mydownload128
发贴: 0
积分: 0
|
于 2003-03-08 11:45
Grant Permission ================
Grant the permission to jce1_2_2.jar. The java.security.AllPermission should be granted to the JCE 1.2.2 framework (jce1_2_2.jar). Edit the java.policy file in x:\jre_installdir\lib\security and add this statement: grant codeBase "file:///D:\JCE1.2.2\lib\jce1_2_2.jar" { permission java.security.AllPermission; };
Grant the permission to sunjce_provider.jar. The following permissions should be granted to the SunJCE provider (and other JCE providers if you are using another vendor’s implementation): java.io.FilePermission to read the sunjce_provider.jar file java.lang.RuntimePermission to get class protection domains java.security.SecurityPermission to put (set) provider properties Edit the java.policy file in x:\jre_installdir\lib\security and add this statement:
grant codeBase "file:///D:\JCE1.2.2\lib\sunjce_provider.jar" { permission java.io.FilePermission "D:\JCE1.2.2\lib\sunjce_provider.jar", "read"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.security.SecurityPermission "putProviderProperty.SunJCE"; };
Register JCE provider ================
Register the Sun JCE provider, which you can do either statically or dynamically:
Static registration
Add the Sun JCE provider to your list of approved providers by editing the security properties file java.security in x:\jre_installdir\lib\security\. The java.security file should have a statement for each provider to be registered statically. Each such statement declares a provider and specifies its preference order n, which is the order in which providers are searched for requested algorithms when no specific provider is requested. Preference order 1 is the most preferred, followed by 2, and so on.
In the JRE for WAS 4.03, Sun, IBMJCE, and IBM JSSE have already been configured as static providers:
security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.crypto.provider.IBMJCE security.provider.3=com.ibm.jsse.JSSEProvider
These three security providers may have implemented the algorithms you need. Therefore, you may not need another security provider for your applications. These three security providers are needed for the WebSphere Test Environment. Do not replace or remove these three lines, or the WebSphere Test Environment may fail to start up properly.
To configure other providers, follow those three security providers with other lines of the proper format, replacing the class name with the fully qualified master class name you obtain from the provider vendor, and entering the priority that you want to assign to the provider. For example, to configure Sun JCE as your #4 preferred provider, add the following line to the java.security file after the line for the Sun provider:
security.provider.4=com.sun.crypto.provider.SunJCE
Dynamic registration
To register the SunJCE provider dynamically, add the following lines of code at the beginning of your program:
Security.addProvider( new com.sun.crypto.provider.SunJCE());
The above code will add the Sun JCE provider as the last-approved security provider in the security registry. Since different providers may implement the same algorithms, if the Sun JCE provider is the last one in the preference order, and no specific provider is requested, the Sun JCE provider may not be picked as the service provider for algorithms that are also implemented by other providers. Therefore, you may want to add the Sun JCE provider as the first one in the approved list by using this code:
Security.insertProviderAt( new com.sun.crypto.provider.SunJCE(),1);
Add jar files to classpath ===================
you also need to add jce1_2_2.jar and sunjce_provider.jar into the classpath of the server instance
That's
|