HCL Commerce Version 9.1.9.0

Troubleshooting: JCEPlus security provider

The JCEPlus security provider is configured as the default security provider since Java 8 SR7, used in HCL Commerce from the 9.1.9.0 release. The JCEPlus provider was observed to have a native memory leak under some scenarios.

Problem

The JCEPlus security provider that is included with the version of the IBM Java SDK and packaged with HCL Commerce was observed to have a native memory leak under some scenarios.

Due to this memory leak, pod restarts can be observed when the memory used by the pod exceeds the limit. In this case Kubernetes might OOMKill the pod.

To diagnose this issue, obtain the Javacores and review the size of the JNI memory.

For example:
3MEMUSER | +--JNI: 605,601,960 bytes / 22071 allocations

Solution

The solution to this issue depends on the HCL Commerce release in question:
  • HCL Commerce Version 9.1.9.0To avoid this issue, choose one of the following solutions:
    • Upgrade to a later version of HCL Commerce that addresses this issue by default.
    • Manually re-order the security provider to prioritize using JCE over JCEPlus in java.security. See the linked IBM resources for further information.
  • HCL Commerce Version 9.1.10.0The default security provider in HCL Commerce 9.1.10.0 was reverted to JCE in java.security to avoid this potential memory leak.
  • HCL Commerce Version 9.1.11.0 or laterThe memory leak was resolved in Java 8 SR 7 FP 10 (8.0.7.10).

    HCL Commerce 9.1.11.0 uses this version of the IBM Java SDK. Therefore JCEPlus is restored as the default security provider.

Result

In most cases, no action is required in order to resolve the performance degredation due to this potential memory leak.