We are using the html-include macro for displaying content from an https resource. However, if we include the macro the following exception occurs:
Error rendering macro 'html-include' :
com.atlassian.renderer.v2.macro.MacroException:
com.atlassian.confluence.macro.MacroExecutionException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
We don't know what to do for getting this to work. Can you please help us?
Cause
The two instances communicating do not explicitly trust one another, even though they are using the same keystore. The certificate the instances are using must be present in the truststore for server-to-server communication to work.
Resolution
Follow the instructions in this document: Connecting to LDAP or JIRA or Other Services via SSL if you are on JDK 1.5
Follow the instructions in this document: keytool - Key and Certificate Management Tool if you are on JDK 1.6
This will require a restart of all applications that have the parameter added.
Related
Exception in thread "main"
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
anyone have face this issue ?
1.Compile & run java class
https://github.com/escline/InstallCert/blob/master/InstallCert.java
2.Run java InstallCert
3.It will fetch the certificates & create a new file "jssecacerts" on desktop.
4.Copy paste this file to /javaHome/jre/lib/security.
5.Now you can hit the https web api.
Similar you have to do on live server where you will deploy the webApp.
I am trying to deploy a Play Framework 2.3 application to OpenShift.
I am following this example: https://github.com/JamesSullivan/play2-openshift-quickstart
Building and deploying the application is working (by that I mean the push to the git repository is working and the build is completing successfully), but during startup I see this error in play.log:
AbstractConnectionHook -
Failed to obtain initial connection Sleeping for 0ms and trying again.
Attempts left: 0. Exception: null.
Message:No suitable driver found for jdbc:${OPENSHIFT_POSTGRESQL_DB_URL}
Oops, cannot start the server.
Configuration error: Configuration error[Cannot connect to database [default]]
at play.api.Configuration$.play$api$Configuration$$configError(Configuration.scala:94)
at play.api.Configuration.reportError(Configuration.scala:743)
at play.api.db.BoneCPPlugin$$anonfun$onStart$1.apply(DB.scala:247)
at play.api.db.BoneCPPlugin$$anonfun$onStart$1.apply(DB.scala:238)
at scala.collection.immutable.List.map(List.scala:272)
at play.api.db.BoneCPPlugin.onStart(DB.scala:238)
at play.api.Play$$anonfun$start$1$$anonfun$apply$mcV$sp$1.apply(Play.scala:91)
at play.api.Play$$anonfun$start$1$$anonfun$apply$mcV$sp$1.apply(Play.scala:91)
at scala.collection.immutable.List.foreach(List.scala:381)
at play.api.Play$$anonfun$start$1.apply$mcV$sp(Play.scala:91)
at play.api.Play$$anonfun$start$1.apply(Play.scala:91)
at play.api.Play$$anonfun$start$1.apply(Play.scala:91)
at play.utils.Threads$.withContextClassLoader(Threads.scala:21)
at play.api.Play$.start(Play.scala:90)
at play.core.StaticApplication.<init>(ApplicationProvider.scala:55)
at play.core.server.NettyServer$.createServer(NettyServer.scala:244)
at play.core.server.NettyServer$$anonfun$main$3.apply(NettyServer.scala:280)
at play.core.server.NettyServer$$anonfun$main$3.apply(NettyServer.scala:275)
at scala.Option.map(Option.scala:145)
at play.core.server.NettyServer$.main(NettyServer.scala:275)
at play.core.server.NettyServer.main(NettyServer.scala)
Caused by: java.sql.SQLException: No suitable driver found for jdbc:${OPENSHIFT_POSTGRESQL_DB_URL}
at java.sql.DriverManager.getConnection(DriverManager.java:596)
at java.sql.DriverManager.getConnection(DriverManager.java:215)
at com.jolbox.bonecp.BoneCP.obtainRawInternalConnection(BoneCP.java:363)
at com.jolbox.bonecp.BoneCP.<init>(BoneCP.java:416)
at com.jolbox.bonecp.BoneCPDataSource.getConnection(BoneCPDataSource.java:120)
at play.api.db.BoneCPPlugin$$anonfun$onStart$1.apply(DB.scala:240)
... 18 more
So it looks like the ${OPENSHIFT_POSTGRESQL_DB_URL} environment variable token-substitution is not working.
