Topic: 请教:如何在websphere4.0.3环境上使用第三方JCE Provider

  Print this page

1.请教:如何在websphere4.0.3环境上使用第三方JCE Provider Copy to clipboard
Posted by: cckoan
Posted on: 2003-01-13 10:25

制作了一个jce provider,基于SUN JCE 1.2.1规范,在SUN JDK 1.3.1系列,SUN JDK 1.4系列下完全可用,可是在Websphere 4.0.3下的IBM JDK 1.3.1上就是挂不上,请教各位高手,有什么特别的设置或说法吗?

2.Re:请教:如何在websphere4.0.3环境上使用第三方JCE Provider [Re: cckoan] Copy to clipboard
Posted by: menzy
Posted on: 2003-01-15 08:49

IBM JDK和 SUN JDK其实并不完全一样,最明显的例子就是,IBM发布的CD,如果用application/applet方式自动运行,肯定不能在sun jre下面正常运转。

3.Re:请教:如何在websphere4.0.3环境上使用第三方JCE Provider [Re: cckoan] Copy to clipboard
Posted by: cckoan
Posted on: 2003-01-15 09:01

这个我知道,而且在大型项目开发过程中,通过比较,IBM的JDK比SUN的要快很多。可是,IBM的JDK中,JCE也是遵循1.2.1规范的,为什么就不行呢?
SUN jdk 下,只需将jce provider放到jre\lib\ext下,然后修改jre\lib\security\java.security文件就可以挂上,IBM的就是不行,郁闷!

4.Re:请教:如何在websphere4.0.3环境上使用第三方JCE Provider [Re: cckoan] Copy to clipboard
Posted by: mydownload128
Posted on: 2003-03-08 11:45

Grant Permission
================

Grant the permission to jce1_2_2.jar. The java.security.AllPermission should be granted to the JCE 1.2.2 framework (jce1_2_2.jar). Edit the java.policy file in x:\jre_installdir\lib\security and add this statement:
grant codeBase "file:///D:\JCE1.2.2\lib\jce1_2_2.jar" {
permission java.security.AllPermission;
};

Grant the permission to sunjce_provider.jar. The following permissions should be granted to the SunJCE provider (and other JCE providers if you are using another vendor’s implementation):
java.io.FilePermission to read the sunjce_provider.jar file
java.lang.RuntimePermission to get class protection domains
java.security.SecurityPermission to put (set) provider properties
Edit the java.policy file in x:\jre_installdir\lib\security and add this statement:

grant codeBase "file:///D:\JCE1.2.2\lib\sunjce_provider.jar" {
permission java.io.FilePermission
"D:\JCE1.2.2\lib\sunjce_provider.jar", "read";
permission java.lang.RuntimePermission
"getProtectionDomain";
permission java.security.SecurityPermission
"putProviderProperty.SunJCE";
};

Register JCE provider
================

Register the Sun JCE provider, which you can do either statically or dynamically:

Static registration

Add the Sun JCE provider to your list of approved providers by editing the security properties file java.security in x:\jre_installdir\lib\security\. The java.security file should have a statement for each provider to be registered statically. Each such statement declares a provider and specifies its preference order n, which is the order in which providers are searched for requested algorithms when no specific provider is requested. Preference order 1 is the most preferred, followed by 2, and so on.

In the JRE for WAS 4.03, Sun, IBMJCE, and IBM JSSE have already been configured as static providers:

security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.jsse.JSSEProvider

These three security providers may have implemented the algorithms you need. Therefore, you may not need another security provider for your applications. These three security providers are needed for the WebSphere Test Environment. Do not replace or remove these three lines, or the WebSphere Test Environment may fail to start up properly.

To configure other providers, follow those three security providers with other lines of the proper format, replacing the class name with the fully qualified master class name you obtain from the provider vendor, and entering the priority that you want to assign to the provider. For example, to configure Sun JCE as your #4 preferred provider, add the following line to the java.security file after the line for the Sun provider:

security.provider.4=com.sun.crypto.provider.SunJCE

Dynamic registration

To register the SunJCE provider dynamically, add the following lines of code at the beginning of your program:

Security.addProvider(
new com.sun.crypto.provider.SunJCE());

The above code will add the Sun JCE provider as the last-approved security provider in the security registry. Since different providers may implement the same algorithms, if the Sun JCE provider is the last one in the preference order, and no specific provider is requested, the Sun JCE provider may not be picked as the service provider for algorithms that are also implemented by other providers. Therefore, you may want to add the Sun JCE provider as the first one in the approved list by using this code:

Security.insertProviderAt(
new com.sun.crypto.provider.SunJCE(),1);

Add jar files to classpath
===================

you also need to add jce1_2_2.jar and sunjce_provider.jar into the classpath of the server instance

That's


   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923