Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

java.security configuring and JSSE

 
Edward Rice
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
We use a version of websphere 4. A part of our webapp is using soap (3rd party) with ssl. For this we need the sun jsse provider and we cannot use the default ibmjsse provider. So when we add the sun jsse and jce libs to jre/ext and change the java.security file, our soap client works fine. There is only one but. If we make give the ibm jsse provider higher priorty over the sun one, things go pear-shaped with our soap client/libs. A business/security requirement is that websphere won't support the sun jsse provider so we have to give the ibm jsse provider a higher priority than the sun provider. Even if we dynamically specify in our soap client that we want to use the sun provider, it goes wrong. There should be a way to sort this, but we're stuck.
Any security expert any ideas?
Thanks a million for even getting to this point!
Ed
p.s.
-This works.
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.ibm.crypto.provider.IBMJCE
security.provider.6=com.ibm.jsse.JSSEProvider

This does not work...
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.rsajca.Provider
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.jsse.JSSEProvider
+ dynamically asking for the sun provider in our soap client.
 
Edward Rice
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An additional question, if you dynamically set the SecurityProvider in your client code, I presume that is set for the complete jre, and not just for that class instance only.
In a multi-threaded environment such as a webserver, this would be problematic I suppose?
Ed
 
Andrew McKeown
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have gotten IBMJSSE to to work with Sun's JDK 1.4.2 and TOMCAT 4.1. This configuration also supports IBM Emerging Technology Toolkit. The entries in java.security are as follows

security.provider.1=sun.security.provider.Sun
security.provider.3=com.ibm.jsse.JSSEProvider
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.sun.rsajca.Provider
security.provider.6=com.ibm.security.cert.IBMCertPath
security.provider.7=com.ibm.security.jgss.IBMJGSSProvider

Further on down set

ssl.KeyManagerFactory.algorithm=IbmX509
ssl.TrustManagerFactory.algorithm=IbmX509

Hope this helps you out.
 
Andrew McKeown
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I forgot to mention that this will also work with Websphere 4.0
 
uud ashr
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, where can I get the IBMJSSE only, without having the IBMJdk?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic