Custom SecurityProvider breaks on EAP 7.4.17+ and EAP 8.0.0

Solution Unverified - Updated -

Issue

  • We have an app with a custom security provider that depends on delayed provider selection. This breaks after updating to EAP 7.4.17+ or 8.0.0+ and security debug shows delayed provider selection is disabled as a result of org.apache.xml.security.algorithms.implementations.SignatureBaseRSA disabling delayed provider selection:
 Signature: Signature.init() not first method called, disabling delayed provider selection 
 java.lang.Exception: Debug call trace 
        at java.security.Signature$Delegate.chooseFirstProvider(Signature.java:1054) 
        at java.security.Signature.getProvider(Signature.java:436) 
        at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.<init>(SignatureBaseRSA.java:64) 
        at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.<init>(SignatureBaseRSA.java:57) 
        at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1.<init>(SignatureBaseRSA.java:207)

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 7.4.17 - 7.4.20
    • 8.0.0 - 8.0.2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content