve the URL: http://herring.bostednt.com:7778/nstar/EELoginAction.do
The following error was encountered:
Unable to determine IP address from host name for herring.bostednt.com
The dnsserver returned:
Name Error: The domain name does not exist.
This means that:
The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.
Your cache administrator is root.
http://herring.bostednt.com:7778 ---->> This is the server URL.
help me how to solve this.
email : [email protected]

as a test try with hard coding the IPAddress instead of the hostname

Similar Messages

  • Jaas sample progrma in weblogic 6.1 giving the following error java.lang.SecurityException: attempting to add an object which is not an instance of java.security.Principal to a Subjec

    jaas sample progrma in weblogic 6.1 giving the following error java.lang.SecurityException:
    attempting to add an object which is not an instance of java.security.Principal
    to a Subjec
    on runnig the program during the call of method Authenticate.authenticate(env,
    subject); giving following exceptions Error: Login Exception on authenticate,
    java.lang.SecurityException: attempting to add an object which is not an instance
    of java.security.Principal to a Subjec t's Principal Set Authentication Failed:
    Unexpected Exception, javax.security.auth.login.LoginExce ption: java.lang.SecurityException:
    attempting to add an object which is not an instance of java.security.Principal
    to a Subject's Principal Set javax.security.auth.login.LoginException: javax.security.auth.login.LoginExcepti
    on: java.lang.SecurityException: attempting to add an object which is not an ins
    tance of java.security.Principal to a Subject's Principal Set at examples.security.jaas.SampleLoginModule.login(SampleLoginModule.java
    :192) at java.lang.reflect.Method.invoke(Native Method) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 25) at
    javax.security.auth.login.LoginContext$3.run(LoginContext.java:531) at java.security.AccessController.doPrivileged(Native
    Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java
    :528) at javax.security.auth.login.LoginContext.login(LoginContext.java:449) at
    examples.security.jaas.SampleClient.main(SampleClient.java:96)
    1)what is the reason for this problem
    2)in weblogic document they told to edit server.policy file in webligic\lib folder
    a)what the modification is needed in this file..?

    Hi jerry
    i already got that problem solved by removing jaas.jar file
    from class path.
    i don'nt how it is working with out in classpath...?
    Jerry <[email protected]> wrote:
    Hi Nivas,
    I think that the problem you are seeing has something to do with the
    placement of jaas.jar in your classpath
    On WebLogic server, put jaas.jar in the classpath after weblogic.jar.
    I would bet that you have it placed before weblogic.jar right now.
    I don't think the exception that you're seeing right now has anything
    to do with your weblogic.policy file right now, so I think it is
    safe to not worry about it right now.
    Hope this helps,
    Joe Jerry

  • Weblogic 8.1 JAAS login.configuration.provider from java.security does not seem to work?

    We configure a custom implementation of the JAAS
    javax.security.auth.login.Configuration class for our applications security
    framework in JRE_LIB/security/java.security using the entry
    login.configuration.provider=com.foo.SecurityConfiguration
    However, this does not seem get picked up and the configuration provider
    class instead seems to default to
    weblogic.security.service.ServerConfiguration
    instead.
    Has anyone else seen this?
    We're using the JDK bundled with Weblogic 8.1
    TIA for your help

    Thanks for all the posting re. this issue....
    I think the way Weblogic implemented "support" for JAAS in 8.1 totally
    blows. In fact, when I asked BEA support about this, they basically sent me
    an email saying that "Weblogic owns the JAAS configuration" so if you have a
    security framework that is application server agnostic, but leverages JAAS
    then you are screwed when deploying on Weblogic 8.1.
    I looked for a workaround and believe that instead of using an entry in
    java.security for your custom configuration class, if you set the JVM
    parameter
    -Dlogin.configuration.provider=com.foo.SecurityConfiguration
    then what happens is that the Weblogic custom class
    weblogic.security.service.ServerConfiguration is invoked by JAAS. It tries
    to load the login module configuration and if that fails, it delegates to
    com.foo.SecurityConfiguration. So this should enable both the weblogic
    security framework and a custom security framework that are both based on
    JAAS
    I'm currently testing this out
    "Lloyd Fernandes" <[email protected]> wrote in message
    news:[email protected]...
    >
    Robert Greig <[email protected]> wrote:
    Lloyd Fernandes wrote:
    "Lloyd Fernandes" <[email protected]> wrote:
    "Prashant Nayak" <[email protected]> wrote:
    We configure a custom implementation of the JAAS
    javax.security.auth.login.Configuration class for our applications
    security
    framework in JRE_LIB/security/java.security using the entry
    login.configuration.provider=com.foo.SecurityConfiguration
    However, this does not seem get picked up and the configuration
    provider
    class instead seems to default to
    weblogic.security.service.ServerConfiguration
    instead.
    Has anyone else seen this?
    We're using the JDK bundled with Weblogic 8.1
    TIA for your help
    As per documentation in the API JAVADOCS forjavax.security.auth.login.Configuration
    >>>>
    >>>>
    The default Configuration implementation can be changed by settingthe
    value of
    the "login.configuration.provider" security property (in the Java
    security
    properties
    file) to the fully qualified name of the desired Configurationimplementation
    class. The Java security properties file is located in the file named
    <JAVA_HOME>/lib/security/java.security,
    where <JAVA_HOME> refers to the directory where the JDK was installed.
    Have you tried to use a startup class to set the configuration providerusing
    javax.security.auth.login.setConfiguration(YourConfigClass);
    Weblogic probably uses this to set the configuration class to it'sown.
    You have to consider whether this is really something you want to do
    however. If you want to get WLS to use a custom authenticator use its
    SSPIs. You can configure the order etc. in the admin console.
    By overriding the configuration you override it for the server as a
    whole which can mean for example that you cannot login to the admin
    console. Having said this, from memory, I believe that the property is
    ignored in WLS. However you can still call
    Configuration.setConfiguration if you really want to.
    The fact that there is a "global static" in the Configuration class is
    a
    Bad Thing IMHO, that was never really designed for an app server
    environment.
    Robert
    If it is a bad thing to have a static how come Weblogic uses it instead ofthe
    standard way of modifying the property in java security file - it isbecause
    weblogic wants it's own way of implementing instead of using using the'plugable
    module' architecture of JAAS.
    When weblogic advertised that it will support JAAS the impression was thatWeblogic
    would provide a login module that will implement the security mechanism itwanted
    - instead it went it's own way.
    Also consider the following
    1. JAAS specifies a mechanism for multiple configurations based on a'application'.
    This is not possible in the current 'weblogic security mechanism'
    2. Weblogic says it supports JAAS but what it does not tell you is that inorder
    to use available login modules you have to write a whole bunch of code tosupport
    principal validators and authenticators. (I begin to wonder if write oncedeploy
    anywhere is not part of Sun's certification process anymore)

