WebSphere Application Server, Version 5.1 includes the IBM Developer Kit, Java Technology Edition Version 1.4.x, which contains changes to the IBM Developer Kit, Java Technology Edition Version 1.3.x. This document is intended to assist application developers and system administrators in understanding the changes.
In IBM Developer Kit, Java Technology Edition Version 1.4.x, many of the security technologies have been included in the core of the IBM Developer Kit, Java Technology Edition Version 1.4.x. Because of the packaging changes, we are supporting specific java.security configurations for each platform. This document discusses the impact these java.security configuration changes have on each platform.
The Windows, Linux, and AIX platforms use all of the IBM security provider implementations, which is similar to how IBM Developer Kit, Java Technology Edition Version 1.3.x shipped. Because the security technologies in IBM Developer Kit, Java Technology Edition Version 1.3.x, were not part of the core, these technologies were shipped in the java/jre/lib/ext directory and provided more flexibility in implementing the technologies. Only those Java Secure Sockets Extension (JSSE) providers configured by WebSphere Application Server are supported.
security.provider.1=com.ibm.crypto.provider.IBMJCE
security.provider.2=com.ibm.jsse.IBMJSSEProvider
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
In the Sun Solaris environment, by default, we are using the JSSE framework classes. These classes enable you to plug-in the IBMJSSE and IBMJSSE2 providers. You must configure HTTP and JMS transports to use the IBMJSSE2 providers because they use the channel framework, asynchronous network I/O (NIO) application programming interfaces (APIs), from Java SDK 1.4.2). The NIO APIs only work with the IBMJSSE2 provider and the channel framework.
security.provider.1=com.ibm.security.jgss.IBMJGSSProvider
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=sun.security.provider.Sun
security.provider.4=com.ibm.jsse.IBMJSSEProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
security.provider.1=com.ibm.security.jgss.IBMJGSSProvider
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=sun.security.provider.Sun
security.provider.4=com.ibm.jsse.IBMJSSEProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
In IBM Developer Kit, Java Technology Edition Version 1.3.x, the package for CertPath APIs was javax.security.cert.*. However, in IBM Developer Kit, Java Technology Edition Version 1.4.x, the package has changed to java.security.cert.*. While your applications might still work using javax.security.cert.* due to the oldcertpath.jar packaged in ${WAS_INSTALL_ROOT}/java/jre/lib/ext/oldcertpath.jar file, change your applications to use the new package name for CertPath from this point forward. In this release, either package name should work, but it is recommended that you use the correct package, which is java.security.cert.*.
For a list of known problems with the various platforms related to the IBM Developer Kit, Java Technology Edition Version 1.4.x changes, review the release notes for WebSphere Application Server, Version 5.1.