728x90
개요
Java Minor Upgrade 후 JEUS 기동 실패
현상
Java Minor Upgrade (1.6.0.20 -> 1.6.0.37) 후 JEUS 기동 실패
1)JEUS Log
jeus.server.JeusServerException: failed to start the node security manager
at jeus.server.JeusServer.start(JeusServer.java:317)
at jeus.server.JeusServer.main(JeusServer.java:991)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at jeus.server.Bootstrapper.callMainMethod(Bootstrapper.java:718)
at jeus.server.Bootstrapper.callMain(Bootstrapper.java:790)
at jeus.server.Bootstrapper.main(Bootstrapper.java:784)
at jeus.server.JeusBootstrapper.main(JeusBootstrapper.java:8)
Caused by: java.lang.ExceptionInInitializerError
at javax.crypto.Cipher.getInstance(Cipher.java:429)
at jeus.security.util.EncryptionUtil.decode(EncryptionUtil.java:458)
at jeus.security.util.EncryptionUtil.decryptPassword(EncryptionUtil.java:642)
at jeus.security.resource.Password.<init>(Password.java:72)
at jeus.security.resource.DefaultPasswordFactory.getCredential(DefaultPasswordFactory.java:130)
at jeus.security.impl.atnrep.XMLAccountConverter.fromXMLTree(XMLAccountConverter.java:128)
at jeus.security.util.XMLConverter.unmarshal(XMLConverter.java:34)
at jeus.security.util.XMLConverter.unmarshal(XMLConverter.java:51)
at jeus.security.util.XMLConverter.unmarshal(XMLConverter.java:42)
at jeus.security.impl.atnrep.XMLAccountPersistedDistributedMemoryAuthenticationRepositoryService.refreshRead(XMLAccountPersi
stedDistributedMemoryAuthenticationRepositoryService.java:97)
at jeus.security.impl.atnrep.XMLAccountPersistedDistributedMemoryAuthenticationRepositoryService.doCreate(XMLAccountPersiste
dDistributedMemoryAuthenticationRepositoryService.java:36)
at jeus.security.base.Service.create(Service.java:121)
at jeus.security.base.Service.create(Service.java:107)
at jeus.security.base.Domain.createAll(Domain.java:263)
at jeus.security.impl.installer.JeusSecurityDomainInstaller.makeCustomDomains(JeusSecurityDomainInstaller.java:112)
at jeus.security.impl.installer.JeusSecurityDomainInstaller.installMasterSecurityServer(JeusSecurityDomainInstaller.java:78)
at jeus.security.impl.installer.JeusSecurityDomainInstaller.doInstallSecurity(JeusSecurityDomainInstaller.java:41)
at jeus.security.spi.SecurityInstaller.installSecurity(SecurityInstaller.java:191)
at jeus.server.JeusServer.start(JeusServer.java:311)
... 9 more
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:267)
... 28 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:593)
at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:524)
at javax.crypto.JceSecurity.access$700(JceSecurity.java:37)
at javax.crypto.JceSecurity$1.run(JceSecurity.java:258)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:234)
... 28 more
원인
256bit 이상 암호화를 해야하는 경우 JAVA의 local_policy.jar와 US_export_policy.jar를 버전에 맞게 패치해 주어야 한다.
Minor Upgreade 한 1.6.0.37에는 /opt/java6/jre/lib/security/policy의 limited 디렉토리와 unlimited 디렉토리에 각각 존재하지만,
1.6.0.20에는 /opt/java6/jre/lib/security에 존재하였다.
따라서 Upgrade 이 후 /opt/java6/jre/lib/security에 있는 local_policy.jar와 US_export_policy.jar를 참조하게 되면서 발생한 문제로 보인다.
JEUS의 경우 기동시 JEUS Manager 를 올리기 위하여 ${JEUS_HOME}/config/`hostname`/security/SYSTEM_DOMAIN/account.xml 파일의 계정정보를 참조하게 되는데
해당 파일에 AES로 암호화된 패스워드가 들어 있기 때문이다.