  • Java Security Model: Java Protection Domains

    1.     Policy Configuration
    Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
    o     Configurable policies -- no longer is the security policy hard-coded into the application.
    o     Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
    o     Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
    o     Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
    o     Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
    2.     X.509v3 Certificate APIs
    Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
    3.     Protection Domains
    The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
    When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
    4.     Access Decisions
    Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
    Sandbox model for Security
    Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
    The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
    While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
    Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
    java.security.ProtectionDomain
    This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
    A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
    A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
    Classes that have the same permissions but are from different code sources belong to different domains.
    A class belongs to one and only one ProtectionDomain.
    Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
    Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
    It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
    jarsigner and keytool
    example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
    The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
    One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
    The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
    Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
    1. First generate a key pair for our Certificate:
    keytool -genkey -keyalg rsa -alias AppletCert
    2. Generate a certification-signing request.
    keytool -certreq -alias AppletCert > CertReq.pem
    3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
    4. Import the chain into keystore:
    keytool -import -alias AppletCert -file SignedCert.pem
    5. Sign the CyberVote archive �TeleVote.jar�:
    jarsigner TeleVote.jar AppletCert
    This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
    1. Generate a key pair for root CA:
    openssl genrsa -des3 -out CyberVoteCA.key 1024
    2. Generate an x509 certificate using the above keypair:
    openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
    3. Import the Certificate to keystore.
    keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
    Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
    openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
    However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
    The Important Classes
    The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
    � It should be computationally infeasible to find two messages that hashed to the same value.
    � The digest does not reveal anything about the input that was used to generate it.
    Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
    The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
    � Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
    � The signature and the public key do not reveal anything about the private key.
    A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
    ----Cheers
    ---- Dinesh Vishwakarma

    Hi,
    these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
    cheers,
    Charles(jGuard team).

  • Java Security Configuration Assistant fails to install

    Hello,
    I have a problem because Oracle Application Server 10g for Windows doesnt install. I have tried several times on various systems, but every time I have the same error when the installer comes to the "Java Security Configuration Assistant"
    The command being spawned is:
    C:\oracle2\product\10.1.0\Db_1/jdk/bin/javaw -Djava.net.preferIPv4Stack=true -classpath C:\oracle2\product\10.1.0\Db_1\dcm\lib\dcm.jar;C:\oracle2\product\10.1.0\Db_1\j2ee\home\jazn.jar;C:\oracle2\product\10.1.0\Db_1\j2ee\home\lib\jaas.jar;C:\oracle2\product\10.1.0\Db_1\j2ee\home\oc4j.jar;C:\oracle2\product\10.1.0\Db_1\jlib\ojmisc.jar -Doracle.security.jazn.config=C:\oracle2\product\10.1.0\Db_1\j2ee\home\jazn\install\jazn.xml oracle.security.jazn.util.JAZNInstallHelper -log C:\oracle2\product\10.1.0\Db_1\cfgtoollogs\jaznca.log -realm jazn.com -user admin -oldpwd welcome -newpwd 05f2d5c792fb24147255fbe8169f54594b -oh C:\oracle2\product\10.1.0\Db_1 -clearpwd false
    Only the first parameter is interesting :
    C:\oracle2\product\10.1.0\Db_1/jdk/bin/javaw
    It has a mixture of slahes (/) and backslashes (\), the first half C:\oracle2\product\10.1.0\ is ok but the second half Db_1/jdk/bin/javaw is not compatible with windows (slahes are for unix path only), so it obviously doesnt work because this path with a mixture of / and \ is not correct. At this point, the installation of Oracle AS fails.
    Does anybody know a cause for this, or a workaround to get AS installed ? Thanks

    The mixture of slashes and backslashes isn't an issue for Windows. I have examined the failure of the assistant, but with the new release of AS10g (release 2), I would like to know if you still have the problem you describe.

  • The role of java.security.acl in Java 2 security

    I have been trying to assess the role of the java.security.acl package within the Java 2 Security architecture. I have some questions regarding it.
    First where in the JVM are the interfaces of java.security.acl used? Are there any examples out there to guide developers in understanding their proper implementation?
    What is the relationship between this package and the core security package? There seems to be a Permission interface in the acl sub-package and an abstract Permission class in the core security package. Why is this the case? Why is the core abstract class not used instead of declaring a new Permission interface within the acl subpackage?
    Are not PermissionCollections and Permissions analogous to ACLs? If so then wouldn't that fact make the acl subpackage redundant?
    JSR 115 tries to bridge the gap between Java 2 Security in the SDK with security in J2EE. Namely enabling the RBAC-like approach to security in J2EE while using the AccessController of the J2SE to do the evalualtion of J2EE (Servlet/EJB) Permissions. Why are the Group and Owner interfaces defined here not leveraged in both JSR 115 and in general for Role Based Access Control?
    Could someone give some background on the vision behind creating the acl subpackage and how it relates to the historical progression of security advances in Java security architectures?
    Thanks much,
    Alex Karasulu

    I see from the defined interfaces that its an attempt at a formal approach to RBAC. However RBAC can be implemented without it all together using existing J2SE and JAAS based constructs. This does not answer the redundancy question. Could you elaborate a little bit more?
    Thanks,
    Alex

  • Java.security entry for login module configuration

    I am running JAAS-Example from SUN with Tomcat.
    When I am creating an object in my servlet by LoginContext = lc = new LoginContext(�SampleLoginModule�); getting *�cannot create Logincontext. Unable to locate a login configuration�* Exception.
    Before that i am doing below setting:
    In JAVA_HOME/jre/lib/security/java.security I am defining login.config.url.1=file:${java.home}/lib/security/jaas.config
    After that I put �jaas.config� file at ${java.home}/lib/security/
    Jaas.config
    ===========
    SampleLoginModule {
    sample.module.SampleLoginModule required debug=true;
    Do anybody have solution for my this problem,why I am getting this error?
    Thanks for your help and understand !!!

