| License Type | SaaS & On-Premise |
| Agent Mode | Assess & Protect |
| Main Product Category | Java Agent |
| Sub Category | Connectivity |
Issue
The Contrast Java Agent fails to connect to the Contrast Server and the following cause is seen in the agent log:
java.lang.ClassNotFoundException: Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory
Cause
When the IBM WebSphere Application Server starts up it looks to see whether the ssl.SocketFactory.provider property is defined in the <JRE_HOME>/lib/security/java.security file. (An example <JRE_HOME> is /opt/IBM/WebSphere/AppServer/java/jre.) If the property is not defined then WebSphere assumes that it must configure the ssl.SocketFactory.provider and so sets the security property to the WebSphere default of com.ibm.websphere.ssl.protocol.SSLSocketFactory.
Unfortunately the class com.ibm.websphere.ssl.protocol.SSLSocketFactory is not visible to the Java agent thus the ClassNotFoundException is raised when trying to connect to an SSL socket.
Resolution
To address the issue, you will need to set the relevant properties to a null value therefore preventing WebSphere from loading its default providers. To do so, add the following lines to the Java Security Policy:
ssl.SocketFactory.provider=
ssl.ServerSocketFactory.provider=
This change can be applied in various locations depending on the desired scope. See the first external reference below for the difference between the java.policy and server.policy files. Alternatively, you can localize the change by creating a text file, say my.java.security, containing just those lines and reference it in the JVM System Properties using:
-Djava.security.properties=/path/to/my.java.security