This RFE is to implement something to NOT override JCE policy files when applying JDK patches, eg. in a JES environment where JDK is part of shared components (118666, 118667). My customer gets annoyed by always manually replacing these JCE policy files, which haven't changed since ages. They do use JCE with the SJSAS 8.2 EE as per a JES5 installation, where JDK is a shared component. When their machine gets patched, this cause always sort of trouble where people forget to put the right policy files in place with the right permissions. The last time they forgot to change file permission, which caused a severe prodcution down scenario since the appserver did not started properly.. [#|2009-11-13T14:56:04.815+0100|WARNING|sun-appserver-ee8.2|javax.enterprise.system.stream.err|_ThreadID=12;|java.lang.NoClassDefFo undError at javax.crypto.Cipher.getInstance(DashoA12275) at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(JsseJce.java:90) at com.sun.net.ssl.internal.ssl.RSACipher.<init>(RSACipher.java:35) at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(RSACipher.java:69) at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:82) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:515) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:618) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at java.io.DataOutputStream.flush(DataOutputStream.java:106) at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198) at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171) at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306) at sun.rmi.transport.DGCImpl_Stub.clean(Unknown Source) at sun.rmi.transport.DGCClient$EndpointEntry.makeCleanCalls(DGCClient.java:630) at sun.rmi.transport.DGCClient$EndpointEntry.access$1700(DGCClient.java:144) at sun.rmi.transport.DGCClient$EndpointEntry$RenewCleanThread.run(DGCClient.java:544) at java.lang.Thread.run(Thread.java:595) |#] Since these policy files are sort of configuration files, which we usually do NOT touch, we suggest to exclude them from the patch mechanism. For simplicity, keep them in plac if a JDK patch gets applied. This way a customer has to apply the JCE files ones only!! This would be very welcomed by customer and support!
|