[midPoint] 1.10 Security Policy problem?

Viliam Repan vilo.repan at nlight.eu
Wed Mar 14 12:09:22 CET 2012


On 03/14/2012 12:05 PM, david.suarezdelis at telefonica.es wrote:
>
> Greetings,
>
> I am trying to evaluate midPoint to check if it may cover out
> necessities but after deploy on Tomcat I am greeted with this
> exception when I try to log in:
>
> 2012-03-14 11:43:36,677 [] [http-8080-1] ERROR
> (com.evolveum.midpoint.common.crypto.AESProtector): Exception during
> decryption: Illegal key size
> org.apache.xml.security.encryption.XMLEncryptionException: Illegal key
> size
>         at
> org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unknown Source)
> ~[xmlsec-1.4.5.jar:na]
>         at
> org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown
> Source) ~[xmlsec-1.4.5.jar:na]
>         at
> org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown Source)
> ~[xmlsec-1.4.5.jar:na]
>         at
> com.evolveum.midpoint.common.crypto.AESProtector.decrypt(AESProtector.java:278)[common-1.10.jar:na]
>
>         at
> com.evolveum.midpoint.common.crypto.AESProtector.decryptString(AESProtector.java:222)[common-1.10.jar:na]
>
>         at
> com.evolveum.midpoint.web.security.MidPointAuthenticationProvider.authenticateUser(MidPointAuthenticationProvider.java:178)[MidPointAuthenticationProvider.class:na]
>
>         at
> com.evolveum.midpoint.web.security.MidPointAuthenticationProvider.authenticate(MidPointAuthenticationProvider.java:87)[MidPointAuthenticationProvider.class:na]
>
>         at
> org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)[spring-security-core-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)[spring-security-core-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:97)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:109)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)[spring-security-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)[spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)[spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)[catalina.jar:6.0.35]
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)[catalina.jar:6.0.35]
>
>         at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)[catalina.jar:6.0.35]
>
>         at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)[catalina.jar:6.0.35]
>
>         at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)[catalina.jar:6.0.35]
>
>         at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)[catalina.jar:6.0.35]
>
>         at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)[catalina.jar:6.0.35]
>
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)[catalina.jar:6.0.35]
>
>         at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)[tomcat-coyote.jar:6.0.35]
>
>         at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)[tomcat-coyote.jar:6.0.35]
>
>         at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote.jar:6.0.35]
>
>         at java.lang.Thread.run(Thread.java:619) [na:1.6.0_20]
> 2012-03-14 11:43:36,678 [] [http-8080-1] ERROR
> (com.evolveum.midpoint.web.security.MidPointAuthenticationProvider):
> Can't get user with username 'administrator'. Unknown error occured,
> reason web.security.provider.unavailable.
>
> I am certain that it's a problem with the JCP files, but I did install
> them all in the /lib/security directory of the JRE inside the JDK.
>
> Can anyone hint any solution to me?
>
> Thanks a lot,
> dwd
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
Hi,

you need to install JCE, because midPoint in runtime also requires it
for cryptographic operations.
It's not installed with java by default.

http://wiki.evolveum.com/display/midPoint/Installing+midPoint#InstallingmidPoint-JavaCryptographyExtension%28JCE%29UnlimitedStrengthJurisdictionPolicyFiles6


Regards

vilo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20120314/1b0d92ab/attachment.htm>


More information about the midPoint mailing list