    Hi,
    We also experienced that limitation when a vendor is connecting to our XI SOAP Sender Adapter. It is asking for basic username/password. What we did was to create a Generic XI user with a password on it and use SSL authentication at the same time. Our Scenario was PI --> XI --> SAP R3, with the PI system using an HTTP RFC destination with a Basic Logon and Active SSL option to connect to the same system as yours https://host:portnumber/XISOAPAdapter/MessageServlet
    Let me know if this helped...
    Regards,

  • Solution to: javax.naming.AuthenticationException.  Root exception is java.lang.SecurityException: attempting to add an object which is not an instance of java.security.Principal to a Subject's Principal Set

    Hello world,
    To anybody who receives this irritating error in a Java client
    application attempting to access Weblogic Server 6.1 (and possibly
    weblogic server 6):
    javax.naming.AuthenticationException. Root exception is
    java.lang.SecurityException: attempting to add an object which is not
    an instance of java.security.Principal to a Subject's Principal Set
    The cause of your problem is having JAAS explicitly in your classpath.
    It somehow messes up authentication to WebLogic. Remove it and your
    problem will disappear.
    The complete exception was:
    javax.naming.AuthenticationException. Root exception is
    java.lang.SecurityException: attempting to add an object which is not
    an instance of java.security.Principal to a Subject's Principal Set
         at javax.security.auth.Subject$SecureSet.add(Subject.java:1098)
         at weblogic.common.internal.BootServicesStub.writeUserInfoToSubject(BootServicesStub.java:72)
         at weblogic.common.internal.BootServicesStub.authenticate(BootServicesStub.java:80)
         at weblogic.security.acl.internal.Security.authenticate(Security.java:108)
         at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:509)
         at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:364)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:336)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:208)
         at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
         at javax.naming.InitialContext.init(InitialContext.java:222)
         at javax.naming.InitialContext.<init>(InitialContext.java:198)
         at au.com.orrcon.orrconcentral.Application.<init>(Application.java:87)
         at au.com.orrcon.orrconcentral.Application.getApp(Application.java:52)
         at au.com.orrcon.orrconcentral.orrconCentral.<init>(orrconCentral.java:130)
         at au.com.orrcon.orrconcentral.orrconCentral.main(orrconCentral.java:219)

    Steve Wesemeyer <[email protected]> wrote:
    I have encountered the same problem and I do not have JAAS on my classpath
    at all (unless it's there by default). Are there any other possible
    causes for this?
    Cheers,
    SteveA note to all who read this thread:
    I also had to remove Sun's j2ee (version 1.2) from my client's classpath before
    the same problem went away. 1 programmer day down the drain....
    Regards,
    MG

  • Looking for OC4J "how-to-security-jaas.zip".

    Hi
    Can somebody point me to the location of this "how-to-security-jaas.zip".
    Need it urgently.
    I found this link mentioning abt the above example.
    http://www.oracle.com/technology/tech/java/oc4j/htdocs/how-to-security-JAAS.html
    Thanks

    http://www.oracle.com/technology/tech/java/oc4j/1013/how_to/index.html
    Frank

  • Cant' find how-to-security-jaas.zip

    Where is the download location for how-to-security-jaas.zip??? Here is the URL for the how-to, but no downlaod.
    http://otn.oracle.com/tech/java/oc4j/htdocs/how-to-security-JAAS.html
    The date on the how-to is 2001. Can anyone tell me if this information is still up to date?
    Thanks,
    Alan

    The how-to article is still there, but this file is nowhere to be found. I also wanted to use this to confirm some of the JAZN functionality. I tried a few things to get the file, but no go. I've spent some time on this, either supply the file or remove the article.
    The file in question is: how-to-security-jaas.zip
    Thanks.

