44

In working on a different problem (related to RMI), I upgraded the system's "security folder" with the "unlimited strength" policy files and now my applicaiton fails in a different way. I get a long stack dump, of which following bits appear pertinent:

Exception in thread "main" java.lang.ExceptionInInitializerError

[...crop...]

Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism
        at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:86)
        ... 17 more
Caused by: java.lang.SecurityException: The jurisdiction policy files are not signed by a trusted signer!

[...crop...]

Um, WTF? The ONLY change was that I moved the orignal jar files aside and added the unlimited ones in $JAVA_HOME/lib/security. That directory now looks like this:

$ ls
blacklist      javaws.policy               trusted.libraries
cacerts        local_policy.jar            US_export_policy.jar
java.policy    local_policy.jar.strong     US_export_policy.jar.strong
java.security  local_policy.jar.unlimited  US_export_policy.jar.unlimited

Of course, the .strong and .unlimited version are there so I can switch back quickly.

The directions were short and plain, and it would appear that they ONLY envision the replacement of these two files (local_policy.jar and US_exportpolicy.jar).

What else is there to do?

Note that the versions of java and the policy files are the very youngest to date: 1.7.0_03, and jce_policy-6, respectively.

P.S. The article of similar title, found here, was of no help at all.

Hash
  • 4,647
  • 5
  • 21
  • 39
Richard T
  • 4,570
  • 5
  • 37
  • 49

5 Answers5

52

Rather than mixing runtime and policy file versions, you should use the policy files for Java 7.

erickson
  • 265,237
  • 58
  • 395
  • 493
  • Oh My Friggen Gawd, I Sure TRIED to get the very latest and was annoyed that I only found v 6. I made several attempts to be sure I got the latest. How in heck did I miss it and you find it?!@?! Oh well, I'll chalk this up to Oracle not having the most clear download site! -wink!- Thanks again. – Richard T Mar 16 '12 at 22:40
  • 4
    Or, -heavy-sigh- the real culpret is working too late: I had already downloaded the right one, but installed the wrong one! -frown- Oh well, I shouldn't be working such long hours, I s'pose. – Richard T Mar 16 '12 at 22:45
  • i am getting the same error even after replacing the Jars in my JRE.. I have JRE 1.7.32 running in my Websphere. I followed these steps. **http://www-01.ibm.com/support/docview.wss?uid=swg21635319** when i used the jars " Unrestricted SDK JCE Policy files for Java 5.0 SR16, Java 6 SR13, Java 7 SR4 and later versions ", i get Caused by: **Java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!** Even after replacing the jars. I am sure there is some issue withthe security signers. Can anyone please let me know the workaround for this? – bks4line Sep 13 '14 at 03:37
  • can you guys please help me out? Or can you guys please recommend a websphere support forum? – bks4line Sep 16 '14 at 12:50
  • @bks4line It sounds like your question might require some knowledge specific to IBM's JRE. You should post a new question, focusing on IBM. – erickson Sep 16 '14 at 14:26
  • @bks4line kpamu answered your question (provided a solution) via an answer to this same question - just FYI, maybe you've already solved your problem by now! – Richard T Mar 04 '15 at 19:25
  • Sure @RichardT, I will have a look at it. – bks4line Mar 05 '15 at 01:24
  • Downloading and then adding two policy jars to "..jre\lib\security\policy" folder resolved this issue for me. Thanks! – Vaibhav Miniyar Feb 11 '21 at 07:31
20

This happens when Java version does not match with the version of policy files. You can download the relevant policy files from following links.

Policy jars for Java 8
Policy jars for Java 7
Policy jars for Java 6

checklist
  • 12,340
  • 15
  • 58
  • 102
prageeth
  • 7,159
  • 7
  • 44
  • 72
8

Its possible that you have different versions of the JDK. For example if your JAVA_HOME points to version 7, but in your path version 6 shows up before version 7, this error could pop up.

Somaiah Kumbera
  • 7,063
  • 4
  • 43
  • 44
  • 2
    This was a good tip. My JAVA_HOME wasn't even set, and as soon as I set it, this error went away. Thankful I read down here, because the top answer is much more involved and probably wouldn't have fixed the problem for me. – Dan Dec 21 '16 at 18:13
4

This could happen if there are standard policy jar files somewhere in the classpath. I suggest to find and replace all the local_policy.jar and us_export_policy.jar files with the unrestricted versions of these jars in your machine. If you are using IBM's WAS/Portal Server/RAD, here is the link to the unrestricted JCE policy jars.

kpamu
  • 51
  • 1
  • I had to dowload Unrestricted SDK JCE policy files for older releases https://www-01.ibm.com/marketing/iwm/iwm/web/reg/download.do?source=jcesdk&lang=en_US&S_PKG=13_01&cp=UTF-8 http://www-01.ibm.com/support/docview.wss?uid=swg21635319 – David García González Dec 13 '15 at 12:30
0

While changing the version in your local or server, You should copy original jre/lib/security folder as security8 and remove cacerts which refers to efs and instead copy from old security8. This worked for me.

Vineela Thonupunuri
  • 551
  • 5
  • 15