My Oracle Support Banner

[Java SE] JarVerifier Causes "SecurityException: JCE cannot authenticate the provider BC” Inside Spring Boot Environment (Doc ID 2991927.1)

Last updated on DECEMBER 11, 2023

Applies to:

Java SE JDK and JRE - Version 17 and later
Information in this document applies to any platform.


When running a Spring Boot app as a fat jar under JDK 17, using the Bouncy Castle provider results in an exception “SecurityException: JCE cannot authenticate the provider BC” with cause “IllegalStateException: zip file closed”

This issue is noticed (only) on Oracle JDKs where javax.crypto.JarVerifier gets used.



This last worked in JDK 11.0.20.

The issue is found after upgrading to JDK 17, JDK 20, or JDK 21.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.