  • Java.security.cert.CertificateException

    Hi,
    I am using a JAVA client to connect to a https server which uses certificates for authentication.
    The server uses gSOAP certificates for client authentication and encryption of messages.
    I am using JSSE coming along with JDK1.6 and generated keystore file from client.pem and cacert.pem files used by the server.
    I need to send SOAP messages with attachments.
    I am using SAAJ API with JDK 1.6 .
    When I try to connect to the server through javax.xml.soap.SOAPConnection, I am getting java.security.cert.CertificateException. Please see the exception below.
    Note: Server is responding properly to SOAP UI tool(java testing tool) with certifcates authentication.
    I have enabled debug option in SSL.
    E:\test\properties\storefile.jks
    keyStore is : E:\test\properties\storefile.jks
    keyStore type is : jks
    keyStore provider is :
    init keystore
    init keymanager of type SunX509
    trustStore is: E:\test\properties\storefile.jks
    trustStore type is : jks
    trustStore provider is :
    init truststore
    adding as trusted cert:
    Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    Algorithm: RSA; Serial number: 0x0
    Valid from Sat Oct 02 22:38:06 IST 2004 until Tue Oct 02 22:38:06 IST 2007
    adding as trusted cert:
    Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    Algorithm: RSA; Serial number: 0x7
    Valid from Sun Dec 25 01:01:53 IST 2005 until Wed Dec 24 01:01:53 IST 2008
    adding as trusted cert:
    Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    Algorithm: RSA; Serial number: 0x8
    Valid from Sun Dec 25 01:03:13 IST 2005 until Wed Dec 24 01:03:13 IST 2008
    trigger seeding of SecureRandom
    done seeding SecureRandom
    %% No cached client session
    *** ClientHello, TLSv1
    RandomCookie: GMT: 1155448094 bytes = { 120, 70, 246, 123, 195, 47, 61, 191, 223, 241, 23, 204, 98, 143, 212, 251, 80, 10, 100, 183, 82, 82, 215, 228, 212, 47, 68, 224 }
    Session ID: {}
    Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
    Compression Methods: { 0 }
    Thread-3, WRITE: TLSv1 Handshake, length = 73
    Thread-3, WRITE: SSLv2 client hello message, length = 98
    Thread-3, READ: TLSv1 Handshake, length = 74
    *** ServerHello, TLSv1
    RandomCookie: GMT: 1155531752 bytes = { 248, 141, 63, 154, 117, 213, 184, 250, 239, 237, 26, 225, 175, 38, 151, 65, 101, 127, 134, 46, 180, 80, 153, 133, 215, 120, 102, 11 }
    Session ID: {100, 201, 98, 232, 113, 191, 163, 129, 1, 101, 251, 29, 233, 245, 144, 203, 231, 208, 202, 248, 160, 99, 84, 248, 86, 16, 235, 234, 20, 73, 231, 148}
    Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
    Compression Method: 0
    %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
    ** SSL_RSA_WITH_RC4_128_MD5
    Thread-3, READ: TLSv1 Handshake, length = 1868
    *** Certificate chain
    chain [0] = [
    Version: V3
    Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key: Sun RSA public key, 1024 bits
    modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
    public exponent: 65537
    Validity: [From: Sun Dec 25 01:03:13 IST 2005,
                   To: Wed Dec 24 01:03:13 IST 2008]
    Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    SerialNumber: [    08]
    Certificate Extensions: 4
    [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
    0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
    0020: 65 e
    [2]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
    0010: BA 27 B4 C1 .'..
    [3]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
    0010: 49 95 77 CA I.w.
    [[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
    SerialNumber: [    00]
    [4]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:false
    PathLen: undefined
    Algorithm: [SHA1withRSA]
    Signature:
    0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
    0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
    0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
    0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
    0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
    0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
    0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
    0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
    chain [1] = [
    Version: V3
    Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key: Sun RSA public key, 1024 bits
    modulus: 106482211752195899275275639329238789380560290379431640534106480581317795742917955972475513891969031216742557266096088552725987675210922796797720103531106400345818891764659480805498923495886457178236281557583158652266656923442983245641013901721295378444704296581436391012531718274035287004196101203604693764023
    public exponent: 65537
    Validity: [From: Sat Oct 02 22:38:06 IST 2004,
                   To: Tue Oct 02 22:38:06 IST 2007]
    Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    SerialNumber: [    00]
    Certificate Extensions: 3
    [1]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
    0010: 49 95 77 CA I.w.
    [2]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
    0010: 49 95 77 CA I.w.
    [[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
    SerialNumber: [    00]
    [3]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    Algorithm: [SHA1withRSA]
    Signature:
    0000: 59 9B F6 45 7E 10 3C 79 3B 88 FB 74 B3 2E F7 4F Y..E..<y;..t...O
    0010: 67 16 09 C1 2F 4E AC 7A 98 EA B4 12 08 6D 96 37 g.../N.z.....m.7
    0020: 1A 70 A0 79 FC 4A A7 54 BA 21 FD 35 FE 67 55 EF .p.y.J.T.!.5.gU.
    0030: D9 D9 18 99 5D 7A 03 3B EE DC F8 54 89 73 B8 86 ....]z.;...T.s..
    0040: B3 FB 63 4E F8 6A 9B AF A1 2B 39 1F B7 50 63 AB ..cN.j...+9..Pc.
    0050: 46 E1 F7 F5 A3 13 D4 3B F0 1D 8A 54 E4 65 3E 94 F......;...T.e>.
    0060: 6D 5A 58 77 50 A7 CB 99 E7 2E 28 90 C8 37 67 D2 mZXwP.....(..7g.
    0070: 19 E6 78 A3 91 49 E9 08 74 0E FA AF FC 16 B3 0B ..x..I..t.......
    Feb 24, 2007 9:50:47 AM com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
    SEVERE: SAAJ0009: Message send failed
    com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
         at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
         at SOAPConnector$1.run(SOAPConnector.java:145)
    Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
         at java.security.AccessController.doPrivileged(Native Method)Found trusted certificate:
    Version: V3
    Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key: Sun RSA public key, 1024 bits
    modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
    public exponent: 65537
    Validity: [From: Sun Dec 25 01:03:13 IST 2005,
                   To: Wed Dec 24 01:03:13 IST 2008]
    Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
    SerialNumber: [    08]
    Certificate Extensions: 4
    [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
    0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
    0020: 65 e
    [2]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
    0010: BA 27 B4 C1 .'..
    [3]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
    0010: 49 95 77 CA I.w.
    [[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
    SerialNumber: [    00]
    [4]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:false
    PathLen: undefined
    Algorithm: [SHA1withRSA]
    Signature:
    0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
    0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
    0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
    0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
    0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
    0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
    0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
    0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
    Thread-3, SEND TLSv1 ALERT: fatal, description = certificate_unknown
    Thread-3, WRITE: TLSv1 Alert, length = 2
    Thread-3, called closeSocket()
    Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
         ... 2 more
    Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
         at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
         at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
         ... 3 more
    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
         at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
         at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
         ... 5 more
    Caused by: java.security.cert.CertificateException: No subject alternative names present
         at sun.security.util.HostnameChecker.matchIP(Unknown Source)
         at sun.security.util.HostnameChecker.match(Unknown Source)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
         ... 17 more
    CAUSE:
    java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
         at SOAPConnector$1.run(SOAPConnector.java:145)
    Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
         at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
         at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
         ... 3 more
    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
         at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
         at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
         ... 5 more
    Caused by: java.security.cert.CertificateException: No subject alternative names present
         at sun.security.util.HostnameChecker.matchIP(Unknown Source)
         at sun.security.util.HostnameChecker.match(Unknown Source)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
         ... 17 more
    CAUSE:
    java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
         at SOAPConnector$1.run(SOAPConnector.java:145)
    Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
         at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
         at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
         ... 3 more
    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
         at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
         at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
         ... 5 more
    Caused by: java.security.cert.CertificateException: No subject alternative names present
         at sun.security.util.HostnameChecker.matchIP(Unknown Source)
         at sun.security.util.HostnameChecker.match(Unknown Source)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
         ... 17 more
    Any help is appreciated.

    did you find the solution for the issue i am using jscape now...

