Yeah, I realized that the reason I need to change boot delegation stuff is that we have a signing policy store implementation which is used by our provider, but signing policy is outside of the scope of the standard java security stuff. Anyhoo, thanks again, I got everything working.
-Tom On Mon, Mar 29, 2010 at 9:08 AM, Guillaume Nodet <[email protected]> wrote: > I haven't changed any boot delegation or system packages at all. > And I don't think you need unless you need to access the globus specific > classes > directly from another bundle. For the pure java security provider thing, > it > should not be necessary. > > On Mon, Mar 29, 2010 at 14:56, Tom Howe <[email protected]> wrote: > > > Ok, I think this makes sense (although you have to love some of the > cryptic > > messages java can give you sometimes). These classes are the result of a > > shade operation. I assume (please correct me if I'm wrong) that I need > to > > add these packages (org.globus.crux.org.springframework.*) to the > > bootdelegation property. > > > > Thanks. > > Tom > > > > On Mon, Mar 29, 2010 at 7:32 AM, Guillaume Nodet <[email protected]> > wrote: > > > > > Here's what I just did: > > > > > > #1. copy bcprov-jdk15-1.45.jar into the lib dir > > > #2. copy bcprov-ext-jdk15-1.45.jar into the lib dir > > > #3. copy org.globus.crux.security.sslproxies-1.0-SNAPSHOT.jar into the > > lib > > > dir > > > #4. start karaf > > > #5. run "addcommand ks (loadclass java.security.KeyStore)" > > > #6. run "dev:print-stack-traces" > > > #7. run "ks:getInstance PEMFilebasedKeyStore" > > > > > > which leads to the following exception: > > > > > > java.lang.reflect.InvocationTargetException > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > > at > > > > > > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > > at > > > > > > > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > > > at java.lang.reflect.Method.invoke(Method.java:597) > > > at > > > > > > org.apache.felix.gogo.runtime.shell.Reflective.method(Reflective.java:129) > > > at org.apache.felix.gogo.runtime.shell.Command.execute(Command.java:40) > > > at > org.apache.felix.gogo.runtime.shell.Closure.execute(Closure.java:211) > > > at > > > > > > > > > org.apache.felix.gogo.runtime.shell.Closure.executeStatement(Closure.java:146) > > > at org.apache.felix.gogo.runtime.shell.Pipe.run(Pipe.java:91) > > > at org.apache.felix.gogo.runtime.shell.Closure.execute(Closure.java:75) > > > at > > > > > > > > > org.apache.felix.gogo.runtime.shell.CommandSessionImpl.execute(CommandSessionImpl.java:71) > > > at > > org.apache.felix.karaf.shell.console.jline.Console.run(Console.java:177) > > > at java.lang.Thread.run(Thread.java:637) > > > Caused by: java.lang.NoClassDefFoundError: > > > org/globus/crux/org/springframework/util/PathMatcher > > > at > > > > > > > > > org.globus.security.stores.ResourceSecurityWrapperStore.<init>(ResourceSecurityWrapperStore.java:46) > > > at > > > > > > > > > org.globus.security.stores.ResourceCACertStore.<init>(ResourceCACertStore.java:33) > > > at > > > > > > > > > org.globus.security.provider.FileBasedKeyStore.<init>(FileBasedKeyStore.java:97) > > > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > > > at > > > > > > > > > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) > > > at > > > > > > > > > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) > > > at java.lang.reflect.Constructor.newInstance(Constructor.java:513) > > > at java.lang.Class.newInstance0(Class.java:355) > > > at java.lang.Class.newInstance(Class.java:308) > > > at java.security.Provider$Service.newInstance(Provider.java:1221) > > > at sun.security.jca.GetInstance.getInstance(GetInstance.java:220) > > > at sun.security.jca.GetInstance.getInstance(GetInstance.java:147) > > > at java.security.Security.getImpl(Security.java:659) > > > at java.security.KeyStore.getInstance(KeyStore.java:584) > > > ... 