tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From psalazar <pedro-b-sala...@ptinovacao.pt>
Subject Re: tomcat4+jdk1.4.1+security providers
Date Mon, 21 Oct 2002 17:41:22 GMT
I believe that it's true. I have defined in java.security the default 
providers that come in JDK1.4.1:

security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider

It appears that only SunJCE implements DES algorithm, and when I list my 
providers by running it in local shell without any hard-coded addProvider 
SunJCE, they are all listed. But, when I do the same thing but in 
tomcat environment, they all appears but the SunJCE!!!

What differences exists between SunJCE and the others? I think SunJCE it's 
the only one that has a jar in jre/lib/ext! Probably, by any feature/bug of 
tomcat, it won't run until we put hard-coded the addProvider method. One 
way to explain this is that the jar files inside jre/lib/ext are not used
inside tomcat. 

So, when this happen how should we force tomcat to load at "bootstrap 
time" the sunjce_provider.jar? It's clear that in common/lib it won't 
work... I already tried put it in server/lib/ and lib/ in tomcat 
directory.

Any suggestions?

thanks,
Pedro Salazar.

On Mon, 21 Oct 2002, Jean-Francois Arcand wrote:> 
> 
> psalazar wrote:
> 
> >I solved my problem:
> >
> >I didn't put the sunjce_provider.jar in ${tomcat.home}/common/lib/ and
> I
> >must add the SunJCE provider hardcoded before use the DES algorithm.
> >
> >java.security.Security.addProvider(new
> com.sun.crypto.provider.SunJCE());
> >
> >The cool thing would be add the SunJCE provider (or other provider!!)
> in a
> >dynamic way without any hardcoded line adding the provider! It works
> but
> >only in a shell command line (probably because jre/lib/ext classpath
> and
> >other security features not defined in tomcat environment).
> >
> What do you mean? The provider is defined in 
> jre/lib/security/java.security but you cannot use it directly (you have 
> to create the instance)? If that's true, then its a bug. Everything 
> defined in java.security should be availble in Tomcat.
> 
> -- Jeanfrancois
> 


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message