  • Java.security.cert.CertificateException: Untrusted Cert Chain

    Hi all,
    While sending transaction to our supplier I am facing below error, Actually Our trading partner has given .p7b cert, I converted it into base 64 and i m using in b2b server. I am doing the same with all the suppliers but I am facing issue with only this trading partner. I asked him to send a new trusted certificate but he said that he is having 100's of customers, all are using the same certficate.
    Error
    http.sender.timeout=0
    2010.05.20 at 10:52:20:711: Thread-19: B2B - (DEBUG) scheme null userName null realm null
    2010.05.20 at 10:52:22:159: Thread-19: B2B - (WARNING)
    Message Transmission Transport Exception
    Transport Error Code is OTA-HTTP-SEND-1006
    StackTrace oracle.tip.transport.TransportException: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
         at oracle.tip.transport.TransportException.create(TransportException.java:91)
         at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:627)
         at oracle.tip.transport.b2b.B2BTransport.send(B2BTransport.java:311)
         at oracle.tip.adapter.b2b.transport.TransportInterface.send(TransportInterface.java:1034)
         at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1758)
         at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:976)
         at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:1167)
         at oracle.tip.adapter.b2b.transport.AppInterfaceListener.onMessage(AppInterfaceListener.java:141)
         at oracle.tip.transport.basic.FileSourceMonitor.processMessages(FileSourceMonitor.java:903)
         at oracle.tip.transport.basic.FileSourceMonitor.run(FileSourceMonitor.java:317)
    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Cert Chain
         at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
         at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:112)
         at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3018)
         at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2843)
         at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2635)
         at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1107)
         at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:590)
         ... 8 more
    Caused by: java.security.cert.CertificateException: Untrusted Cert Chain
         at oracle.security.pki.ssl.C21.checkClientTrusted(C21)
         at oracle.security.pki.ssl.C21.checkServerTrusted(C21)
         at oracle.security.pki.ssl.C08.checkServerTrusted(C08)
         at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
         ... 21 more
    2010.05.20 at 10:52:22:164: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.transport.TransportInterface:send Error in sending message
    2010.05.20 at 10:52:22:168: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab Request Message Transmission failed
    2010.05.20 at 10:52:22:170: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Enter
    2010.05.20 at 10:52:22:173: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Transaction.begin()
    2010.05.20 at 10:52:22:176: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Leave
    2010.05.20 at 10:52:22:179: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
    Untrusted Cert Chain
    2010.05.20 at 10:52:22:226: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.engine.Engine:notifyApp retry value <= 0, so sending exception to IP_IN_QUEUE
    2010.05.20 at 10:52:22:232: Thread-19: B2B - (DEBUG) Engine:notifyApp Enter
    2010.05.20 at 10:52:22:248: Thread-19: B2B - (DEBUG) notifyApp:notifyApp Enqueue the ip exception message:
    <Exception xmlns="http://integration.oracle.com/B2B/Exception" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <correlationId>543222</correlationId>
    <b2bMessageId>543222</b2bMessageId>
    <errorCode>AIP-50079</errorCode>
    <errorText>Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
    Untrusted Cert Chain</errorText>
    <errorDescription>
    <![CDATA[Machine Info: (usmtnz-sinfwi02)Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
    Untrusted Cert Chain ]]>
    </errorDescription>
    <errorSeverity>2</errorSeverity>
    </Exception>
    2010.05.20 at 10:52:22:298: Thread-19: B2B - (DEBUG) Engine:notifyApp Exit
    2010.05.20 at 10:52:22:301: Thread-19: B2B - (DEBUG) DBContext commit: Enter
    2010.05.20 at 10:52:22:307: Thread-19: B2B - (DEBUG) DBContext commit: Transaction.commit()
    2010.05.20 at 10:52:22:310: Thread-19: B2B - (DEBUG) DBContext commit: Leave
    2010.05.20 at 10:52:22:313: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequest Exit
    2010.05.20 at 10:52:22:317: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.engine.Engine:processOutgoingMessage:
    ***** REQUEST MESSAGE *****
    Exchange Protocol: AS2 Version 1.1
    Transport Protocol: HTTPS
    Unique Message ID: <543222@EMRSNS>
    Trading Partner: ZZEASY_PROD
    Message Signed: RSA
    Payload encrypted: 3DES
    Attachment: None

    Hi CNU,
    1st they has given me in .p7b certificateIs it a self-signed certificate? If no then do you have the CA certs as well?
    Open the certificate by double clicking on it. If "Issued To" and "Issued By" fields are same then it is a self signed cert and you need to import only this cert (in base64 format) into wallet.
    If it is not a self-signed cert then open the certificate and click on "Certification Path" tab. You should be able to see the issue's certificate here. Make sure that you have imported all issuers certificate along with your TP's cert in the wallet. Moreover, check that all the certs (TP cert and it's issuer cert's) are valid in terms of dates. You can see the "Certificate status" in "Certification Path" tab of certificate.
    Please provide the certificate chain details here along with list of certs in wallet (you may mail it to my id as well - [email protected])
    Regards,
    Anuj

  • Applet Error:java.security.AccessControlException: access denied

    Hi,
    I just successful deploy an business component project to oralce 8.1.6 as an EJB Session bean, and
    the test of application module is successful. In the same workspace, I create an new project with
    an applet(which contains only an grid control)as a client of the business component. Everything works
    fine within the Applet viewer, however, when I trying to load the applet in IE5.5 I got the following
    error message in java console:
    Java(TM) Plug-in
    Using JRE version 1.2.1
    User home directory = D:\Documents and Settings\ERic
    Proxy Configuration: no proxy
    JAR cache enabled.
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.debugoutput read)'
    Diagnostics: Silencing all diagnostic output (use -Djbo.debugoutput=console to see it)
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.timing read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.function read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.level read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.linecount read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.trace.threshold read)'
    Failed to query environment: 'access denied (java.util.PropertyPermission jbo.jdbc.driver.verbose read)'
    java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission org.omg.CORBA.ORBClass read)
    at java.security.AccessControlContext.checkPermission(Compiled Code)
    at oracle.aurora.jndi.orb_dep.Orb.<clinit>(Orb.java:24)
    at oracle.aurora.jndi.sess_iiop.sess_iiopURLContext.<clinit>(sess_iiopURLContext.java:9)
    at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:588)
    at javax.naming.spi.NamingManager.getURLContext(NamingManager.java:537)
    at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:274)
    at javax.naming.InitialContext.lookup(InitialContext.java:349)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.connectToService(AuroraEJBAmHomeImpl.java:179)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.createSession(AuroraEJBAmHomeImpl.java:152)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.initRemoteHome(AuroraEJBAmHomeImpl.java:123)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.<init>(AuroraEJBAmHomeImpl.java:59)
    at oracle.jbo.client.remote.ejb.aurora.AuroraEJBInitialContext.createJboHome(AuroraEJBInitialContext.java:47)
    at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:72)
    at javax.naming.InitialContext.lookup(InitialContext.java:349)
    at oracle.dacf.dataset.SessionInfo._createAppModule(SessionInfo.java:2330)
    at oracle.dacf.dataset.SessionInfo.connect(SessionInfo.java:1799)
    at oracle.dacf.dataset.SessionInfo.openProducerObject(SessionInfo.java:1848)
    at oracle.dacf.dataset.ProducerObject.open(ProducerObject.java:94)
    at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1305)
    at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1287)
    at broadcastapplet.myBroadCastApplet.init(myBroadCastApplet.java:70)
    at sun.applet.AppletPanel.run(Compiled Code)
    at java.lang.Thread.run(Thread.java:479)
    The Oracle 8.1.6 runs on Win2000, I put the JAR & related zip files in the same machine's IIS webserver.
    Is anyone can help?
    ERic

