• Post Reply Bookmark Topic Watch Topic
  • New Topic

Local and Export Security Policy JARs Question  RSS feed

 
Matthew McFarland
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm not sure if there's a better section in the forum for this to go to, so I apologize in advance if this needs to be moved.

I have made a Password Manager in Java, and I am in the process of creating the installer. In order to use the Password Manager, the user has to replace the default local and export policy JARs in the JRE with the unlimited strength files that can be downloaded from here (if using Java 8): http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

This is a very tedious process, and something that is unacceptable for a non-technical user to have to go through. So, I'd like this to be done in the installation process, and I know how I'm going to do it.

However, upon my research, I stumbled upon this Stack Overflow article: https://stackoverflow.com/questions/41580489/how-to-install-unlimited-strength-jurisdiction-policy-files

In the comments, it is suggested that creating an installer that automatically moves these files into the JRE might violate Oracle's terms of use.

So my question is: Does anyone know for sure if it is a violation of Oracle's terms of service to move the unlimited strength security policy files into the JRE automatically during an installation?

Some guidance would be appreciated, as I certainly don't want to be ruffling Oracle's feathers.

Thank you!
 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 37256
519
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Matthew,
I'm not sure either without reading them but it does seem like it would violate the TOS. Why you ask?
  • These jars can't be distributed to certain countries
  • You'd be redistributing the jars
  •  
    Matthew McFarland
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Hi Jeanne,

    I am trying to create an installer so that everything is handled easily for non-technical users of my password manager. Having to download the JARs isn't a big deal, but the part where you have to manually place the JARs in the security folder of the JRE might turn off non-technical users. I'm just trying to make the process as simple as possible by handling this step in the installer, but if it violates Oracle's TOS then I won't. And it seems like, from the points you mentioned, that it certainly would be a violation of TOS if I did this for the user in my installer.
     
    Campbell Ritchie
    Marshal
    Posts: 55793
    164
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Have you taken legal advice or (maybe simpler ‍) asked Oracle?

    And welcome to the Ranch
     
    Matthew McFarland
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Thank you! 

    I have not taken any legal advice, nor have I asked Oracle. I looked into the Oracle community forums before trying here, but the area in which my post would belong in was dead on activity. Perhaps I will try Oracle support, though I did not see any support links for Java.
     
    Campbell Ritchie
    Marshal
    Posts: 55793
    164
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    I think a phone call might be more appropriate than fora. Be sure to tell us what they say.
     
    Matthew McFarland
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    I have been thinking about this, and I have thought of a workaround. I will probably still call Oracle just to see if I can get an answer from them about my question here, but here is what I thought of:


    1. During installation, provide a window with a link, and prompt user to download the local and security policy JARs from Oracle's website.

    2. Once completed, user clicks 'next' to advance to the next step of the installation.

    3. On click of the next button, the computer is searched for the local and security policy JAR files, while ignoring the already existing limited strength JARs included with the JRE.

    4. If the new files are found, move them over to the JRE's security directory.

    5. Else, inform the user that the files could not be found, and to try downloading the JARs again.



    Just a thought of a workaround if my original idea doesn't work.
     
    Stephan van Hulst
    Saloon Keeper
    Posts: 7821
    142
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    I like it. I think it should not violate any license agreements.
     
    Matthew McFarland
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    So I have finally been able to attempt Oracle... only to be redirected to people who cannot answer my question, and forward me to someone else. I will just go with the work around I proposed in my previous post. Thanks to all who helped!
     
    With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!