Jboss 7 class loading for JCE provider bouncy castle

I was helping somebody on encrypting the database connection from a Jboss 7 web application.

the recommended JCE provider is bouncy castle, however, this jboss7 class loading issue should apply to any other JCE provider jar as well.

the exception is

JZ0LA: Failed to instantiate Cipher object. Transformation RSA/NONE/

OAEPWithSHA1

AndMGF1Padding is not implemented by any of the loaded JCE providers.

when using spring jdbc connection or anything alike, for example

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"

destroy-method="close" p:driverClassName="com.sybase.jdbc3.jdbc.SybDriver"

p:url="${db.url}" p:username="${db.username}"

p:password="${db.password}" />

the db.url, would be alike

jdbc:sybase:Tds:server:4100/datavase?ENCRYPT_PASSWORD=true&JCE_PROVIDER_CLASS=org.bouncycastle.jce.provider.BouncyCastleProvider

Above exception basically says, the boucy castle jar is not on classpath.

The jar, is however, already put into
application.war
— –WEB-INF
–lib
–bcprov-jdk1.6–1.4.6.jar

above settings would work in Jboss 5. However, it would fail in Jboss 7. The reason being, while Jboss 5 using hierarchy class loading, I guess it starts from the WAS class loader first, which successfully load the bouncy castle.
However, Jboss 7 is using module class loading now, other than implicity dependecies like rt.jar, javax.security etc, other dependecies, as you define it in jboss-deployment-structure.xml, else you cannot access it.

And for jboss 7, the JCE_provider attribute was passed to Jdbc3.SybDriver, however, was being called/looked for by Jboss class loader, not the war class loader.

The resolution to resolve above is, either put bc.jar as a module, as physically pointed to as a resource.
Solution 1.

<module xmlns="urn:jboss:module:1.1" name="org.bouncycastle">

<resources>

<resource-root path="bcprov-jdk16-1.46.jar"/>

<!-- Insert resources here -->

</resources>

<dependencies>

<module name="javax.api" slot="main" export="true"/>

</dependencies>

</module>

<dependencies>

<module name="org.osgi.core" />

<module name="com.sun.crypto.provider" slot="main" export="true"/>

<module name="org.bouncycastle" slot="main" export="true"/>

</dependencies>

</deployment>

</jboss-deployment-structure>

Solution 2. Not use-physical-code-source=”true” is compulsory.

<resources>

<resource-root path="WEB-INF/lib/bcprov-jdk16-1.46.jar" use-physical-code-source="true"/>

</resources>

</deployment>

</jboss-deployment-structure>

Refer to https://lwpro2.dev/2013/12/19/jboss-7-class-loading-for-jce-provider-bouncy-castle/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store