Installing JCE With an Unlimited Strength Jurisdiction Policy
Learn how to quickly and easily install these security files and keep your Java SE-based software safe and secure - as well as how to do it for Mule.
Join the DZone community and get the full member experience.
Join For FreeIn this article, I'd like to describe how to over come the "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error message when invoking secured services
These "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error messages usually occur when we try to invoke web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction.
To provision for the Java unlimited security jurisdiction we have to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.
How to Install JCE:
Windows -
- Go to the Oracle Java SE download page.
- Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File."
- Download the version that matches your installed JVM for example UnlimitedJCEPolicyJDK7.zip
- Unzip the downloaded zip.
- Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them).
- Then restart your application to get rid of this exception.
Linux/Unix -
- Go to the Oracle Java SE download page.
- Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File."
- Download the version that matches your installed JVM, for example, UnlimitedJCEPolicyJDK7.zip.
- Unzip the downloaded zip.
- Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them).
# cd /usr/lib/jvm/java-1.7.0-oracle-1.7.0.51.x86_64/jre/lib/security
# cp /tmp/UnlimitedJCEPolicyJDK7.zip .
# ls -lhart
drwxrwxr-x. 2 root root 4.0K May 31 2011 UnlimitedJCEPolicy
-rw-r--r--. 1 root root 18K Dec 19 2013 java.security
-rw-r--r--. 1 root root 2.6K Dec 19 2013 java.policy
-rw-r--r--. 1 root root 81K Dec 19 2013 cacerts
-rw-r--r--. 1 root root 2.8K Dec 19 2013 blacklist
lrwxrwxrwx. 1 root root 58 Jul 17 14:15 US_export_policy.jar -> /etc/alternatives/jce_1.7.0_oracle_us_export_policy.x86_64
lrwxrwxrwx. 1 root root 54 Jul 17 14:15 local_policy.jar -> /etc/alternatives/jce_1.7.0_oracle_local_policy.x86_64
drwxr-xr-x. 17 root root 4.0K Nov 5 03:07 ..
-rw-r--r--. 1 root root 7.3K Dec 30 13:27 UnlimitedJCEPolicyJDK7.zip
drwxr-xr-x. 3 root root 4.0K Dec 30 13:28 .
# rm local_policy.jar
# rm US_export_policy.jar
# unzip UnlimitedJCEPolicyJDK7.zip # cp UnlimitedJCEPolicy/US_export_policy.jar . # cp UnlimitedJCEPolicy/local_policy.jar .
In Mule, if you are unable to connect from Mule Management Console to the on-Prem Mule Runtime or API Gateway servers then you have to install the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.
Opinions expressed by DZone contributors are their own.
Comments