13 more > > > Caused by: java.lang.ClassNotFoundException: > > > org.globus.crux.org.springframework.util.PathMatcher > > > at java.net.URLClassLoader$1.run(URLClassLoader.java:200) > > > at java.security.AccessController.doPrivileged(Native Method) > > > at java.net.URLClassLoader.findClass(URLClassLoader.java:188) > > > at java.lang.ClassLoader.loadClass(ClassLoader.java:315) > > > at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:330) > > > at java.lang.ClassLoader.loadClass(ClassLoader.java:250) > > > at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:398) > > > ... 27 more > > > > > > > > > As you can see, you're missing a few classes in the jar I think. > > > > > > On Mon, Mar 29, 2010 at 14:11, Tom Howe <[email protected]> > wrote: > > > > > > > I have attached a copy of the provider jar (it's not released yet). > I > > do > > > > not have any other bundles installed (other than the basic karaf > > bundles > > > and > > > > the bundle that is trying to load the keystore). As our provider > > depends > > > on > > > > bouncy castle, I have the bouncy castle jars (bcprov-jdk15 and > > > > bcprov-ext-jdk15) in the lib directory as well. Here is the sample > > code > > > > which loads the keystore: > > > > > > > > KeyStore keystore = > KeyStore.getInstance(GlobusProvider.KEYSTORE_TYPE); > > > > > > > > This is just in a class loaded via blueprint in one of the bundles. > > > > > > > > Thanks again, > > > > Tom > > > > > > > > > > > > On Mon, Mar 29, 2010 at 3:19 AM, Guillaume Nodet <[email protected]> > > > wrote: > > > > > > > >> Could you provide a bit more details so that we can reproduce the > > > problem > > > >> ? > > > >> WHich jars are you using exactly (I'm not familiar with globus) ? > Do > > > you > > > >> have any > > > >> additional bundles that you deploy in addition to the jars in the > lib > > > >> directory ? > > > >> > > > >> > > > >> On Mon, Mar 29, 2010 at 02:23, Tom Howe <[email protected]> > > wrote: > > > >> > > > >> > I am trying to deploy our custom security provider into karaf (I'm > > > using > > > >> > 1.5.0-SNAPSHOT at the moment). I've installed my jar into the lib > > > >> > directory, and put: > > > >> > > > > >> > org.apache.felix.karaf.security.providers = > > > >> > org.globus.security.provider.GlobusProvider > > > >> > > > > >> > into my config.properties. I also added: org.globus.security.* to > > the > > > >> > org.osgi.framework.bootdelegation parameter. > > > >> > > > > >> > When I try to use one of the KeyStores from my provider I get: > > > >> > > > > >> > Error executing command: Unresolved constraint in bundle > > > >> > org.globus.crux.jsse [36]: package; > > > (package=org.globus.security.stores) > > > >> > (The keystore class is in that package.) > > > >> > > > > >> > > > > >> > I've tried a number of combinations of system packages and > > > >> bootdelegation > > > >> > parameters without any luck. > > > >> > > > > >> > I'd appreciate any suggestions. > > > >> > > > > >> > Thanks, > > > >> > Tom Howe > > > >> > > > > >> > -- > > > >> > Tom Howe > > > >> > Senior Software Engineer > > > >> > Distributed Systems Lab > > > >> > University of Chicago/Argonne National Laboratory > > > >> > > > > >> > > > >> > > > >> > > > >> -- > > > >> Cheers, > > > >> Guillaume Nodet > > > >> ------------------------ > > > >> Blog: http://gnodet.blogspot.com/ > > > >> ------------------------ > > > >> Open Source SOA > > > >> http://fusesource.com > > > >> > > > > > > > > > > > > > > > > -- > > > > Tom Howe > > > > Senior Software Engineer > > > > Distributed Systems Lab > > > > University of Chicago/Argonne National Laboratory > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > -- > > > Cheers, > > > Guillaume Nodet > > > ------------------------ > > > Blog: http://gnodet.blogspot.com/ > > > ------------------------ > > > Open Source SOA > > > http://fusesource.com > > > > > > > > > > > -- > > Tom Howe > > Senior Software Engineer > > Distributed Systems Lab > > University of Chicago/Argonne National Laboratory > > > > > > -- > Cheers, > Guillaume Nodet > ------------------------ > Blog: http://gnodet.blogspot.com/ > ------------------------ > Open Source SOA > http://fusesource.com > -- Tom Howe Senior Software Engineer Distributed Systems Lab University of Chicago/Argonne National Laboratory
