我的申请确认了许可证档案,以便其开展工作。 它通过叫javax.codeo.Cipher.getInstance (“DES”),“SunJCE”来排列许可证关键档案。
当我在当地提出申请时,所有东西都行得当,但当我用小船提出申请,然后到我想要验证服务器的许可证档案时,我发现以下错误:
java.lang.SecurityException: JCE cannot authenticate the provider SunJCE
at javax.crypto.Cipher.getInstance(DashoA13*..)
at javax.crypto.Cipher.getInstance(DashoA13*..)
Like I said, it works fine from command prompt and eclipse, but not as a servlet on jboss. Does anybody have any idea what I need to do? I am using jdk 1.6 and jboss as 7.
Thanks
我对我的法典感到错。 此前,出于某种原因,有人做了以下工作:
if (SunJCEinProviders)
{
Security.removeProvider("SunJCE");
}
int i = Security.insertProviderAt(new com.sun.crypto.provider.SunJCE(),1);
So for some reason we were removing javas initial SunJCE provider then adding a new one and this new one was failing to be authenticated.
There are a couple of possible issues that come in mind, it seems to be a problem with classpath when sun/oracle jvm try to authenticate provider jars
check that all security jars are under the <jdk_home>/jre/lib/ext of the jvm that runs jboss
(ie US_export_policy.jar, sunjce_provider.jar, local_policy.jar....)
美国——出口——政策.jar和当地政策。 确保下载不受限制的版本
java.security file in <jdk_home>/jre/lib/security: 保证有一条与<编码>安全”相类似的线。 第十类
• 确保太阳航天中心提供方(JCE)不在你WEB-INF/lib
For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...
I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...
Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...
Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...
I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...
I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...
Three SHA512Managed related questions: Is SHA512Managed considered the best one-way hash available in .NET 3.5 for security? What Salt size should be used with SHA512Managed? The application is for ...
[Update] - I attach also full config files, for service, and for client (outside of here, not to flood the topic) I m having situation pretty much identical to the one outlined in this question, ...