Java开发网 Java开发网
注册 | 登录 | 帮助 | 搜索 | 排行榜 | 发帖统计  

您没有登录

» Java开发网 » Java Security » 精华区  

按打印兼容模式打印这个话题 打印话题    把这个话题寄给朋友 寄给朋友    该主题的所有更新都将Email到你的邮箱 订阅主题
flat modethreaded modego to previous topicgo to next topicgo to back
作者 请教:如何在websphere4.0.3环境上使用第三方JCE Provider
cckoan

Smoking

CJSDN高级会员


发贴: 253
积分: 130
于 2003-01-13 10:25 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
制作了一个jce provider,基于SUN JCE 1.2.1规范,在SUN JDK 1.3.1系列,SUN JDK 1.4系列下完全可用,可是在Websphere 4.0.3下的IBM JDK 1.3.1上就是挂不上,请教各位高手,有什么特别的设置或说法吗?

cckoan edited on 2003-01-14 09:57

作者 Re:请教:如何在websphere4.0.3环境上使用第三方JCE Provider [Re:cckoan]
menzy



版主


发贴: 754
积分: 113
于 2003-01-15 08:49 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
IBM JDK和 SUN JDK其实并不完全一样,最明显的例子就是,IBM发布的CD,如果用application/applet方式自动运行,肯定不能在sun jre下面正常运转。


作者 Re:请教:如何在websphere4.0.3环境上使用第三方JCE Provider [Re:cckoan]
cckoan

Smoking

CJSDN高级会员


发贴: 253
积分: 130
于 2003-01-15 09:01 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
这个我知道,而且在大型项目开发过程中,通过比较,IBM的JDK比SUN的要快很多。可是,IBM的JDK中,JCE也是遵循1.2.1规范的,为什么就不行呢?
SUN jdk 下,只需将jce provider放到jre\lib\ext下,然后修改jre\lib\security\java.security文件就可以挂上,IBM的就是不行,郁闷!


作者 Re:请教:如何在websphere4.0.3环境上使用第三方JCE Provider [Re:cckoan]
mydownload128



发贴: 0
积分: 0
于 2003-03-08 11:45 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
Grant Permission
================

Grant the permission to jce1_2_2.jar. The java.security.AllPermission should be granted to the JCE 1.2.2 framework (jce1_2_2.jar). Edit the java.policy file in x:\jre_installdir\lib\security and add this statement:
grant codeBase "file:///D:\JCE1.2.2\lib\jce1_2_2.jar" {
permission java.security.AllPermission;
};

Grant the permission to sunjce_provider.jar. The following permissions should be granted to the SunJCE provider (and other JCE providers if you are using another vendor’s implementation):
java.io.FilePermission to read the sunjce_provider.jar file
java.lang.RuntimePermission to get class protection domains
java.security.SecurityPermission to put (set) provider properties
Edit the java.policy file in x:\jre_installdir\lib\security and add this statement:

grant codeBase "file:///D:\JCE1.2.2\lib\sunjce_provider.jar" {
permission java.io.FilePermission
"D:\JCE1.2.2\lib\sunjce_provider.jar", "read";
permission java.lang.RuntimePermission
"getProtectionDomain";
permission java.security.SecurityPermission
"putProviderProperty.SunJCE";
};

Register JCE provider
================

Register the Sun JCE provider, which you can do either statically or dynamically:

Static registration

Add the Sun JCE provider to your list of approved providers by editing the security properties file java.security in x:\jre_installdir\lib\security\. The java.security file should have a statement for each provider to be registered statically. Each such statement declares a provider and specifies its preference order n, which is the order in which providers are searched for requested algorithms when no specific provider is requested. Preference order 1 is the most preferred, followed by 2, and so on.

In the JRE for WAS 4.03, Sun, IBMJCE, and IBM JSSE have already been configured as static providers:

security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.jsse.JSSEProvider

These three security providers may have implemented the algorithms you need. Therefore, you may not need another security provider for your applications. These three security providers are needed for the WebSphere Test Environment. Do not replace or remove these three lines, or the WebSphere Test Environment may fail to start up properly.

To configure other providers, follow those three security providers with other lines of the proper format, replacing the class name with the fully qualified master class name you obtain from the provider vendor, and entering the priority that you want to assign to the provider. For example, to configure Sun JCE as your #4 preferred provider, add the following line to the java.security file after the line for the Sun provider:

security.provider.4=com.sun.crypto.provider.SunJCE

Dynamic registration

To register the SunJCE provider dynamically, add the following lines of code at the beginning of your program:

Security.addProvider(
new com.sun.crypto.provider.SunJCE());

The above code will add the Sun JCE provider as the last-approved security provider in the security registry. Since different providers may implement the same algorithms, if the Sun JCE provider is the last one in the preference order, and no specific provider is requested, the Sun JCE provider may not be picked as the service provider for algorithms that are also implemented by other providers. Therefore, you may want to add the Sun JCE provider as the first one in the approved list by using this code:

Security.insertProviderAt(
new com.sun.crypto.provider.SunJCE(),1);

Add jar files to classpath
===================

you also need to add jce1_2_2.jar and sunjce_provider.jar into the classpath of the server instance

That's



flat modethreaded modego to previous topicgo to next topicgo to back
  已读帖子
  新的帖子
  被删除的帖子
Jump to the top of page

   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923