WebSphere Application Server, Version 5.1 includes the IBM Developer Kit, Java Technology Edition Version 1.4.x, which contains changes to the IBM Developer Kit, Java Technology Edition Version 1.3.x. This document is intended to assist application developers and system administrators in understanding the changes.
Security packaging changes in IBM Developer Kit, Java Technology Edition Version 1.4.x
In IBM Developer Kit, Java Technology Edition Version 1.4.x, many of the security technologies have been included in the core of the IBM Developer Kit, Java Technology Edition Version 1.4.x. Because of the packaging changes, we are supporting specific java.security configurations for each platform. This document discusses the impact these java.security configuration changes have on each platform.
Security providers for the Windows, Linux, and AIX platforms
The Windows, Linux, and AIX platforms use all of the IBM security provider implementations, which is similar to how IBM Developer Kit, Java Technology Edition Version 1.3.x shipped. Because the security technologies in IBM Developer Kit, Java Technology Edition Version 1.3.x, were not part of the core, these technologies were shipped in the java/jre/lib/ext directory and provided more flexibility in implementing the technologies. Only those JSSE providers configured by WebSphere Application Server are supported.
security.provider.1=com.ibm.crypto.provider.IBMJCE
security.provider.2=com.ibm.jsse.IBMJSSEProvider
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
Security providers for the Sun Solaris environment
In the Sun Solaris environment, by default, we are using the IBM JSSE framework classes. These classes enable you to plug-in the IBMJSSE and IBMJSSE2 providers. You must configure HTTP and JMS transports to use the IBMJSSE2 providers because they use the channel framework (asynchronous network I/O (NIO) APIs from Java SDK 1.4.2). The NIO APIs only work with the IBMJSSE2 provider and the channel framework.
security.provider.1=com.ibm.security.cert.IBMCertPath
security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
security.provider.3=sun.security.provider.Sun
#security.provider.4=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.jsse.IBMJSSEProvider
security.provider.6=com.ibm.jsse2.IBMJSSEProvider2
#security.provider.7=com.ibm.crypto.pkcs11.provider.IBMPKCS11
Security providers for the HP-UX platform
security.provider.1=com.ibm.security.cert.IBMCertPath
security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
security.provider.3=sun.security.provider.Sun
#security.provider.4=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.jsse.IBMJSSEProvider
security.provider.6=com.ibm.jsse2.IBMJSSEProvider2
#security.provider.7=com.ibm.crypto.pkcs11.provider.IBMPKCS11
Changes to the CertPath API package name
In IBM Developer Kit, Java Technology Edition Version 1.3.x, the package for CertPath APIs was javax.security.cert.*. However, in IBM Developer Kit, Java Technology Edition Version 1.4.x, the package has changed to java.security.cert.*. While your applications might still work using javax.security.cert.* due to the oldcertpath.jar packaged in ${WAS_INSTALL_ROOT}/java/jre/lib/ext/oldcertpath.jar file, change your applications to use the new package name for CertPath from this point forward. In this release, either package name should work, but it is recommended that you use the correct package, which is java.security.cert.*.
Known problems with IBM Developer Kit, Java Technology Edition Version 1.4.x
For a list of known problems with the various platforms related to the IBM Developer Kit, Java Technology Edition Version 1.4.x changes, please review the release notes for WebSphere Application Server, Version 5.1.
Related tasks
Configuring Secure Sockets Layer
Related reference
Security: Resources for learning