Krypt error when Rails 4 run in production mode on a Java Application Server

[pierrickrouxel]

Hi,

I have an error with krypt when I use the new Rails 4 secret token mode :

Application.config.secret_key_base = '...'

instead of

Application.config.secret_token = '...'

Application raise SOMETIMES this error :

Krypt::Provider::ServiceNotAvailableError (The requested service is not available):
gems/gems/krypt-0.0.1/lib/krypt/provider.rb:32:in new_service'
gems/gems/krypt-0.0.1/lib/krypt/digest.rb:100:innew'
org/jruby/RubyBasicObject.java:1735:in instance_eval'
gems/gems/krypt-0.0.1/lib/krypt/digest.rb:101:innew'
gems/gems/krypt-0.0.1/lib/krypt/digest.rb:106:in new'
gems/gems/krypt-ossl-0.1.0/lib/krypt/ossl/pkcs5.rb:10:inpbkdf2_hmac_sha1'
gems/gems/activesupport-4.0.0.rc1/lib/active_support/key_generator.rb:21:in generate_key'
gems/gems/activesupport-4.0.0.rc1/lib/active_support/key_generator.rb:38:ingenerate_key'
gems/gems/actionpack-4.0.0.rc1/lib/action_dispatch/middleware/cookies.rb:436:in initialize'
gems/gems/actionpack-4.0.0.rc1/lib/action_dispatch/middleware/cookies.rb:159:inencrypted'
gems/gems/actionpack-4.0.0.rc1/lib/action_dispatch/middleware/cookies.rb:168:in `signed_or_encrypted'

Due to this error Rails 4 it's absolutelly unusable with this secret_token generation.

The issue is possible to reduce with an executable jar built with warbler.

For people who experienced the same problem the temporary solution is :

• Replace secret_key_base by secret_token

Rails 4 requires krypt only if secret_key_base is used

• Add gem 'jruby-openssl', :require => false to your Gemfile

Issue is open in krypt project too : krypt/krypt#38

[BanzaiMan]

This sounds like a duplicate of #719. @emboss, could you take a look?

[pierrickrouxel]

No, I think it's not a duplicate. I fix the PKCS5 error with

gem 'jruby-openssl', :require => false

But's it's a jruby-openssl error which is not required with Rails 4 secret_key_base.

When I have the krypt error I haven't jruby-openssl in my Gemfile. It is not used.

[BanzaiMan]

@pierrickrouxel Thanks for the detailed explanation.

[headius]

What JRuby version is this?

[pierrickrouxel]

1.7.4 but I haven't try with another version !

[emboss]

@BanzaiMan Yes, I'll try to fix this!

@pierrickrouxel Which application server are you using?

[headius]

FWIW JRuby 1.7.5 will ship with jruby-openssl and krypt* as default gems,
so they can be upgraded by users if needed.
On Sep 18, 2013 5:33 PM, "Martin Bosslet" notifications@github.com wrote:

@BanzaiMan https://github.com/BanzaiMan Yes, I'll try to fix this!

@pierrickrouxel https://github.com/pierrickrouxel Which application
server are you using?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1018#issuecomment-24704888
.

[pierrickrouxel]

I use Websphere Application Server but the bug appears with warbler Jetty embedded server too.

Thank you for your job !

[djannot]

Hi Pierrick,

Have you finally found a way to solve your issue ?
I'm facing the same one.

Thanks
Denis

[pierrickrouxel]

No I haven' t found solution. I use rails 3 way for moment.

[djannot]

OK, thanks

2013/10/13 Pierrick Rouxel notifications@github.com

No I haven' t found solution. I use rails 3 way for moment.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1018#issuecomment-26208551
.

[emboss]

@pierrickrouxel This never occurs with Rails 3, only with 4, right? I'll try to reproduce it with Jetty as you confirmed it appears there, too. You wouldn't happen to have a proof of concept that I could use for hunting down the error? That would be awesome!

[abstractj]

Good morning guys, I just wrote a simple application with TorqueBox and Krypt to reproduce the environment and the issue mentioned https://github.com/abstractj/torquebox-krypt-example

I've also introduced the secret token https://github.com/abstractj/torquebox-krypt-example/blob/master/config/initializers/secret_token.rb#L12. Maybe this is neither an issue related with JRuby nor Krypt?