    Hi Shaji,
    Are you calling a webservice from within an Xacute Query for your applet?  On first glance, it looks like a web service call is being rejected due to security permissions.  If you have a webservice call (or HTTP post/get), can you test it separately with the same credentials as the webpage is using?
    Regards,
    Mike

  • Error in weblogic7.0 :java.security.NoSuchAlgorithmException:

    Hi All
    thanks in advance.
    i am facing a peculiar problem while using SunJce provider
    i have some classes to encrypt& decrypt some information using
    DeffieHellman protocol.
    Problem 1
    while i am running those classes in command prompts
    some time it gives me correct results where as other time during decryption i am unable to get the plaintext (i am getting some junk character),where as some time it gives me Badpadding exception
    I am using JDK1.3 which comes with weblogic and jce1.2.2
    for classpath and path setting
    set path=D:\bea\jdk131_03\bin
    set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\ jce1_2_2.jar
    set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\sunjce_provider.jar
    set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\local_policy.jar
    set classpath=%classpath%; D:\bea\jdk131_03\jre\ext\US_export_policy.jar
    my BEA_HOME=d\bea and JAVA_HOME=D:\bea\jdk131_03\jre
    Problem 2
    While i am using those classes in servlet and jsp which are deployed in weblogic 7
    Some time i am getting correct results
    but as i stop and start the weblogic server ,i am getting .NoSuchAlgorithmException.
    So mainly i am having two classes DiffieHellmanKeyGeneRation and DHEncryptDecrypt given below
    import java.io.*;
    import java.math.BigInteger;
    import java.security.*;
    import java.security.spec.*;
    import java.security.interfaces.*;
    import javax.crypto.*;
    import javax.crypto.spec.*;
    import javax.crypto.interfaces.*;
    import com.sun.crypto.provider.SunJCE;
    public class DiffieHellmanKeyGeneRation {
    PublicKey alicePubKey=null;
         PublicKey bobPubKey=null;
         KeyAgreement aliceKeyAgree =null;
         KeyAgreement bobKeyAgree =null;
    * DiffieHellmanKeyGeneRation() constructor -Set the mode and call run method to generate Keypairs
    * and assigns it to the instance variables .
    * @param nil
    * @returns nil
    public DiffieHellmanKeyGeneRation(){
         try {
    String mode = "GENERATE_DH_PARAMS";
                   run(mode);
    } catch (Exception e) {
    System.err.println("Error: " + e);
    System.exit(1);
    * getAlicePubKey() -Return the Instance Variable alicePubKey
    * @param nil
    * @returns PublicKey
    public PublicKey getAlicePubKey()
    return alicePubKey;
    * getBobPubKey() -Return the Instance Variable bobPubKey
    * @param nil
    * @returns PublicKey
    public PublicKey getBobPubKey()
    return bobPubKey;
    * getAliceKeyAgree() -Return the Instance Variable aliceKeyAgree
    * @param nil
    * @returns KeyAgreement
         public KeyAgreement getAliceKeyAgree()
    return aliceKeyAgree;
    * getBobKeyAgree() -Return the Instance Variable bobKeyAgree
    * @param nil
    * @returns KeyAgreement
    public KeyAgreement getBobKeyAgree()
    return bobKeyAgree;
    *run() method -Generate Algorithm instance,KeySpec,and keypair
    * and assigns it to the instance variables .
    * @param String
    * @returns nil
    private void run(String mode) throws Exception {
    DHParameterSpec dhSkipParamSpec=null;
    // System.out.println("Creating Diffie-Hellman parameters (takes VERY long) ...");
    AlgorithmParameterGenerator paramGen=AlgorithmParameterGenerator.getInstance("DH");
    paramGen.init(512);
    AlgorithmParameters params = paramGen.generateParameters();
    dhSkipParamSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class);
    * Alice creates her own DH key pair, using the DH parameters from
    * above
    // System.out.println("ALICE: Generate DH keypair ...");
    KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
    aliceKpairGen.initialize(dhSkipParamSpec);
    KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
    // Alice creates and initializes her DH KeyAgreement object
    // System.out.println("ALICE: Initialization ...");
    aliceKeyAgree = KeyAgreement.getInstance("DH");
    aliceKeyAgree.init(aliceKpair.getPrivate());
    // Alice encodes her public key, and sends it over to Bob.
    byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded();
    * Let's turn over to Bob. Bob has received Alice's public key
    * in encoded format.
    * He instantiates a DH public key from the encoded key material.
    KeyFactory bobKeyFac = KeyFactory.getInstance("DH");
    X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc);
    alicePubKey = bobKeyFac.generatePublic(x509KeySpec);
    * Bob gets the DH parameters associated with Alice's public key.
    * He must use the same parameters when he generates his own key
    * pair.
    DHParameterSpec dhParamSpec = ((DHPublicKey)alicePubKey).getParams();
    // Bob creates his own DH key pair
    // System.out.println("BOB: Generate DH keypair ...");
    KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
    bobKpairGen.initialize(dhParamSpec);
    KeyPair bobKpair = bobKpairGen.generateKeyPair();
    // Bob creates and initializes his DH KeyAgreement object
    // System.out.println("BOB: Initialization ...");
    bobKeyAgree = KeyAgreement.getInstance("DH");
    bobKeyAgree.init(bobKpair.getPrivate());
    // Bob encodes his public key, and sends it over to Alice.
    byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
    * Alice uses Bob's public key for the first (and only) phase
    * of her version of the DH
    * protocol.
    * Before she can do so, she has to instanticate a DH public key
    * from Bob's encoded key material.
    KeyFactory aliceKeyFac = KeyFactory.getInstance("DH");
    x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc);
    bobPubKey = aliceKeyFac.generatePublic(x509KeySpec);
    2)
    import java.io.*;
    import java.math.BigInteger;
    import java.security.*;
    import java.security.spec.*;
    import java.security.interfaces.*;
    import javax.crypto.*;
    import javax.crypto.spec.*;
    import javax.crypto.interfaces.*;
    import sun.misc.*;
    import com.sun.crypto.provider.SunJCE;
    public class DHEncryptDecrypt {
