I believe that it's true. I have defined in java.security the default
providers that come in JDK1.4.1:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
It appears that only SunJCE implements DES algorithm, and when I list my
providers by running it in local shell without any hard-coded addProvider
SunJCE, they are all listed. But, when I do the same thing but in
tomcat environment, they all appears but the SunJCE!!!
What differences exists between SunJCE and the others? I think SunJCE it's
the only one that has a jar in jre/lib/ext! Probably, by any feature/bug of
tomcat, it won't run until we put hard-coded the addProvider method. One
way to explain this is that the jar files inside jre/lib/ext are not used
inside tomcat.
So, when this happen how should we force tomcat to load at "bootstrap
time" the sunjce_provider.jar? It's clear that in common/lib it won't
work... I already tried put it in server/lib/ and lib/ in tomcat
directory.
Any suggestions?
thanks,
Pedro Salazar.
On Mon, 21 Oct 2002, Jean-Francois Arcand wrote:>
>
> psalazar wrote:
>
> >I solved my problem:
> >
> >I didn't put the sunjce_provider.jar in ${tomcat.home}/common/lib/ and
> I
> >must add the SunJCE provider hardcoded before use the DES algorithm.
> >
> >java.security.Security.addProvider(new
> com.sun.crypto.provider.SunJCE());
> >
> >The cool thing would be add the SunJCE provider (or other provider!!)
> in a
> >dynamic way without any hardcoded line adding the provider! It works
> but
> >only in a shell command line (probably because jre/lib/ext classpath
> and
> >other security features not defined in tomcat environment).
> >
> What do you mean? The provider is defined in
> jre/lib/security/java.security but you cannot use it directly (you have
> to create the instance)? If that's true, then its a bug. Everything
> defined in java.security should be availble in Tomcat.
>
> -- Jeanfrancois
>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