해결방안
local_policy.jar와 US_export_policy.jar를 /opt/java6/jre/lib/security로 복사
Java Minor Upgrade 후 JEUS 기동 실패
현상
Java Minor Upgrade (1.6.0.20 -> 1.6.0.37) 후 JEUS 기동 실패
1)JEUS Log
jeus.server.JeusServerException: failed to start the node security manager
at jeus.server.JeusServer.start(JeusServer.java:317)
at jeus.server.JeusServer.main(JeusServer.java:991)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at jeus.server.Bootstrapper.callMainMethod(Bootstrapper.java:718)
at jeus.server.Bootstrapper.callMain(Bootstrapper.java:790)
at jeus.server.Bootstrapper.main(Bootstrapper.java:784)
at jeus.server.JeusBootstrapper.main(JeusBootstrapper.java:8)
Caused by: java.lang.ExceptionInInitializerError
at javax.crypto.Cipher.getInstance(Cipher.java:429)
at jeus.security.util.EncryptionUtil.decode(EncryptionUtil.java:458)
at jeus.security.util.EncryptionUtil.decryptPassword(EncryptionUtil.java:642)
at jeus.security.resource.Password.<init>(Password.java:72)
at jeus.security.resource.DefaultPasswordFactory.getCredential(DefaultPasswordFactory.java:130)
at jeus.security.impl.atnrep.XMLAccountConverter.fromXMLTree(XMLAccountConverter.java:128)
at jeus.security.util.XMLConverter.unmarshal(XMLConverter.java:34)
at jeus.security.util.XMLConverter.unmarshal(XMLConverter.java:51)
at jeus.security.util.XMLConverter.unmarshal(XMLConverter.java:42)
at jeus.security.impl.atnrep.XMLAccountPersistedDistributedMemoryAuthenticationRepositoryService.refreshRead(XMLAccountPersi
stedDistributedMemoryAuthenticationRepositoryService.java:97)
at jeus.security.impl.atnrep.XMLAccountPersistedDistributedMemoryAuthenticationRepositoryService.doCreate(XMLAccountPersiste
dDistributedMemoryAuthenticationRepositoryService.java:36)
at jeus.security.base.Service.create(Service.java:121)
at jeus.security.base.Service.create(Service.java:107)
at jeus.security.base.Domain.createAll(Domain.java:263)
at jeus.security.impl.installer.JeusSecurityDomainInstaller.makeCustomDomains(JeusSecurityDomainInstaller.java:112)
at jeus.security.impl.installer.JeusSecurityDomainInstaller.installMasterSecurityServer(JeusSecurityDomainInstaller.java:78)
at jeus.security.impl.installer.JeusSecurityDomainInstaller.doInstallSecurity(JeusSecurityDomainInstaller.java:41)
at jeus.security.spi.SecurityInstaller.installSecurity(SecurityInstaller.java:191)
at jeus.server.JeusServer.start(JeusServer.java:311)
... 9 more
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:267)
... 28 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:593)
at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:524)
at javax.crypto.JceSecurity.access$700(JceSecurity.java:37)
at javax.crypto.JceSecurity$1.run(JceSecurity.java:258)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:234)
... 28 more
원인
256bit 이상 암호화를 해야하는 경우 JAVA의 local_policy.jar와 US_export_policy.jar를 버전에 맞게 패치해 주어야 한다.
Minor Upgreade 한 1.6.0.37에는 /opt/java6/jre/lib/security/policy의 limited 디렉토리와 unlimited 디렉토리에 각각 존재하지만,
1.6.0.20에는 /opt/java6/jre/lib/security에 존재하였다.
따라서 Upgrade 이 후 /opt/java6/jre/lib/security에 있는 local_policy.jar와 US_export_policy.jar를 참조하게 되면서 발생한 문제로 보인다.
JEUS의 경우 기동시 JEUS Manager 를 올리기 위하여 ${JEUS_HOME}/config/`hostname`/security/SYSTEM_DOMAIN/account.xml 파일의 계정정보를 참조하게 되는데
해당 파일에 AES로 암호화된 패스워드가 들어 있기 때문이다.
해결방안
local_policy.jar와 US_export_policy.jar를 /opt/java6/jre/lib/security로 복사
728x90
'IT > MiddleWare(WEB WAS)' 카테고리의 다른 글
| [JEUS]기동 시 TM로그 관련 Exception (0) | 2018.12.17 |
|---|---|
| [JEUS/WEBTOB] 서비스 확장명 처리 Mimetype (0) | 2018.12.11 |
| [WEBTOB]Diffie-Hellman 키를 이용한 Logjam 취약점 (0) | 2018.12.10 |
| [WWBTOB/JEUS] Network의 문제로 기인한 Web 서비스 지연 및 불가 (0) | 2018.11.22 |
| [JEUS]Hotspot Compile 시 비정상종료 발생 (0) | 2018.11.20 |