如何在 Websphere 应用程序服务器中添加 SunJSSE 安全提供程序
How to add SunJSSE security provider in a Websphere appserver
我正在尝试使用具有此代码的第三方 JAR:
KeyStore.getInstance("PKCS12", "SunJSSE");
虽然 运行 Websphere Application 服务器中的代码,但它失败并显示
java.security.NoSuchProviderException: no such provider: SunJSSE
IBM 世界中 PKCS12 的提供者是 IBMJCE 提供者。将 SunJSSE 的条目替换为 java.security 文件中的 com.ibm.jsse2.IBMJSSEProvider2 行吗?即使是这样,那是完成这项工作的最佳方式吗?
在这里回答我自己的问题。
Would replacing the entry for SunJSSE to com.ibm.jsse2.IBMJSSEProvider2 in java.security file work?
是的。
Even if it does, is that the best way to make this work?
没有。来自IBM的原因。
IBM does not support problems with Sun's or other third party JSSE or JCE code. Only the IBM JSSE and JCE providers are supported.
WebSphere supports the JSSE and JCE "provider framework", which means that multiple providers can be "plugged in". This means customers should be able to plug in Sun's (or other providers) JSSE or JCE into IBM's framework. If it cannot be plugged in to the framework, then IBM will investigate problems with the framework only.
强制提供者是一个错误 practice.Oracle 文档是这样说的
here
General purpose applications SHOULD NOT request cryptographic services from specific providers
getInstance("...", "SunJCE"); // not recommended
// ... versus ...
getInstance("..."); // recommended
我遇到问题的第三方 jar 是 opensourse 因此,我可以提出更改并替换有问题的代码。
我正在尝试使用具有此代码的第三方 JAR:
KeyStore.getInstance("PKCS12", "SunJSSE");
虽然 运行 Websphere Application 服务器中的代码,但它失败并显示
java.security.NoSuchProviderException: no such provider: SunJSSE
IBM 世界中 PKCS12 的提供者是 IBMJCE 提供者。将 SunJSSE 的条目替换为 java.security 文件中的 com.ibm.jsse2.IBMJSSEProvider2 行吗?即使是这样,那是完成这项工作的最佳方式吗?
在这里回答我自己的问题。
Would replacing the entry for SunJSSE to com.ibm.jsse2.IBMJSSEProvider2 in java.security file work?
是的。
Even if it does, is that the best way to make this work?
没有。来自IBM的原因。
IBM does not support problems with Sun's or other third party JSSE or JCE code. Only the IBM JSSE and JCE providers are supported.
WebSphere supports the JSSE and JCE "provider framework", which means that multiple providers can be "plugged in". This means customers should be able to plug in Sun's (or other providers) JSSE or JCE into IBM's framework. If it cannot be plugged in to the framework, then IBM will investigate problems with the framework only.
强制提供者是一个错误 practice.Oracle 文档是这样说的 here
General purpose applications SHOULD NOT request cryptographic services from specific providers
getInstance("...", "SunJCE"); // not recommended
// ... versus ...
getInstance("..."); // recommended
我遇到问题的第三方 jar 是 opensourse 因此,我可以提出更改并替换有问题的代码。