Review request: include US_export_policy.jar and local_policy.jar
vincent.x.ryan at oracle.com
Sat May 29 04:00:02 PDT 2010
This change is good as an interim measure. Signed modules are now
supported so we will migrate these policy files over the next
On 27/05/2010 20:42, Sean Mullan wrote:
> The Makefile changes look ok to me. Vinnie is starting to work on fixing
> this with signed modules, so you may want to see if he has any comments
> before pushing.
> On 5/27/10 1:28 PM, Mandy Chung wrote:
>> Webrev at:
>> The current JCE implementation checks the existence of
>> US_export_policy.jar and local_policy.jar and throws exception if not
>> exist. A number of security jtreg tests failed due to such failure.
>> This fix will copy US_export_policy.jar and local_policy.jar in the
>> module-image as a short term solution so as to allows more tests to run
>> to verify the module-image. When signed modules are fully supported,
>> US_export_policy and local_policy will be converted to signed modules to
>> replace these jars in the module-image.
>> Comparing the number of jdk_security3 failures:
>> Before the fix: TEST STATS: run=363 pass=226 fail=137 excluded=26
>> After the fix: TEST STATS: run=363 pass=349 fail=14 excluded=26
>> Without these 2 policy jars, the exception looks like this:
>> Caused by: java.lang.SecurityException: Can not initialize cryptographic
>> at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:86)
>> ... 38 more
>> Caused by: java.lang.SecurityException: Cannot locate policy or
>> framework files!
>> at javax.crypto.JceSecurity.access$000(JceSecurity.java:48)
>> at javax.crypto.JceSecurity$1.run(JceSecurity.java:78)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:76)
More information about the jigsaw-dev