Showing posts with label java. Show all posts
Showing posts with label java. Show all posts

30 May 2012

PDJRTE for TAI++ config error: java.lang.NullPointerException at com.tivoli.pd.jutil.jb.getCACert(jb.java:129)

If you work with complex TAM&J2EE deployments, you will most probably come to the point where you need to use TAI++ trust association scheme to tie your J2EE server (either WebSphere or some other) with TAM&WebSeal system. In particular, this is useful when you want to authenticate users in WebSeal to "let them in" to your backend server but leave authorization for J2EE application to it's internal mechanisms (based on LDAP, for example). If you want to read more on TAI/TAI++ you can do it here or here.
However, in TAI++ scenario you will most probably come to the point when you will need to configure your Java Runtime for Policy Director (usually done in pdconfig or with pdjrtecfg directly). What WAS really needs for TAI++ is essentialy address of Policy Server, it's certificate to be trusted (downloaded during PDJRTEconfig) and registration with TAM pdmgrd as a member of security domain. These information is stored in (not strictly set, but reasonable to do it so) .conf and .key files producedafter invoking java com.tivoli.pd.jcfg.SvrSslCfg but first you need to have your PDJRTE configured.

 I tried this with WebSphere App Server's (WAS 7 and TAM 6.1.0.5) java first and usually you do it by sourcing WAS environment first and then using pdconfig. However, in WAS 7 there's a class conflicts of some kind and when you go to pdconfig and choose to configure WAS java (normally /opt/ibm/WebSphere/AppServer/java/jre) to be the runtime for Policy Director in picks proper java, but fails to finish the configuration with nasty error:

Configuration of Access Manager Runtime for Java is in progress.
This might take several minutes.
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:611)
        at com.tivoli.pd.jcfg.PDJrteCfg.config(PDJrteCfg.java:245)
        at com.tivoli.pd.jcfg.PDJrteCfg.interactCfg(PDJrteCfg.java:1307)
        at com.tivoli.pd.jcfg.PDJrteCfg.invoke(PDJrteCfg.java:1460)
        at com.tivoli.pd.jcfg.PDJrteCfg.main(PDJrteCfg.java:350)
Caused by:
[java.lang.NullPointerException
]

Wrappered Exception:
java.lang.NullPointerException
        at com.tivoli.pd.jutil.jb.getCACert(jb.java:129)
        ... 8 more
Caused by: java.lang.NullPointerException
        at org.apache.harmony.security.fortress.Services$NormalServices.createDefaultProviderInstance(Services.java:286)
        at org.apache.harmony.security.fortress.Services$NormalServices.getService(Services.java:423)
        at org.apache.harmony.security.fortress.Services$NormalServices.access$2100(Services.java:141)
        at org.apache.harmony.security.fortress.Services.getService(Services.java:824)
        at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:133)
        at java.security.KeyFactory.getInstance(KeyFactory.java:81)
        at com.ibm.security.x509.X509Key.buildX509Key(X509Key.java:275)
        at com.ibm.security.x509.X509Key.parse(X509Key.java:189)
        at com.ibm.security.x509.X509Key.parse(X509Key.java:215)
        at com.ibm.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:112)
        at com.ibm.security.x509.X509CertInfo.parse(X509CertInfo.java:966)
        at com.ibm.security.x509.X509CertInfo.<init>(X509CertInfo.java:236)
        at com.ibm.security.x509.X509CertInfo.<init>(X509CertInfo.java:222)
        at com.ibm.security.x509.X509CertImpl.parse(X509CertImpl.java:2285)
        at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:227)
        at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:213)
        at com.tivoli.pd.jutil.jb.getCACert(jb.java:51)
        ... 8 more

[java.lang.reflect.InvocationTargetException
]

Wrappered Exception:
java.lang.reflect.InvocationTargetException
        at com.tivoli.pd.jcfg.PDJrteCfg.config(PDJrteCfg.java:51)
        at com.tivoli.pd.jcfg.PDJrteCfg.interactCfg(PDJrteCfg.java:1307)
        at com.tivoli.pd.jcfg.PDJrteCfg.invoke(PDJrteCfg.java:1460)
        at com.tivoli.pd.jcfg.PDJrteCfg.main(PDJrteCfg.java:350)
Caused by: java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:611)
        at com.tivoli.pd.jcfg.PDJrteCfg.config(PDJrteCfg.java:245)
        ... 3 more
Caused by:
[java.lang.NullPointerException
]

Wrappered Exception:
java.lang.NullPointerException
        at com.tivoli.pd.jutil.jb.getCACert(jb.java:129)
        ... 8 more
Caused by: java.lang.NullPointerException
        at org.apache.harmony.security.fortress.Services$NormalServices.createDefaultProviderInstance(Services.java:286)
        at org.apache.harmony.security.fortress.Services$NormalServices.getService(Services.java:423)
        at org.apache.harmony.security.fortress.Services$NormalServices.access$2100(Services.java:141)
        at org.apache.harmony.security.fortress.Services.getService(Services.java:824)
        at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:133)
        at java.security.KeyFactory.getInstance(KeyFactory.java:81)
        at com.ibm.security.x509.X509Key.buildX509Key(X509Key.java:275)
        at com.ibm.security.x509.X509Key.parse(X509Key.java:189)
        at com.ibm.security.x509.X509Key.parse(X509Key.java:215)
        at com.ibm.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:112)
        at com.ibm.security.x509.X509CertInfo.parse(X509CertInfo.java:966)
        at com.ibm.security.x509.X509CertInfo.<init>(X509CertInfo.java:236)
        at com.ibm.security.x509.X509CertInfo.<init>(X509CertInfo.java:222)
        at com.ibm.security.x509.X509CertImpl.parse(X509CertImpl.java:2285)
        at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:227)
        at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:213)
        at com.tivoli.pd.jutil.jb.getCACert(jb.java:51)
        ... 8 more
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:611)
        at com.tivoli.pd.jcfg.PDJrteCfg.config(PDJrteCfg.java:245)
        at com.tivoli.pd.jcfg.PDJrteCfg.interactCfg(PDJrteCfg.java:1307)
        at com.tivoli.pd.jcfg.PDJrteCfg.invoke(PDJrteCfg.java:1460)
        at com.tivoli.pd.jcfg.PDJrteCfg.main(PDJrteCfg.java:350)
Caused by:
[java.lang.NullPointerException
]