If I log in to my application, I see this via env (obviously I replaced the username, password, IP and port for the purposes of posting here):
OPENSHIFT_POSTGRESQL_DB_URL=postgresql://xxxx:yyyy#ip:port
I have also tried using the other environment variables, like OPENSHIFT_POSTGRESQL_DB_HOST but those too do not get substituted.
The relevant part of my openshift.conf looks like this:
db.default.driver=org.postgresql.Driver
db.default.url="jdbc:${OPENSHIFT_POSTGRESQL_DB_URL}"
db.default.user=myappuser
db.default.password=myapppassword
From the linked quickstart project, the following command is used to start the Play server (again, I replaced server-ip for the purposes of this post):
/app-root/runtime/repo/target/universal/stage/bin/myapp
"-DapplyEvolutions.default=true"
-Dhttp.port=8080 -Dhttp.address=server-ip
-Dconfig.resource=openshift.conf
You can see the openshift.conf file being referenced.
I tried a lot of things, eventually I found something that worked:
db.default.driver=org.postgresql.Driver
db.default.url="jdbc:postgresql://"${OPENSHIFT_POSTGRESQL_DB_HOST}":"${OPENSHIFT_POSTGRESQL_DB_PORT}/mydb
db.default.user=(((db-user)))
db.default.password=(((dp-password)))
The upshot is, it seems, you need to watch out very carefully for correct usage of the quotation characters.
It looks "wrong" (at first glance) since the last quotation character closes the string prior to the OPENSHIFT_POSTGRESQL_DB_PORT variable.
I'm trying to get a Tycho build to work on an OpenShift server. Locally resolving the target definition and building works fine, but when deploying I get the following error:
Unable to read repository at http://download.eclipse.org/rt/rap/2.2/content.xml. Permission denied
I'm not sure if its a problem in the Tycho configuration (but as far as I can remember, I didn't do anything outside the build reactor to make Tycho work) or the one of OpenShift. Could someone tell me what the problem is or how to narrow it down?
I tried switching from a target platform file to defining the repository in the pom.xml. Then I get a similar error message:
Failed to load p2 repository with ID 'rap' from location http://download.eclipse.org/rt/rap/2.2
I found a Linux bug that might be relevant. It doesn't help me, since I'm not even able confirm the server is a Debian. I tried to get the Jenkins to build on some other platform and tried any abbreviation or combination of "Windows" in the (seemingly undocumented) "platform" field, but neither of these values made it change the OS.
Finally got Maven to work with parameters (for how, see here). The log shows nothing out of the ordinary, as far as I can see:
[INFO] Computing target platform for MavenProject: org.acme.dummy:org.acme.dummy.feature:0.0.1-SNAPSHOT # /var/lib/openshift/537cb333e0b8cd68ad000187/app-root/runtime/repo/org.acme.dummy.feature/pom.xml
[DEBUG] Added p2 repository rap-repository (http://download.eclipse.org/rt/rap/2.2)
[DEBUG] Using default execution environment 'JavaSE-1.6'
[DEBUG] Registered artifact repository org.eclipse.tycho.repository.registry.facade.RepositoryBlackboardKey(uri=file:/resolution-context-artifacts#/var/lib/openshift/537cb333e0b8cd68ad000187/app-root/runtime/repo/org.acmr.dummy.feature)
May 21, 2014 10:15:59 AM org.apache.http.impl.client.DefaultRequestDirector tryConnect
INFO: I/O exception (java.net.BindException) caught when connecting to the target host: Permission denied
It's retrying to connect a couple of times, then there is the above exception:
!ENTRY org.eclipse.equinox.p2.transport.ecf 2 0 2014-05-21 10:16:00.073
!MESSAGE Connection to http://download.eclipse.org/rt/rap/2.2/p2.index failed on Permission denied. Retry attempt 0 started
!STACK 0
java.net.BindException: Permission denied
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376)
at java.net.Socket.bind(Socket.java:631)
at org.eclipse.ecf.internal.provider.filetransfer.httpclient4.ECFHttpClientProtocolSocketFactory.connectSocket(ECFHttpClientProtocolSocketFactory.java:82)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
I am getting following error when I try to connect yahoo
pop3s. plus.mail.pop.yahoo.com:995
error while connecting to pop3 mail server javax.mail.MessagingException: Connect failed;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have already tried adding the certificate into JAVA_Home/jre/lib/security. Also when I am trying to use the same code directly using the Java/javac Cmd it works. But from tomcat it does not work.