    PublicKey alicePubKey=null;
         PublicKey bobPubKey=null;
         KeyAgreement aliceKeyAgree =null;
         KeyAgreement bobKeyAgree =null;
         SecretKey bobDesKey = null;
         SecretKey aliceDesKey =null;
    * DHEncryptDecrypt constructor -it intancetiate DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
    * and assigns it to the instance variables .
    * @param nil
    * @returns nil
         public DHEncryptDecrypt()
              try{
              init();
         }catch(Exception e){e.printStackTrace();}
    * init() -it DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
    * and assigns it to the instance variable ds.
    * @param nil
    * @returns nil
    private void init() throws Exception
         System.out.println("Initialising...");
                   DiffieHellmanKeyGeneRation dhPubKey=new DiffieHellmanKeyGeneRation();
                   alicePubKey=dhPubKey.getAlicePubKey();
                   bobPubKey=dhPubKey.getBobPubKey();
    aliceKeyAgree=dhPubKey.getAliceKeyAgree();
                   bobKeyAgree=dhPubKey.getBobKeyAgree();
    //System.out.println("ALICE: Execute PHASE1 ...");
    aliceKeyAgree.doPhase(bobPubKey, true);
         * Bob uses Alice's public key for the first (and only) phase
         * of his version of the DH
         * protocol.
    // System.out.println("BOB: Execute PHASE1 ...");
    bobKeyAgree.doPhase(alicePubKey, true);
    * At this stage, both Alice and Bob have completed the DH key
    * agreement protocol.
    * Both generate the (same) shared secret.
    byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
    int aliceLen = aliceSharedSecret.length;
    byte[] bobSharedSecret = new byte[aliceLen];
    int bobLen;
    /* try {
    // show example of what happens if you
    // provide an output buffer that is too short
    bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 1);
    } catch (ShortBufferException e) {
    System.out.println(e.getMessage());
    // provide output buffer of required size
    bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 0);
              if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
    throw new Exception("Shared secrets differ");
    //System.out.println("Shared secrets are the same");
    // System.out.println("Return shared secret as SecretKey object ...");
    // Bob
    // Note: The call to bobKeyAgree.generateSecret above reset the key
    // agreement object, so we call doPhase again prior to another
    // generateSecret call
    bobKeyAgree.doPhase(alicePubKey, true);
    bobDesKey = bobKeyAgree.generateSecret("DES");
    // Alice
    // Note: The call to aliceKeyAgree.generateSecret above reset the key
    // agreement object, so we call doPhase again prior to another
    // generateSecret call
    aliceKeyAgree.doPhase(bobPubKey, true);
    aliceDesKey = aliceKeyAgree.generateSecret("DES");
    * encrypt() - Alice encrypts, using DES in ECB mode
    * and assigns it to the instance variable ds.
    * @param String
    * @returns String
              public String encrypt(String ClearText) throws Exception
         String CipherText=null;
                   try{
                   // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
              Cipher aliceCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
         aliceCipher.init(Cipher.ENCRYPT_MODE, aliceDesKey);
                   byte[] cleartext = ClearText.getBytes();
                   //System.out.println("cleartext Array:"+ cleartext.size);
                   byte[] ciphertext = aliceCipher.doFinal(cleartext);
    // BASE64Encoder b64e = new BASE64Encoder();
                   //CipherText = b64e.encode(ciphertext);
                   CipherText = new String(ciphertext);
                   }catch(Exception e){e.printStackTrace();}
         return CipherText;
    * encrypt() - Bob Decrypts, using DES in ECB mode
    * and assigns it to the instance variable ds.
    * @param String
    * @returns String
    public String decrypt(String CipherText) throws Exception
    String Recovered=null;
         try{
              // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
    // System.out.println("Length of String is:"+CipherText.length());
                   Cipher bobCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
              bobCipher.init(Cipher.DECRYPT_MODE, bobDesKey);
                   byte[] CipherTextBytes=CipherText.getBytes();
    byte[] recovered = bobCipher.doFinal(CipherTextBytes);
                   Recovered=new String(recovered);
              // System.out.println("Decryption:"+Recovered+"length:="+Recovered.length());
    }catch(Exception e){e.printStackTrace();}
         return Recovered;
    and i am using following logic to encrypt and decrypt
    String MyPlainText ="sm_user=residential&csol_account=383784";
    //String MyPlainText ="This is my message";
         System.out.println("\nPlain Text:="+MyPlainText+"\n\n");
    try{
         DHEncryptDecrypt ed=new DHEncryptDecrypt();
    String CipherText=(ed.encrypt(MyPlainText));
                   BASE64Encoder b64e = new BASE64Encoder();
                   String CipherText1 = b64e.encode(CipherText.getBytes());
    System.out.println("\n\nUserInfo="+CipherText1);
         String DecryptedMessage=ed.decrypt(CipherText);
    System.out.println("\n\nDecrypedMessage=:"+DecryptedMessage);
         }catch(Exception e){e.printStackTrace();}
    and my java.security file in D:\ bea\jdk131_03\jre\lib\security
    is changed to add the provider as
    # List of providers and their preference orders (see above):
    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.sun.crypto.provider.SunJCE
    security.provider.3=com.sun.rsajca.Provider
    # Class to instantiate as the system Policy. This is the name of the class
    # that will be used as the Policy object.
    policy.provider=sun.security.provider.PolicyFile
    Pls help me to resolve the magic shown by these classes.....some time right and some time worng
    mainly i need help in
    Badpadding Exception and NosuchAlogorithm exception in weblogic
    Thanks
    And regards
    Arati

    replace all calls of getBytes() and new String(text) with the versions where you can state a charset: getBytes(charset), new String(text, charset). i use "iso-8859-1" as the charset.
    this should at least fix your "Badpadding exception" problem (it did fix it for me).

