Translate

September 10, 2013

Enable compression on Tomcat

The challenge

You always want your web application to load as fast as possible. One of the recommandation is to enable compression to reduce the number of bytes sent over the network. And here is how you do so in Tomcat

The solution

Edit your server.xml (location varies depending on the distribution but you can usually find it under %tomcat_home%/conf). Find the connectors you are using (there may be more than one) and add the part marked in red so the connector looks like this:

   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"  
         maxThreads="150" scheme="https" secure="true"  
         clientAuth="false" sslProtocol="TLS"  
         compression="on" compressionMinSize="10"  
         noCompressionUserAgents="gozilla, traviata"  
         compressableMimeType="text/html,text/xml,text/javascript,text/css,application/javascript" />

Restart tomcat and you are good to go.
Posted by at No comments:
Labels: , , ,

September 3, 2013

Caused by: java.security.InvalidKeyException: Illegal key size

Java Crypto Error

The problem

You may come across a stack trace saying java.security.InvalidKeyException: Illegal key size when using some encryption library and wonder why.  Here is an example:
java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key
 at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:110)
 at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:65)
 at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:36)
 at ..........
Caused by: java.security.InvalidKeyException: Illegal key size
 at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1024)
 at javax.crypto.Cipher.implInit(Cipher.java:790)
 at javax.crypto.Cipher.chooseProvider(Cipher.java:849)
 at javax.crypto.Cipher.init(Cipher.java:1348)
 at javax.crypto.Cipher.init(Cipher.java:1282)

The reason

There can be multiple reason but this is usually due to a missing implementation of the encryption algorithm or some restriction in key length from old times.

The solution

Quite simply, you need to add the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files". You can get it from here for Java 7 and here for Java 6. Just unpack it and copy the jar files to </path/to/jre>/lib/security/ and restart your application.
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)