0

My spring application uses mongodb for persistence. The application connects to mongodb using username/password.

To find benefits of Spring Native, I have created a docker image on my Ubuntu 18 LTS. When I run the app image and mongodb image using docker compose, everything looks good. When I invoke rest api which inserts into mongodb, the app throws an error

com.oracle.svm.core.jdk.UnsupportedFeatureError: Trying to verify a provider that was not registered at build time: SunJCE version 11. 
All providers must be registered and verified in the Native Image builder. 
Only the SUN provider is registered and verified by default. 
All other built-in providers are processed when all security services are enabled 
using the --enable-all-security-services option. 
Third party providers must be configured in the Native Image builder VM. 
at com.oracle.svm.core.util.VMError.unsupportedFeature(VMError.java:87)
native-demo |   at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:384)
native-demo |   at javax.crypto.JceSecurity.canUseProvider(JceSecurity.java:231)
native-demo |   at javax.crypto.Mac.getInstance(Mac.java:186)
native-demo |   at com.mongodb.internal.connection.ScramShaAuthenticator$ScramShaSaslClient.hi(ScramShaAuthenticator.java:299)

OS: Ubuntu 18 LTS

Spring Native: 0.9.0

Spring Boot: 2.4.3

JDK: '''openjdk version "11.0.7" 2020-04-14 OpenJDK Runtime Environment GraalVM CE 20.1.0 (build 11.0.7+10-jvmci-20.1-b02) OpenJDK 64-Bit Server VM GraalVM CE 20.1.0 (build 11.0.7+10-jvmci-20.1-b02, mixed mode, sharing '''

Referring to https://www.graalvm.org/reference-manual/native-image/BuildConfiguration/#configuration-file-format, I have also created a file META-INF/native-image.properties with following content NativeImageArgs = --enable-all-security-services

Even after rebuilding the image, the issue persist.

How do I fix this issue? Any suggestion on possible solution.

Chir
  • 671
  • 1
  • 10
  • 29
  • Seems to be a lot of good material on it here. https://www.graalvm.org/reference-manual/native-image/JCASecurityServices/ -- The page says the enable-all is deprecated, fwiw, so maybe it doesn't work anymore. It also says "The native image builder captures the list of providers and their preference order from the underlying JVM. ". I'm guessing "underlying" means the one that the native image is built with? – Atmas Apr 21 '21 at 07:06
  • What I'm wondering is if your app is somehow trying to bootstrap the default available JVM in the container (SunJCE version 11) , which wasn't available at native image build time and therefore can not automatically registered such that it can't be used once it's running on the container. – Atmas Apr 21 '21 at 07:06
  • @Atmas The description seems to have deep meaning. The JVM I use is openjdk version "11.0.7" 2020-04-14 OpenJDK Runtime Environment GraalVM CE 20.1.0 (build 11.0.7+10-jvmci-20.1-b02) OpenJDK 64-Bit Server VM GraalVM CE 20.1.0 (build 11.0.7+10-jvmci-20.1-b02, mixed mode, sharing – Chir Apr 28 '21 at 08:10

1 Answers1

1

Could you add a build argument on your spring-boot-maven-plugin?

                <configuration>
                    <image>
                        <builder>paketobuildpacks/builder:tiny</builder>
                        <env>
                            <BP_NATIVE_IMAGE>true</BP_NATIVE_IMAGE>
                            <BP_NATIVE_IMAGE_BUILD_ARGUMENTS>
                                - H:IncludeResourceBundles=sun.security.util.Resources
                            </BP_NATIVE_IMAGE_BUILD_ARGUMENTS>
                        </env>
                    </image>
                </configuration>
Seung Hyun Han
  • 126
  • 4