Configuring Security Packages

JavaSecurity Master Property File

JavaSecurity has a master property file, called java.security. That file resides in the security properties directory, in java.home/lib/security. Known properties are:

security.provider.n=className

Declares a security provider, and specifies its preference order n. The preference order is the order in which providers are searched for requested algorithms (when no specific provider is requested). The order is 1-based; 1 is the most preferred, followed by 2, and so on.

className must specify the subclass of the Provider class whose constructor sets the values of various properties that are required for the JavaSecurity API to look up the algorithms or other facilities implemented by the provider.

There must be at least one provider specification in java.security. There is a default provider that comes standard with the JDK. It is called the Sun Security Provider, and it is specified in the file via the following:

security.provider.1=sun.security.provider.Sun

system.scope=className

Declares which class to instantiate as the default system scope. For example, the following specifies the IdentityDatabase class from the sun.security.provider package:

system.scope=sun.security.provider.IdentityDatabase

You can view the current JDK 1.1 java.security file.

Registering Providers

To register a provider, you must

• Create a subclass of the Provider class. The constructor of the subclass must set the values of various properties that are required for the JavaSecurity API to look up the algorithms or other facilities implemented by the provider. That is, it must specify the names of the classes implementing the algorithms. For example, for each signature algorithm implemented by a provider, there must be a property named

  Sig.algName

  (where algName is the name of the algorithm) whose value is the name of the class implementing the algorithm. (See algorithm names for the standard algorithm names to be used.)

  As an example, the Sun Security Provider implements a Digital Signature Algorithm (DSA) in a class named DSA in the sun.security.provider package. So its subclass of Provider (which is sun.security.provider.Sun) sets the Sig.DSA property via the following:

  put("Sig.DSA", "sun.security.provider.DSA")

  You can view the current JDK 1.1 Sun.java source file (in the sun.security.provider package) to see how its Sun class constructor sets all the properties for the Sun Security Provider.

  Note: The Provider subclass can get its information from wherever it wants. Thus, the information can be hard-wired in, or retrieved at runtime, e.g., from a file.

• Register the provider either statically or dynamically:
  • Statically: Specify the Provider subclass name and priority in the java.security file in java.home/lib/security. For example, the Sun Security Provider's subclass named Sun is specified via

    security.provider.1=sun.security.provider.Sun

    (The number 1 is used for the default provider.) Statically registered Provider subclasses are instantiated when the system is initialized.

  • Dynamically: Call either the addProvider or insertProviderAt method in the Security class.