Also: the code which I am using that was working since last two years on same server. Recently we have migrated from dedicated server to cloud based server. Backspace is the vendor where we have deployed the code.
Thanks in advance!
Vivek Agrawal
Most probably cause os this is that the system is unable to locate a valid certificate because in your migration something related to the keystore was not properly set.
Review your configuration file $CATALINA_BASE/conf/server.xml and look if the path to the correct keystore is set under Connector tag. If you are using JSSL look for this in that file
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Your keystoreFile has to be set to the correct path in order your application can validate amd resolve a certificacion path in a request (the keystorepass have to be correct too, indeed).
If you have another configuration (APR or something) look at the documentation about in http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
Hope this help,
Cheers!!
I am running a .NET 4.0 web application locally using the Visual Studio Development Server (built in web server with VS2010), and for the last couple months, my StructureMap bootstrapper file has worked perfectly.
I'm using StructureMap 2.6.1
I have not changed the Bootstrapper file or the Web.config file, and suddenly, I'm getting this strange error when trying to start up my web application.
Here is the error being thrown from the website:
it's a bit tough to read. It says:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException. Request Failed.
here is the code in my bootstrapper file:
public class BootStrapper
{
public static void ConfigureStructureMap()
{
ObjectFactory.Initialize(x =>
{
x.AddRegistry<ProductRegistry>();
});
}
}
public class ProductRegistry : Registry
{
public ProductRegistry()
{
For<IFirmRepository>()
.Use<FirmRepository>().Ctor<string>("connectionString").Is(ConfigurationManager.ConnectionStrings["FeesAndFlows"].ConnectionString);
For<ICryptographyService>()
.Use<Rijndael>();
For<IUserRepository>()
.Use<UserRepository>().Ctor<string>("connectionString").Is(ConfigurationManager.ConnectionStrings["FeesAndFlows"].ConnectionString);
For<IAuthenticationService>()
.Use<AuthenticationService>();
For<ILogger>()
.Use<DatabaseLogger>();
}
}
The error is being thrown on this line:
x.AddRegistry<ProductRegistry>();
I've already tried adding each of these lines to my Web.config file, one at a time, and they didn't fix the problem:
<trust level="Full" />
and
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
Does anyone have any ideas or might have heard of a problem like this? It's pretty important, b/c without StructureMap starting up correctly, my entire application will not run.
Thanks,
Mike
UPDATE:
Ok, so it appears my problem is local. Other developers here can download the code, and runs it just fine on their local machines. Weird. They bootstrap StructurMap just fine and all instances are resolved...
Any ideas on why just my machine can't bootstrap StructureMap when running in debug mode locally for my web project?
Are you running the code from a network drive by any chance (ie is your documents folder redirected onto a network drive)? Are you in an enterprise environment running on a domain?
If the former it's likely that the code is running in the intranet security context. If the former isn't true but the later is, then its quite possible that a network administrator has changed the enterprise wide CAS policy.
Okay, so this was the problem. The StructureMap.dll was blocked by Win 7. I don't know how is become blocked or where it became blocked, but apparently, when I downloaded the StructureMap.zip file onto my system, the .zip file was blocked, which in turn, led to all the items extracted from the .zip file being blocked as well.
Every time I unblocked it, it went back to blocked when I tried to run the web app.
The way I fixed it was to go back to the original .zip file, unblock it, extract it, and then replace my StruectureMap.dll reference with one that was not blocked.
Insane.
I don't even know WHAT causes file to suddenly become blocked or what process in Windows 7 determines what file(s) should be blocked, but this strange operating system "feature" cost me a day's worth of work.
I had the exact same issue at the exact same place, ObjectFactory.Initialize:
Server Error in '/X.ServiceHost' Application.
Inheritance security rules violated while overriding member:
'StructureMap.StructureMapException.GetObjectData(System.Runtime.Serialization.SerializationInfo,
System.Runtime.Serialization.StreamingContext)'. Security
accessibility of the overriding method must match the security
accessibility of the method being overriden.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details: System.TypeLoadException: Inheritance security
rules violated while overriding member:
'StructureMap.StructureMapException.GetObjectData(System.Runtime.Serialization.SerializationInfo,
System.Runtime.Serialization.StreamingContext)'. Security
accessibility of the overriding method must match the security
accessibility of the method being overriden.
Getting the latest StructureMap package from NuGet (2.6.4.1) fixed the issue.
StructureMap NuGet Package