Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Installing JCE With an Unlimited Strength Jurisdiction Policy

DZone's Guide to

Installing JCE With an Unlimited Strength Jurisdiction Policy

Learn how to quickly and easily install these security files and keep your Java SE-based software safe and secure - as well as how to do it for Mule.

· Security Zone ·
Free Resource

Protect your applications against today's increasingly sophisticated threat landscape.

In this article, I'd like to describe how to over come the "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error message when invoking secured services

These "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error messages usually occur when we try to invoke web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction.

To provision for the Java unlimited security jurisdiction we have to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.

How to Install JCE:

Windows -

  1. Go to the Oracle Java SE download page.
  2. Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File."
  3. Download the version that matches your installed JVM for example  UnlimitedJCEPolicyJDK7.zip
  4. Unzip the downloaded zip.
  5. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them).
  6. Then restart your application to get rid of this exception.

Linux/Unix - 

  1. Go to the Oracle Java SE download page.
  2. Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File."
  3. Download the version that matches your installed JVM, for example,  UnlimitedJCEPolicyJDK7.zip.
  4. Unzip the downloaded zip.
  5. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them).
# cd /usr/lib/jvm/java-1.7.0-oracle-1.7.0.51.x86_64/jre/lib/security
# cp /tmp/UnlimitedJCEPolicyJDK7.zip .
# ls -lhart
drwxrwxr-x.  2 root root 4.0K May 31  2011 UnlimitedJCEPolicy
-rw-r--r--.  1 root root  18K Dec 19  2013 java.security
-rw-r--r--.  1 root root 2.6K Dec 19  2013 java.policy
-rw-r--r--.  1 root root  81K Dec 19  2013 cacerts
-rw-r--r--.  1 root root 2.8K Dec 19  2013 blacklist
lrwxrwxrwx.  1 root root   58 Jul 17 14:15 US_export_policy.jar -> /etc/alternatives/jce_1.7.0_oracle_us_export_policy.x86_64
lrwxrwxrwx.  1 root root   54 Jul 17 14:15 local_policy.jar -> /etc/alternatives/jce_1.7.0_oracle_local_policy.x86_64
drwxr-xr-x. 17 root root 4.0K Nov  5 03:07 ..
-rw-r--r--.  1 root root 7.3K Dec 30 13:27 UnlimitedJCEPolicyJDK7.zip
drwxr-xr-x.  3 root root 4.0K Dec 30 13:28 .
# rm local_policy.jar
# rm US_export_policy.jar
# unzip UnlimitedJCEPolicyJDK7.zip # cp UnlimitedJCEPolicy/US_export_policy.jar . # cp UnlimitedJCEPolicy/local_policy.jar .


In Mule, if you are unable to connect from Mule Management Console to the on-Prem Mule Runtime or API Gateway servers then you have to install the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.

Rapidly detect security vulnerabilities in your web, mobile and desktop applications with IBM Application Security on Cloud. Register Now

Topics:
mulesoft ,security ,java security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}