File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes javax.crypto on a servlet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "javax.crypto on a servlet" Watch "javax.crypto on a servlet" New topic

javax.crypto on a servlet

Matt Steedle

Joined: Aug 03, 2011
Posts: 1
My application validates a license file in order for it to work. It does this by calling javax.crypto.Cipher.getInstance("DES","SunJCE") inorder to decipher the license key file.

When I run my application locally everything works fine but when I deploy my application with jboss and get to the point where I want to validate the license file on the servlet, I get the following error:

java.lang.SecurityException: JCE cannot authenticate the provider SunJCE
at javax.crypto.Cipher.getInstance(DashoA13*..)
at javax.crypto.Cipher.getInstance(DashoA13*..)

Like I said, it works fine from command prompt and eclipse, but not as a servlet on jboss. Does anybody have any idea what I need to do? I am using jdk 1.6 and jboss as 7.

Maarten Bodewes

Joined: Aug 04, 2011
Posts: 14
The only thing I can think of is that you somehow refer to a different JCE jar than the one that comes with 1.6, e.g. an older version. It's included in Java so there is no need to supply it. Most of the time, unless you have specific requirements, there is no need to indicate the provider anyway, just let Java look up the first one (it may e.g. be hardware accellerated on servers, or use a native provider such as NSS).

By the way, in 1.7 there is no specific need to sign providers anymore, but the signature still gets validated *if it is present*.
I agree. Here's the link:
subject: javax.crypto on a servlet
It's not a secret anymore!