Issue
The Contrast Java Agent fails to connect to the Contrast Server and the following cause is seen in the agent log:
java.lang.ClassNotFoundException: Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory
Cause
When the IBM WebSphere Application Server starts up it looks to see whether the ssl.SocketFactory.provider
property is defined in the <JRE_HOME>/lib/security/java.security
file. (An example <JRE_HOME> is /opt/IBM/WebSphere/AppServer/java/jre.) If the property is not defined then WebSphere assumes that it must configure the ssl.SocketFactory.provider
and so sets the security property to the WebSphere default of com.ibm.websphere.ssl.protocol.SSLSocketFactory
.
Unfortunately the class com.ibm.websphere.ssl.protocol.SSLSocketFactory
is not visible to the Java agent thus the ClassNotFoundException
is raised when trying to connect to an SSL socket.
Resolution
To address the issue, you will need to set the relevant properties to a null value therefore preventing WebSphere from loading its default providers. To do so, add the following lines to the Java Security Policy:
ssl.SocketFactory.provider=
ssl.ServerSocketFactory.provider=
This change can be applied in various locations depending on the desired scope. See the first external reference below for the difference between the java.policy
and server.policy
files. Alternatively, you can localize the change by creating a text file, say my.java.security
, containing just those lines and reference it in the JVM System Properties using:
-Djava.security.properties=/path/to/my.java.security