  • Dynamically adding JRE for IE, Java Security Warnings, & Next Gen Plugin.

    I wrote an portal application to control the environment for a third party application, the portal uses a JRE version that I supply with it, this was to ensure that users are using the same JRE so any issues can be limited to one version of Java. The only piece of the application that I could not specify the JRE version and path was for Internet Explorer. Please keep in mind that I do not control when the system JRE is updated or not, this is pushed to our systems and the latest JRE would be enabled automatically. I wanted to be able to dynamically add and enable the version of the JRE that Microsoft Internet Explorer uses for applets. So I was digging around recently and if I have the next-generation plugin enabled I could programmatically update the deployment.properties file prior to launching Internet Explorer(assuming I have closed all prior instances of IE that were running) to add and enable a version of the JRE which I choose to use. When I launch IE and run an applet I see that it is using the JRE I had dynamically supplied. However everytime I run the applet a Java security warning comes up saying "The application requires an earlier version of Java", I wanted to suppress this message but after research I tried adding 'deployment.security.mixcode=HIDE_RUN' to the deployment.properties, that did not work. I tried disabling the Next Generation Plugin, that worked to suppress the message however internet explorer was no longer using my dynamically supplied JRE for applets in IE, so that was not going to work for my purposes. My questions are:
    1. Is there a reliable way(not using ssvagent) to programmatically enable and disable Java's Next Generation Plugin option? (I want to make sure it is enabled when launching third party application from the portal)
    2. Is there a programmatic way to suppress the Java Security Warning "The application requires an earlier version of Java", without disabling Java's Next Generation Plugin option?
    deployment.properties entries after addition of my jre entry:
    #deployment.properties
    #Fri Sep 28 14:09:24 PDT 2012
    deployment.javapi.lifecycle.exception=true
    deployment.trace=true
    deployment.javaws.viewer.bounds=323,144,720,360
    deployment.javaws.autodownload=NEVER
    deployment.version=6.0
    deployment.browser.path=C\:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
    deployment.security.mixcode=HIDE_RUN
    deployment.log=true
    deployment.console.startup.mode=SHOW
    deployment.capture.mime.types=true
    #Java Deployment jre's
    #Fri Sep 28 14:09:24 PDT 2012
    deployment.javaws.jre.0.registered=true
    deployment.javaws.jre.0.platform=1.6
    deployment.javaws.jre.0.osname=Windows
    deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre6\\bin\\javaw.exe
    deployment.javaws.jre.0.product=1.6.0_33
    deployment.javaws.jre.0.osarch=x86
    deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
    deployment.javaws.jre.0.enabled=false
    deployment.javaws.jre.0.args=
    deployment.javaws.jre.1.enabled=true
    deployment.javaws.jre.1.registered=true
    deployment.javaws.jre.1.osname=Windows
    deployment.javaws.jre.1.location=http\\\://java.sun.com/products/autodl/j2se
    deployment.javaws.jre.1.osarch=x86
    deployment.javaws.jre.1.path=C\:\\Portal\\dist\\java\\jre6\\bin\\javaw.exe
    deployment.javaws.jre.1.platform=1.6
    deployment.javaws.jre.1.product=1.6.0_29
    Note: The reason not to use most recent version of Java is the necessity to test the third party application prior to deployment of a new Java version and since I do not control when a new version of Java is deployed and enabled to our machines, I am required to find an transparent solution. I understand the security issues by doing so, but the time between testing and acceptance of a new Java version for our application is within an acceptable timeframe. On exiting the application, I would restore the JRE settings and restore previous settings, to minimize the exposure of a potential security risk. Also any manual configurations are trying to be avoided as to maintain transparency to the user.

    I'm having a similar problem and I think it is related with this.
    If, after a Java--->Javascript call, a Javascript--->Java call isn't made soon after the first, it works. But, if the Java--->Javascript call triggers a Javascript--->Java call, any Java--->Javascript call that is made after that doesn't reach Javascript :/
    I have a method that handles the Java--->Javascript calls and goes something like this:
    System.out.println("Calling Javascript...");
    JSObject win = JSObject.getWindow(this);
    win.call(jsEventHandler, new Object[] { json.toString() });
    System.out.println("Done.");I further found out that, after looking at the Java debug console in the scenario where a Java--->Javascript call triggers a Javascript--->Java call, only after this last method returns is the "Done" message printed, even though the respective Javascript call was already invoked.
    Could you explain in more detail the queue based solution you found? Any other ideas?
    Regards,
    Andr&eacute; Tavares.

Maybe you are looking for

  • Unable to open Planning application  through Workspace

    Hi All, I have Installed and configured the Hyperion products in the following Order ->Foundation services ->Essbase server ->Essbase Administration service ->Planning ->Reporting and Analysis ->Workspace We know that workspace is a single user inter

  • How can I see my classical music sorted according to composers - individual works - performers ?

    How can I see my classical music sorted according to composers - individual works - performers ? This is much more useful than sorting according albums. I have tried using the Grouping tag, writing Composer - Work - conductor there. But if I make a s

  • As3 TypeError:#2007 Parameter text must be non-null can't fix.

    I have comment box project. As3+php based project.And have #2007 Error.Try to fix but can't do anything.If can help it would be very helpful.Error part like this: TypeError: Error #2007: Parameter text must be non-null. at flash.text::TextField/set t

  • Best phone for Sync-ing with iCal?

    I'm due to upgrade my mobile and wondered which is the best available handset for Sync-ing with a mac. At present I have the Sony Ericson K750i which was working fine up until I upgraded to Tiger. Any ideas?

  • Possible Calendar Bug

    Hi, I've been trying to create a calendar, concatenating (sp?) two fields together in the query for the display field. Doing so, it was creating the region without error (I guess my contatenation was working), but in my zeal for playing around, I for