Wrappered Exception:
java.lang.NullPointerException
        at com.tivoli.pd.jutil.jb.getCACert(jb.java:129)
        ... 8 more
Caused by: java.lang.NullPointerException
        at org.apache.harmony.security.fortress.Services$NormalServices.createDefaultProviderInstance(Services.java:286)
        at org.apache.harmony.security.fortress.Services$NormalServices.getService(Services.java:423)
        at org.apache.harmony.security.fortress.Services$NormalServices.access$2100(Services.java:141)
        at org.apache.harmony.security.fortress.Services.getService(Services.java:824)
        at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:133)
        at java.security.KeyFactory.getInstance(KeyFactory.java:81)
        at com.ibm.security.x509.X509Key.buildX509Key(X509Key.java:275)
        at com.ibm.security.x509.X509Key.parse(X509Key.java:189)
        at com.ibm.security.x509.X509Key.parse(X509Key.java:215)
        at com.ibm.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:112)
        at com.ibm.security.x509.X509CertInfo.parse(X509CertInfo.java:966)
        at com.ibm.security.x509.X509CertInfo.<init>(X509CertInfo.java:236)
        at com.ibm.security.x509.X509CertInfo.<init>(X509CertInfo.java:222)
        at com.ibm.security.x509.X509CertImpl.parse(X509CertImpl.java:2285)
        at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:227)
        at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:213)
        at com.tivoli.pd.jutil.jb.getCACert(jb.java:51)
        ... 8 more

The configuration failed.


Press Enter to continue.


I suppose it is because WAS 7 has it's own PD.jar file which may even be newer than the one supplied with TAM 6.1.0.5 <-- that's the version we're talking here about. Or it is because WAS 7 uses java 6, whereas tam works fine with java 5 - I can't tell exactly.

Anyway, what to do about it? Simply point pdconfig to a different java. For example, bundled with TAM base package is ibm java 5. Install it (it is in /opt/ibm/java2-i386-50/ directory), export it's path:

export PATH=$PATH:/opt/ibm/java2-i386-50/java/jre

and try pdconfig to configure pdjrte again. It should succeed now.

To obtain information for using with TAI++, run now SvrSslCfg with the java you just configured eg.:

/opt/ibm/java2-i386-50/jre/bin/java com.tivoli.pd.jcfg.SvrSslCfg -action config -admin_id sec_master -admin_pwd ***** -appsvr_id ******-host ***** -mode remote -port 8925 -policysvr tamsec-p2-1:7135:1 -authzsvr tamsec-p2-1:7136:1 -cfg_file domainname.cfg -key_file domainname.key -cfg_action create -domain domainname

and later supply it to WAS as TAI++ inteceptor config item.

Good Luck!

13 February 2012

Installation Manager java.lang.UnsatisfiedLinkError: Could not load SWT library

IBM Installation Manager is more and more widely used to deploy number of IBM products, so it may be useful to know a little about possible problems when running this tool.
My today's accomplishment is that I overcame following issue with installation on a lightweight SuSE 11 distribution (eg. stripped from almost every non-necessary package).
First, when trying to install IM itself I was knocked by:


JVMDUMP010I Snap dump written to /tmp/was/IM/Snap.20120213.121315.11358.0003.trc
libgcc_s.so.1 must be installed for pthread_cancel to work


This one was tackled by adding libgcc43-32bit package to the system. After successful silent installation, I tried to actually run IM to install WAS 7. Shell showed nothing after issuing:

./install or ./IBMIM

It was all I got:

prep2def:/opt/ibm/InstallationManager/eclipse # ./launcher
prep2def:/opt/ibm/InstallationManager/eclipse # cd /tmp/
 

Looking into configuration/datestamp.log files I found this error:

!ENTRY org.eclipse.osgi 4 0 2012-02-13 13:32:15.756
!MESSAGE Application error
!STACK 1
java.lang.UnsatisfiedLinkError: Could not load SWT library. Reasons:
        /opt/ibm/InstallationManager/eclipse/configuration/org.eclipse.osgi/bundles/454/1/.cp/libswt-pi-gtk-3659.so (libgthread-2.0.so.0: cannot open shared object file: No such file or directory)
        swt-pi-gtk (Not found in java.library.path)
        /tmp/swtlib-32/libswt-pi-gtk-3659.so (libgthread-2.0.so.0: cannot open shared object file: No such file or directory)
        /tmp/swtlib-32/libswt-pi-gtk.so (/tmp/swtlib-32/liblibswt-pi-gtk.so.so: cannot open shared object file: No such file or directory)


And finally, installing:

DejaVu Truetype Fonts
 
and

libgthread-2_0-0-32bit

helped, and I was able to successfully run Installation Manager. Hope it helps. Good luck.