I believe that it's true. I have defined in java.security the default providers that come in JDK1.4.1:
security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.sun.rsajca.Provider security.provider.4=com.sun.crypto.provider.SunJCE security.provider.5=sun.security.jgss.SunProvider It appears that only SunJCE implements DES algorithm, and when I list my providers by running it in local shell without any hard-coded addProvider SunJCE, they are all listed. But, when I do the same thing but in tomcat environment, they all appears but the SunJCE!!! What differences exists between SunJCE and the others? I think SunJCE it's the only one that has a jar in jre/lib/ext! Probably, by any feature/bug of tomcat, it won't run until we put hard-coded the addProvider method. One way to explain this is that the jar files inside jre/lib/ext are not used inside tomcat. So, when this happen how should we force tomcat to load at "bootstrap time" the sunjce_provider.jar? It's clear that in common/lib it won't work... I already tried put it in server/lib/ and lib/ in tomcat directory. Any suggestions? thanks, Pedro Salazar. On Mon, 21 Oct 2002, Jean-Francois Arcand wrote:> > > psalazar wrote: > > >I solved my problem: > > > >I didn't put the sunjce_provider.jar in ${tomcat.home}/common/lib/ and > I > >must add the SunJCE provider hardcoded before use the DES algorithm. > > > >java.security.Security.addProvider(new > com.sun.crypto.provider.SunJCE()); > > > >The cool thing would be add the SunJCE provider (or other provider!!) > in a > >dynamic way without any hardcoded line adding the provider! It works > but > >only in a shell command line (probably because jre/lib/ext classpath > and > >other security features not defined in tomcat environment). > > > What do you mean? The provider is defined in > jre/lib/security/java.security but you cannot use it directly (you have > to create the instance)? If that's true, then its a bug. Everything > defined in java.security should be availble in Tomcat. > > -- Jeanfrancois > -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>