pátek 25. září 2015

Solution to failing Configuration.getConfiguration() in Java

Sometimes the calling javax.security.auth.login.Configuration.getConfiguration() fails with SecurityException in our tests (both Oracle and IBM).

A quick solution (without touching JDK installation or configuring java.security.auth.login.config system property) is simple. Just create an empty file .java.login.config in your user home directory (more info in ConfigFile JavaDoc). Thats it!

touch ~/.java.login.config

Just to make the picture complete, here is the stack trace we see on IBM JDK:

Exception in thread "main" java.lang.SecurityException: Unable to locate a login configuration
 at com.ibm.security.auth.login.ConfigFile.<init>(ConfigFile.java:125)
 at java.lang.J9VMInternals.newInstanceImpl(Native Method)
 at java.lang.Class.newInstance(Class.java:1681)
 at javax.security.auth.login.Configuration$2.run(Configuration.java:263)
 at javax.security.auth.login.Configuration$2.run(Configuration.java:255)
 at java.security.AccessController.doPrivileged(AccessController.java:338)
 at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:254)
 at org.jboss.test.App.main(App.java:15)
Caused by: java.io.IOException: Unable to locate a login configuration
 at com.ibm.security.auth.login.ConfigFile.init(ConfigFile.java:282)
 at com.ibm.security.auth.login.ConfigFile.<init>(ConfigFile.java:123)
 ... 7 more

1 komentář:

Joao řekl(a)...

Thanks for the JSignPdf!
It would be nice if you update iText Core from version 2 up to version 5. What are the differences? Many! http://itextpdf.com/functionalitycomparison

Also... can you add to the TSA/OCSP/CRL options the "NONCE" option as some time stamping servers my require it to prevent key replay attacks.