deploying on JBoss with jcmFIPS jar

Question

I am trying to deploy a war using some crystal objects jar. But when I deploy the war in standalone/deployments, I get that exception :

2020-01-31 15:45:07,171 ERROR [stderr] (Thread-98)  at com.rsa.jsafe.CryptoJ.isFIPS140Compliant(Unknown Source)
2020-01-31 15:45:07,171 ERROR [stderr] (Thread-98)  at com.businessobjects.bcm.internal.BcmRsaLib.initialize(BcmRsaLib.java:214)
2020-01-31 15:45:07,172 ERROR [stderr] (Thread-98)  at com.businessobjects.bcm.internal.BcmRsaLib.<clinit>(BcmRsaLib.java:289)
2020-01-31 15:45:07,172 ERROR [stderr] (Thread-98)  at com.businessobjects.bcm.BCM.<clinit>(BCM.java:1158)
2020-01-31 15:45:07,173 ERROR [stderr] (Thread-98)  at com.crystaldecisions.enterprise.ocaframework.BCMInitializer.run(BCMInitializer.java:29)
2020-01-31 15:45:07,175 ERROR [stderr] (Thread-98)  at java.lang.Thread.run(Thread.java:748)
2020-01-31 15:45:07,175 ERROR [stderr] (Thread-98) Caused by: java.lang.SecurityException: Required jcm jar file not found.
2020-01-31 15:45:07,176 ERROR [stderr] (Thread-98)  at com.rsa.cryptoj.o.cq.a(Unknown Source)
2020-01-31 15:45:07,176 ERROR [stderr] (Thread-98)  at com.rsa.cryptoj.o.co.<clinit>(Unknown Source)
2020-01-31 15:45:07,177 ERROR [stderr] (Thread-98)  ... 6 more

Not taking into account that this jar is in my war, in WEB_INF/lib and in the classpath. Putting the jar in the expected directory kind of solves the problems, but would not be acceptable in production, of course.

That seems very weird, does anyone have an explanation for this behavior ?

Answer 1

I solved the problem. It was coming from an static initilizer from the CryptoJ librairy, which whas trying to open another RSA lib (jcmFIPS.jar) manually. It didn't work because it was using a JBoss VFS URL instead of a correct path.

The solution was to install 3 librairies as a JBoss module : certjFIPS.jar, cryptojFIPS.jar and jcmFIPS.jar