Solaris JMS Client连接到Weblogic 11g t3s安全问题 [英] Solaris JMS Client connect to Weblogic 11g t3s security problem

问题描述

当我尝试在Solaris Server中连接Weblogic t3s协议时，它显示以下错误：

When I try to connect Weblogic t3s protocol in Solaris Server, it shows this error:

java.lang.IllegalStateException: Not enough cryptography available to enable a cipher suite!
        at com.certicom.tls.interfaceimpl.TLSSystem.resetCipherSuiteSupport(Unknown Source)
        at com.certicom.tls.interfaceimpl.TLSSystem.setCertificateSupport(Unknown Source)
        at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
        at com.certicom.tls.interfaceimpl.TLSSystem.<init>(Unknown Source)
        at com.certicom.net.ssl.SSLContext.<init>(Unknown Source)
        at com.bea.sslplus.CerticomSSLContext.<init>(Unknown Source)
        at sun.reflect.GeneratedConstructorAccessor6.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:355)
        at java.lang.Class.newInstance(Class.java:308)
        at weblogic.security.utils.SSLSetup.getSSLDelegateInstance(SSLSetup.java:122)
        at weblogic.security.utils.SSLContextWrapper.<init>(SSLContextWrapper.java:48)
        at weblogic.security.utils.SSLContextWrapper.getInstance(SSLContextWrapper.java:43)
        at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:238)
        at weblogic.security.SSL.SSLClientInfo.getSSLSocketFactory(SSLClientInfo.java:101)
        at weblogic.socket.ChannelSSLSocketFactory.getSocketFactory(ChannelSSLSocketFactory.java:170)
        at weblogic.socket.ChannelSSLSocketFactory.createSocket(ChannelSSLSocketFactory.java:77)
        at weblogic.socket.ChannelSSLSocketFactory.createSocket(ChannelSSLSocketFactory.java:114)
        at weblogic.socket.BaseAbstractMuxableSocket.createSocket(BaseAbstractMuxableSocket.java:133)
        at weblogic.rjvm.t3.MuxableSocketT3.newSocketWithRetry(MuxableSocketT3.java:206)
        at weblogic.rjvm.t3.MuxableSocketT3.connect(MuxableSocketT3.java:375)
        at weblogic.rjvm.t3.ConnectionFactoryT3S.createConnection(ConnectionFactoryT3S.java:34)
        at weblogic.rjvm.ConnectionManager.createConnection(ConnectionManager.java:1773)
        at weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionManager.java:1416)
        at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:437)
        at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:315)
        at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:251)
        at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:194)
        at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
        at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
        at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
        at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:153)
        at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:344)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
        at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:339)
        at weblogic.jndi.Environment.getContext(Environment.java:315)
        at weblogic.jndi.Environment.getContext(Environment.java:285)
        at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)

我有def以下参数：

-Djava.protocol.handler.pkgs=weblogic.net -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreType=JKS -Dweblogic.security.CustomTrustKeyStoreFileName=keystore -Dweblogic.security.CustomTrustKeyStorePassPhrase=passphrase -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true

我该如何解决？ Windows中有相同的源和相同参数。

How can I fix it? Same source and same parameters is working in Windows.

谢谢。

推荐答案

这个解决方案在当天有点晚了，但是对于其他有相同问题的人来说也是如此。

This solution comes a bit late in the day, but is meant for others having the same problem.

显然，将webserviceclient + ssl.jar添加到类路径的公认解决方案是可行的，因为WebLogic Full Client - wlfullclient.jar在其MANIFEST中引用了其他JAR。 MF档案。添加webservices客户端JAR可以解决此问题，因为在使用SSL / TLS时，它似乎具有正确操作客户端所需的最小类集。当wlfullclient.jar和wlcipher.jar的副本在不同的目录中创建并添加到类路径时，通常会遇到该错误。然后，JVM无法从MANIFEST文件中引用的JAR加载其他依赖类。

Apparently, the accepted solution of adding webserviceclient+ssl.jar to the classpath works, since the WebLogic Full Client - wlfullclient.jar has references to other JARs in its MANIFEST.MF file. Adding the webservices client JAR resolves the issue, since it appears to have the minimum set of classes required for correct operation of the client when using SSL/TLS. The error is usually encountered when copies of the wlfullclient.jar and wlcipher.jar are made in a different directory, and added to the classpath. The JVM then fails to load other dependent classes from JARs that are referenced from within the MANIFEST file.

实际的解决方案是添加生成的wlfullclient.jar WL_HOME \ server \ ltl目录，指向CLASSPATH。然后，所有其他依赖JAR将通过相应的类加载器获取，因为清单通过相对目录路径引用这些.JAR。

The actual solution would be to add the wlfullclient.jar that is generated in the WL_HOME\server\lib directory, to the CLASSPATH. All other dependent JARs would then be picked up via the appropriate classloader, since the manifest references these via relative directory paths.

这篇关于Solaris JMS Client连接到Weblogic 11g t3s安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！