1

I am going to use a 256 bit key for AES encyption and have the policy files that supports the same. But I don't want to install these files manually at jre/lib/security on server(WAS) as it might break some existing application running on the server.

Packaging the unlimited strength policy jars with my EAR(WEB-INF/lib) would require to change the class loader preference to "PARENT_LAST".

I have following questions :

(a) Is changing the class loader preference the best way out of this situation? (b) Is it possible that installing "unlimited strength policy" can effect other application in a negative way.

Newb
  • 11
  • 1
  • 2
    It will not work that way. You will have to properly modify jre/lib/security contents. – Oleg Estekhin Jul 11 '14 at 14:48
  • 1
    The chances that the installation of those files may break some existing application is minimal. If you really want to you can use a separate JDK for your server, but be aware that an insecure installation is much more likely to break than one that uses AES-128. – Maarten Bodewes Jul 11 '14 at 18:32
  • Thanks for your suggestions. However, I am not able to accept answer or up vote it – Newb Aug 05 '14 at 06:42
  • installing (overwriting) the JCE won't break anything... except that some processes will work then... there is some "hack" without changing files : http://stackoverflow.com/a/28136100 – Bernhard Feb 10 '15 at 12:34

0 Answers0