JDK-8169335 : Add a crypto policy fallback in case Security Property 'crypto.policy' does not exist
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 9
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-11-07
  • Updated: 2017-05-17
  • Resolved: 2016-12-06
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
9 b148Fixed
Related Reports
Relates :  

-  Path cpPath = Paths.get(cryptoPolicyProperty);

   if ((cryptoPolicyProperty == null) ||
           (cpPath.getNameCount() != 1) ||
           (cpPath.compareTo(cpPath.getFileName()) != 0)) {
       throw new SecurityException(
           "Invalid policy directory name format: " +

+  Path cpPath = Paths.get(cryptoPolicyProperty); 
The eventual choice was to fallback to the property that the JDK was compiled under. Change JceSecurity.java to be a generated file (gensrc), which is then pulled into the build during compile. For the default/OracleJDK, that value is "unlimited"

In discussion with other team members, the desired approach is to: if (cryptoPolicyProperty == null) { System.getLogger("javax.crypto") .log(System.Logger.Level.WARNING, "Security Property 'crypto.policy' not found: " + "using 'limited' as fallback"); cryptoPolicyProperty = "limited"; } and remove the cryptoPolicyProperty null check.