EJB using JCE
Hello everyone....
Recently I've been trying to use JCE 1.2 in order to decrypt
a username. This is supposed to be done through a jsp invoking a bussiness method through the bean's remote interface. However, when dynamically creating a provider through :
SunJCE newProvider=new SunJCE();
the server throws the following exception:
java.security.AccessControlException: access denied (java.security.SecurityPermission putProviderProperty.SunJCE)
My guess is that this has to do either with the java.security / java.policy files in the System or with
the server.policiy / client.policy files in the Application server lib\security folder.
Has anyone managed to do this ?Any help would be greatly appreciated....
Thanx to all...
Glenn
You are trying to dynamically register the SunJCE provider and this can only be done by a trusted program. That's why your program is not allowed to do it. The alternative is to statically register it by adding a line to the config file java.security that looks like this:
security.provider.2=com.sun.crypto.provider.SunJCE
yilin at 2007-6-29 11:30:35 >
If you really want dynamic registration, the easy way is to copy all the jce jar files (including sunjce_provider.jar) to your jre/lib/ext
If you still do not like the solution and want to keep the jar files in your own directories, then do the following hard way:
assuming the JCE 1.2.1 framework is in /jdk1.3.1/jre/lib/ext and the sunjce_provider.jar file is assumed to be in the /localWork directory.
grant codeBase "file:/localWork/sunjce_provider.jar" {
permission java.io.FilePermission
"/jdk1.3.1/jre/lib/ext/jce1_2_1.jar", "read";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.security.SecurityPermission
"putProviderProperty.SunJCE";
};
If you choose the installation option where both the JCE 1.2.1 framework and JCE providers are on the class path, you will need to grant provider permissions (as above) and also grant the following permission to the JCE 1.2.1 framework:
java.security.AllPermission
Below is a sample statement granting this permission. In this example, the JCE 1.2.1 framework is assumed to be in the /home/mydir/working directory.
grant codeBase "file:/home/mydir/working/jce1_2_1.jar" {
permission java.security.AllPermission;
};
yilin at 2007-6-29 11:30:35 >
