Using a custom JCA provider in Java 11 and JBoss EAP 7

Solution Unverified - Updated

Environment

  • Red Hat JBoss Enteprise Application Platform (EAP) 7
  • Java or OpenJDK 11
  • Configuring a custom Java Cryptography Extension (JCE) plugin

Issue

  • The ext directory from Java 8 has been removed
  • Configure the custom JCE extension
  • JCE extensions use -cp, but JBoss EAP starts with -jar and this is mutually exclusive

Resolution

To install a custom JCE provider you would need to do the following:

module add --name=com.mycompany.myprovider --resources=/path/to/provider.jar:/path/to/additional-jar.jar
/subsystem=elytron/provider-loader=MyProviderName:add(module=com.mycompany.myprovider)

If your jar files do not do service discovery by including a file named META-INF/services/java.security.Provider to provide the provider class-name, add class-names to the provider-loader:

/subsystem=elytron/provider-loader=MyProviderName:add(module=com.mycompany.myprovider, class-names=[com.mycompany.myprovider.Impl])

Then to use it add it to list of available providers use either of the following:

/subsystem=elytron:write-attribute(name=final-providers,value=MyProviderName)
/subsystem=elytron:write-attribute(name=initial-providers,value=MyProviderName)

Using final-providers adds it at the end, using initial-providers adds it at the beginning. This replaces registering the provider in java.security file.

Root Cause

The ext directory was removed in OpenJDK for installing Java extensions like Java Cryptography Extensions and the instructions are to use -classpath to register additional providers. However, EAP uses -jar in it's start scripts and this is mutually exclusive with -classpath.

Because of this JBoss EAP through Elytron is now responsible for initializing a JCE provider, but this means that the provider will not be available until after Elytron initializes. Because of this, java agents, for example, will not have access to the provider.

SBR
Product(s)
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.