on 06-28-2005 1:22 PM
We changed the crypto provider priority as mentioned in:
http://help.sap.com/saphelp_nw04/helpdata/en/cd/9dd23e6b2c3d67e10000000a114084/frameset.htm
detail we lowered the iaik provider.
But after restarting the server the settings were reset to default. Is there a way to make the changes permanent ?
Thanks. But java.security seems to be like the default. No reference to the iaik provider on the list.
I wonder where WAS takes his information and seems to add it on startup.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You'll have to find where in the code you have a snippet like:
java.security.Security.addProvider(myobj);
where myobj is an instance of java.security.Provider class
It looks like your provider gets loaded dynamically.
It should get loaded after all the static providers.
If you need for a specific cryptographic function to access this provider only specify its name in the function call.
exemple:
import javax.crypto.*;
Cipher mycipher = Cipher.getInstance("mytransfo","myprovidername");
Enjoy
Hi. Sorry I must have pasted the wrong link, I meant that one:
http://help.sap.com/saphelp_nw04/helpdata/en/6d/9538ccd151404babbb8c2f1c39dfec/content.htm
There we changed priority which works at runtime. But after restarting WAS the settings are put back to the default. I cannot see this changes reflected in java.security.
Any hints how to make the changes permanent ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Looks like the link you posted will only allow you to change the runtime config ...ie while the server is running? After the server is stopped have you checked your java.security? What is the order of the providers in there? Has it changed in accordance to your new setup.
At appserver restart time the order will be read as it is in java.security.
Hope it helps
Holger the link you provided shows only the way to change the status at startup of some services. It does not show how to change the order in which the providers are loaded.
Sorry I can't be more specific about the SAP server, however if you look at the generic JCE pages on Sun's website they tell you following:
You should have somewhere on your path:
app/user/machine a file name java.security..
In that file you have entries like:
#
List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
The number in security.provider.# will determine the order of preference in which the providers are loaded and possibly scanned.
If you want to force a specific provider's implementation of a security protocol you might just have to code for that by requesting it.
exemple Cipher.getInstance(protocol, provider)...
or Cipher.getInstance(protocol, "providername")...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.