ibm-jdkjavapolicy

Java SecurityException Cannot locate policy or framework files after updating to latest version

Here's how I launch java

java -Djava.rmi.server.hostname=myhostname \
    -Djava.security.policy=/myprogram/java.policy \
    -Dcom.ibm.tools.attach.enable=no -jar \
    /myprogram/myjar.jar

and the contents of java.policy is

grant codeBase "file:/myprogram/myjar.jar" {
  permission java.security.AllPermission;
};

I installed a new version of IBM Java

# rpm -qi java-1_8_0-ibm
Version     : 1.8.0_sr5.10
Release     : 30.24.1
Source RPM  : java-1_8_0-ibm-1.8.0_sr5.10-30.24.1.nosrc.rpm
Build Date  : Sun 18 Mar 2018 02:44:37 PM MDT

And now I'm getting this error message

Caused by: java.lang.SecurityException: Cannot locate policy or framework files!
    at javax.crypto.b.c(Unknown Source)
    ...

The previous version I was using was not showing the same failure

# rpm -qi java-1_8_0-ibm
Version     : 1.8.0_sr5.10
Release     : 30.16.1
Source RPM  : java-1_8_0-ibm-1.8.0_sr5.10-30.16.1.nosrc.rpm
Build Date  : Tue 27 Feb 2018 10:22:44 AM MST

The release notes say

Solution

  • The RPM file list contains both limited and unlimited policy files

    # rpm -ql java-1_8_0-ibm
/usr/lib64/jvm-private/java-1.8.0-ibm/jce/vanilla/limited/US_export_policy.jar
/usr/lib64/jvm-private/java-1.8.0-ibm/jce/vanilla/limited/local_policy.jar
/usr/lib64/jvm-private/java-1.8.0-ibm/jce/vanilla/unlimited/US_export_policy.jar
/usr/lib64/jvm-private/java-1.8.0-ibm/jce/vanilla/unlimited/local_policy.jar

    For Java 8.0.5.10, Java 7.1.4.20, Java 7.0.10.20, Java 6.1.8.60, and onward, the restricted policy files are the default.

    This explains why the limited policy files are now symlinked.

    The fix for me was to specify the unlimited policy files using:

    -Dcom.ibm.security.jurisdictionPolicyDir=/usr/lib64/jvm-private/java-1.8.0-ibm/jce/vanilla/unlimited