On 06/16/2015 10:40 PM, Valerie Peng wrote:
It's to make the runtime configuration of 3rd party PKCS11 provider easier on non-Solaris systems.With this entry, callers can simply do Security.getProvider("SunPKCS11") and then call Provider.configure with their own configuration file. Otherwise, they will have to use reflection, e.g. Class.forName("sun.security.pkcs11.SunPKCS11") and then call its newInstance() method and then call Provider.configure method. Or, iteration through the ServiceLoader until the SunPKCS11 provider is found. Both doesn't seem very user-friendly in my view.
Agreed, I also think this will provide a better out-of-the-box experience as it avoids having to modify/override the java.security file to add a PKCS11 provider on non-Solaris platforms.
--Sean
