Hi everyone.  I'm new to jboss internals so I was hoping someone could help me out, because I don't know how to set this up.   I have a jboss 4.0.5 environment running a bunch of different types of applications.  One of these applications makes https calls out to a third-party.  Due to the nature of the traffic, the development team wants to install the unlimited encryption strength version of jce--they want the third-party requests to be encrypted at 256 bits.

So, the developers want me to install the unlimited strength JCE jar's within the JVM as per the installation instructions.  I can do this obviously but operationally speaking, if there is a dependency that is outside of jboss and outside of the actual application server, if the server is refreshed or if java is upgraded, chances are very good that jvm lib changes are going to be forgotten about and the application will be broken.

I'd much rather see these jar's included within the application's lib or within jboss's lib directory but what I don't understand is where these should be added and how I can ensure that they will be used by the application over the "strong" versions that are bundled with the jvm.

Has anyone cracked this nut in the past and could point me in the right direction?  At this point in time, it doesn't necessarily matter if all other applications running within the application server "inherit" the unlimited strength encryption jars.