tags:

views:

522

answers:

3
Q: 

Deploying JSF application on a Glassfish cluster

When I deploy a JSF application on a Glassfish V2.1 Patch02 Cluster, the following exception is thrown while loading the first page.

java.security.ProviderException: update() failed
    at  sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:557)
    at  sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:457)
    at  sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:485)
    at  sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:471)
    at  javax.crypto.Cipher.doFinal(DashoA13*..)
...
Caused  by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR
    at  sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method)
    at  sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:510)

I am NOT using any kind of encryption/decryption inside my application.

When I googled up for this exception, I found this which is the case when Ciphers are loaded in the application.

I would like to know if Glassfish/JSF load default Ciphers which are causing this exception?

If not, what could be the possible cause and the solution for it?

A: 

The only place I can think where the base JSF implementation might use encryption is in state management. The component tree is stateful, so it is preserved between requests, either in the session or in a hidden form field (set by the javax.faces.STATE_SAVING_METHOD init parameter). If a hidden form field is used, the implementation would be wise to encrypt it to prevent hackers rewriting server state. (Note that state management in JSF is pluggable, so 3rd party libraries could replace the default behaviour. If you're using a rich component library, it's worth checking the doc.)

McDowell  2009-08-26 19:06:44
A: 

You could try deploying your app in non-clustered glassfish, or in tomcat and see if you get the same situation. Then you would know if the problem is your app or the configuration of the app server or cluster.

digitaljoel  2009-08-26 19:17:24
The complete application including the encryption/decryption module works fine on a standalone server. Maybe it has something to do with the security settings in the cluster. I was hoping if anyone could point towards, overriding or disabling the encryption which McDowell(above) was talking about.
Ravi Atluri  2009-08-29 09:52:03
at least you know it's probably not a problem with your app. I'm afraid I'm not going to be able to help you further than that though, I haven't done much with clustering.
digitaljoel  2009-08-30 02:44:28
thanks joel. will keep this thread posted if we are able to resolve the issue
Ravi Atluri  2009-08-31 09:22:17
A: 

The issue has been resolved. The problem is this 'minor' bug - https://issues.apache.org/jira/browse/MYFACES-1786

The solution is to put the following entries in the web.xml to disable encryption for state management and to switch the state saving to server

<context-param>
        <param-name>org.apache.myfaces.USE_ENCRYPTION</param-name>
        <param-value>false</param-value>
</context-param> 

<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>server</param-value>
</context-param>

From my experience the application when deployed with encryption enabled by 'default' (i.e. having no entry for org.apache.myfaces.USE_ENCRYPTION in web.xml) in Websphere(standalone or cluster) works perfectly okay.

But the application does NOT get deployed in Glassfish cluster or in Tomcat 6 (the problem is defined in the thread - nabble.com/BadPadding-Exception-and-more-td21984713.html)

Ravi Atluri  2009-08-31 11:16:15

related questions

Install-base of Java JRE?
Software Deployment in a Virtual Environment
Rails requires RubyGems >= 0.9.4. Please install RubyGems
Deploying a Git subdirectory in Capistrano
Any capistrano comparable for windows/.net?
Pushing out MSI files
Generic design for packaging of user changes for deployment
What's the best way to create ClickOnce deployments
What are some good SSH Servers for windows?
How Do You Secure database.yml?
Whats the best way to securely publish a site post build?
.net solution subversion best practices?
JRuby / Rack deployment
Best practices for managing and deploying large javascript apps
Building Standalone Applications in JavaScript
Issues with DB after publishing via Database Publishing Wizard from MSFT
How do I make a custom .net client profile installer?
What's the general consensus on supporting Windows 2000?
How do you deploy your SharePoint solutions?
ILMerge Best Practices
Error ADMA5026E for WebSphere Application Server Network Deployment
What is called a Node in a WebSpere Network Deployment
What is your favorite web app deployment workflow with SVN?
An executable Python app
Deploying SQL Server Databases from Test to Live