Sun JRE dependency with NMAS read Responses

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Install PWM trunk with tomcat and IBM J9 VM on Linux
2. "Enable NMAS Responses for Forgotten Password" in the Config Manager
3. Cleared the LDAP response attribute in the ConfigManager
4. Try to use the Forgotten Password service

What is the expected output? What do you see instead?
Expected ouput would be that PWM can test the C/R via the NMAS client. Instead 
I get a ServletException casued by java.lang.NoClassDefFoundError: 
com.sun.net.ssl.internal.ssl.Provider

The current code of NMASResponseSession is SUN Vendor specific.

Attached the relevant part of catalina.out (anonymized):

2013-08-28 16:02:18, TRACE, operations.CrService, {6} beginning read of user 
response sequence [123.456.789.12]
2013-08-28 16:02:18, DEBUG, operations.CrService, {6} will attempt to read the 
following storage methods: ["LDAP","NMAS"] for user cn=testuser,ou=users,o=meta 
[123.456.789.12]
2013-08-28 16:02:18, TRACE, operations.CrService, {6} attempting read of 
responses via storage method: LDAP [123.456.789.12]
2013-08-28 16:02:18, TRACE, operations.CrService, {6} no responses read using 
method LDAP [123.456.789.12]
2013-08-28 16:02:18, TRACE, operations.CrService, {6} attempting read of 
responses via storage method: NMAS [123.456.789.12]
2013-08-28 16:02:18, TRACE, provider.ChaiProviderFactory, adding 
WatchdogWrapper to provider instance
2013-08-28 16:02:18, TRACE, provider.WatchdogWrapper, checking for user 
password expiration to adjust watchdog timeout
2013-08-28 16:02:18, TRACE, provider.ChaiProviderFactory, adding 
StatisticsWrapper to provider instance
2013-08-28 16:02:18, WARN , pwm.CaptchaFilter, {6} error during captcha filter: 
Servlet execution threw an exception [123.456.789.12]
javax.servlet.ServletException: Servlet execution threw an exception
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:313)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at password.pwm.CaptchaFilter.processFilter(CaptchaFilter.java:68)
    at password.pwm.CaptchaFilter.doFilter(CaptchaFilter.java:50)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at password.pwm.SessionFilter.processFilter(SessionFilter.java:219)
    at password.pwm.SessionFilter.doFilter(SessionFilter.java:90)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at password.pwm.GZIPFilter.doFilter(GZIPFilter.java:45)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at password.pwm.ApplicationModeFilter.doFilter(ApplicationModeFilter.java:63)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:736)
Caused by: java.lang.NoClassDefFoundError: com.sun.net.ssl.internal.ssl.Provider
    at java.lang.J9VMInternals.verifyImpl(Native Method)
    at java.lang.J9VMInternals.verify(J9VMInternals.java:72)
    at java.lang.J9VMInternals.initialize(J9VMInternals.java:134)
    at password.pwm.util.operations.cr.NMASCrOperator$NMASCRResponseSet.cycle(NMASCrOperator.java:187)
    at password.pwm.util.operations.cr.NMASCrOperator$NMASCRResponseSet.<init>(NMASCrOperator.java:178)
    at password.pwm.util.operations.cr.NMASCrOperator$NMASCRResponseSet.<init>(NMASCrOperator.java:155)
    at password.pwm.util.operations.cr.NMASCrOperator.readResponseSet(NMASCrOperator.java:76)
    at password.pwm.util.operations.CrService.readUserResponseSet(CrService.java:330)
    at password.pwm.servlet.ForgottenPasswordServlet.loadResponsesIntoBean(ForgottenPasswordServlet.java:283)
    at password.pwm.servlet.ForgottenPasswordServlet.advancedToNextStage(ForgottenPasswordServlet.java:465)
    at password.pwm.servlet.ForgottenPasswordServlet.processSearch(ForgottenPasswordServlet.java:187)
    at password.pwm.servlet.ForgottenPasswordServlet.processRequest(ForgottenPasswordServlet.java:114)
    at password.pwm.servlet.TopServlet.handleRequest(TopServlet.java:83)
    at password.pwm.servlet.TopServlet.doPost(TopServlet.java:158)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    ... 26 more
Caused by: java.lang.ClassNotFoundException: 
com.sun.net.ssl.internal.ssl.Provider
    at java.lang.ClassNotFoundException.<init>(ClassNotFoundException.java:76)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1278)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1245)
    ... 43 more

Original issue reported on code.google.com by sebastia...@gmail.com on 28 Aug 2013 at 2:14

[GoogleCodeExporter]

Can you try commenting line 447 in NMASCrOperator.java:

            Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

Original comment by jrivard on 28 Aug 2013 at 2:37

[GoogleCodeExporter]

Thanks, that seems to fix the issue. However I notice that the the NMAS login 
spits out uncontrolled logging:

2013-08-28 20:59:10, TRACE, cr.NMASCrOperator, starting NMASSessionMonitor 
thread id=2 activeCount=2

<<open session> >> reply (NMAS ID) 262273

2013-08-28 20:59:10, DEBUG, operations.CrService, {4} returning responses read 
via method NMAS for user cn=testuser,ou=users,o=meta [123.456.789.14]

Should I consider this as a feature from the NMAS libraries or should I file a 
seperate issue for this?

Original comment by sebastia...@gmail.com on 28 Aug 2013 at 7:08

[GoogleCodeExporter]

It's a feature.  Not much I can do about it :(   Change checked into revision 
604.

Original comment by jrivard on 28 Aug 2013 at 7:11

• Changed state: Fixed

[GoogleCodeExporter]

Thanks! I'll do some further testing with this new functionality. Especially 
the number of open NMAS Session threads need some extensive testing. Unless I'm 
mistaken, the NMAS timeout is hardcoded to 3 minutes. A couple of quick tests 
do not show a cleanup of those inactive threads (User presses cancel button 
after getting the Challenge presented via NMAS). This might be another (new) 
issue.

Original comment by sebastia...@gmail.com on 28 Aug 2013 at 7:33