We are trying to use nHaystack to access SkySpark from N4 and are running into some authentication errors.
Anyone have any ideas on how to resolve this? Error trace from the application director is below.
javax.baja.sys.BajaRuntimeException
at nhaystack.driver.BNHaystackServer.doPing(BNHaystackServer.java:440) at javax.baja.driver.ping.BPingMonitor.checkPing(BPingMonitor.java:365) at javax.baja.driver.ping.BPingMonitor.run(BPingMonitor.java:346) at java.lang.Thread.run(Thread.java:748) Caused by: java.security.AccessControlException: access denied ("com.tridium.nre.security.KeyRingPermission" "nhaystack") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.tridium.nre.security.KeyRing.checkKeyRingPermission(KeyRing.java:94) at com.tridium.nre.security.KeyRing.getKey(KeyRing.java:38) at com.tridium.nre.security.Aes256PasswordManager.getKey(Aes256PasswordManager.java:329) at com.tridium.nre.security.Aes256PasswordManager.decryptSecret(Aes256PasswordManager.java:141) at javax.baja.security.BAbstractAes256PasswordEncoder.getSecretBytes(BAbstractAes256PasswordEncoder.java:102) at javax.baja.security.BReversiblePasswordEncoder.getValue(BReversiblePasswordEncoder.java:198) at javax.baja.security.BPassword.getValue(BPassword.java:434) at nhaystack.driver.BNHaystackServer.getHaystackClient(BNHaystackServer.java:532) at nhaystack.driver.BNHaystackServer.doPing(BNHaystackServer.java:432) ... 3 more javax.baja.sys.BajaRuntimeException at nhaystack.driver.BNHaystackServer.doPing(BNHaystackServer.java:440) at javax.baja.driver.ping.BPingMonitor.checkPing(BPingMonitor.java:365) at javax.baja.driver.ping.BPingMonitor.run(BPingMonitor.java:346) at java.lang.Thread.run(Thread.java:748)
Richard McElhinneyThu 16 Aug 2018
Hi Sean,
Can you give some more details around the versions of software you are using? Niagara and nhaystack versions might help...also the SkySpark version.
Cheers, Richard
Sean StackhouseThu 16 Aug 2018
Hey Richard,
All the versions are pretty near the latest:
Niagara N4.6
NHaystack 2.1.0
SkySpark 3.1.15
Let me know if you need more details.
Sean
Bill SmithThu 16 Aug 2018
Sean, Richard,
With 4.6, a security requirement forced us to add a new permission that is required by the nhaystack module (hence the access control exception). You probably need to add a doPrivileged block to where you are reading the password.
See https://www.niagara-community.com/articles/Developer_Document/Breaking-change-Module-scoped-password-encryption?retURL=/apex/Comm_Search?q=scoped+password&popup=false for details.
Regards, Bill
Richard McElhinneySat 25 Aug 2018
Thanks Bill...that's great feedback.
Sean..I'll look to do an updated build ASAP for 4.6.
Sean Stackhouse Wed 15 Aug 2018
We are trying to use nHaystack to access SkySpark from N4 and are running into some authentication errors.
Anyone have any ideas on how to resolve this? Error trace from the application director is below.
javax.baja.sys.BajaRuntimeException
at nhaystack.driver.BNHaystackServer.doPing(BNHaystackServer.java:440) at javax.baja.driver.ping.BPingMonitor.checkPing(BPingMonitor.java:365) at javax.baja.driver.ping.BPingMonitor.run(BPingMonitor.java:346) at java.lang.Thread.run(Thread.java:748) Caused by: java.security.AccessControlException: access denied ("com.tridium.nre.security.KeyRingPermission" "nhaystack") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.tridium.nre.security.KeyRing.checkKeyRingPermission(KeyRing.java:94) at com.tridium.nre.security.KeyRing.getKey(KeyRing.java:38) at com.tridium.nre.security.Aes256PasswordManager.getKey(Aes256PasswordManager.java:329) at com.tridium.nre.security.Aes256PasswordManager.decryptSecret(Aes256PasswordManager.java:141) at javax.baja.security.BAbstractAes256PasswordEncoder.getSecretBytes(BAbstractAes256PasswordEncoder.java:102) at javax.baja.security.BReversiblePasswordEncoder.getValue(BReversiblePasswordEncoder.java:198) at javax.baja.security.BPassword.getValue(BPassword.java:434) at nhaystack.driver.BNHaystackServer.getHaystackClient(BNHaystackServer.java:532) at nhaystack.driver.BNHaystackServer.doPing(BNHaystackServer.java:432) ... 3 more javax.baja.sys.BajaRuntimeException at nhaystack.driver.BNHaystackServer.doPing(BNHaystackServer.java:440) at javax.baja.driver.ping.BPingMonitor.checkPing(BPingMonitor.java:365) at javax.baja.driver.ping.BPingMonitor.run(BPingMonitor.java:346) at java.lang.Thread.run(Thread.java:748)
Richard McElhinney Thu 16 Aug 2018
Hi Sean,
Can you give some more details around the versions of software you are using? Niagara and nhaystack versions might help...also the SkySpark version.
Cheers, Richard
Sean Stackhouse Thu 16 Aug 2018
Hey Richard,
All the versions are pretty near the latest:
Let me know if you need more details.
Sean
Bill Smith Thu 16 Aug 2018
Sean, Richard,
With 4.6, a security requirement forced us to add a new permission that is required by the nhaystack module (hence the access control exception). You probably need to add a doPrivileged block to where you are reading the password.
See https://www.niagara-community.com/articles/Developer_Document/Breaking-change-Module-scoped-password-encryption?retURL=/apex/Comm_Search?q=scoped+password&popup=false for details.
Regards, Bill
Richard McElhinney Sat 25 Aug 2018
Thanks Bill...that's great feedback.
Sean..I'll look to do an updated build ASAP for 4.6.
Cheers, Richard