JDK-6901206 : exclude JCE policy from Java solaris patch mechanism as part of JES shared components and keep them
  • Type: Enhancement
  • Component: install
  • Sub-Component: install
  • Affected Version: 5.0-pool
  • Priority: P3
  • Status: Closed
  • Resolution: Won't Fix
  • OS: solaris_10
  • CPU: sparc
  • Submitted: 2009-11-13
  • Updated: 2018-08-23
  • Resolved: 2018-08-23
Description
This RFE is to implement something to NOT override JCE policy files when applying JDK patches, eg. in a JES environment where JDK is part of shared components (118666, 118667). My customer gets annoyed by always manually replacing these JCE policy files, which haven't changed since ages.

They do use JCE with the SJSAS 8.2 EE as per a JES5 installation, where JDK is a shared component. When their machine gets patched, this cause always sort of trouble where people forget to put the right policy files in place with the right permissions. The last time they forgot to change file permission, which caused a severe prodcution down scenario since the appserver did not started properly..

[#|2009-11-13T14:56:04.815+0100|WARNING|sun-appserver-ee8.2|javax.enterprise.system.stream.err|_ThreadID=12;|java.lang.NoClassDefFo
undError
        at javax.crypto.Cipher.getInstance(DashoA12275)
        at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(JsseJce.java:90)
        at com.sun.net.ssl.internal.ssl.RSACipher.<init>(RSACipher.java:35)
        at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(RSACipher.java:69)
        at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:82)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:515)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:618)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
        at java.io.DataOutputStream.flush(DataOutputStream.java:106)
        at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
        at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
        at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
        at sun.rmi.transport.DGCImpl_Stub.clean(Unknown Source)
        at sun.rmi.transport.DGCClient$EndpointEntry.makeCleanCalls(DGCClient.java:630)
        at sun.rmi.transport.DGCClient$EndpointEntry.access$1700(DGCClient.java:144)
        at sun.rmi.transport.DGCClient$EndpointEntry$RenewCleanThread.run(DGCClient.java:544)
        at java.lang.Thread.run(Thread.java:595)
|#]


Since these policy files are sort of configuration files, which we usually do NOT touch, we suggest to exclude them from the patch mechanism. For simplicity, keep them in plac if a JDK patch gets applied. This way a customer has to apply the JCE files ones only!! 

This would be very welcomed by customer and support!
Comments
Yes, we will still have strong/limited and unlimited policy files in JDK 8 GA.
13-09-2013
Is this still applicable in 8?
12-09-2013
EVALUATION This is an issue with the installer. We (JCE) can help consult on with the JCE part, but we don't have anything to do with how upgrades and installations occur. The submitter is talking about: > the shared components are installed as part of the JES installer if not already > installed on a machine. It's in 'pkgadd' format on Solaris and the equivalent on > Windows, that one can apply patches. The patch ID's I mentioned are the one for > Solaris. $ pkginfo | grep SUNWj5 system SUNWj5cfg JDK 5.0 Host Config. (1.5.0_18) system SUNWj5dev JDK 5.0 Dev. Tools (1.5.0_18) system SUNWj5dmo JDK 5.0 Demo Programs (1.5.0_18) system SUNWj5dmx JDK 5.0 64-bit Demo Programs (1.5.0_18) system SUNWj5dvx JDK 5.0 64-bit Dev. Tools (1.5.0_18) system SUNWj5man JDK 5.0 Man Pages (1.5.0_18) system SUNWj5rt JDK 5.0 Runtime Env. (1.5.0_18) system SUNWj5rtx JDK 5.0 64-bit Runtime Env. (1.5.0_18)
13-11-2009