Ifyou are running the Enterprise Server on version 1.5 of the Java SDK, the JCE provider is
alreadycongured properly. If you are running the Enterprise Server on version 1.4.x of the
JavaSDK, you can add a JCE provider statically as part of your JDK environment, as follows.
1. Downloadand install a JCE provider JAR (Java ARchive) le.
Thefollowing URL provides a list of JCE providers that support RSA encryption:
http://java.sun.com/products/jce/javase_providers.html.
2. Copythe JCE provider JAR le to java-home/jre/lib/ext/.
3. Stopthe Enterprise Server.
Ifthe Enterprise Server is not stopped and then restarted later in this process, the JCE
providerwill not be recognized by the Enterprise Server.
4. Editthe java-home/jre/lib/security/java.security properties le in any text editor.
Addthe JCE provider you’ve just downloaded to this le.
Thejava.security le contains detailed instructions for adding this provider. Basically,
youneed to add a line of the following format in a location with similar properties:
security.provider.n=provider-class-name
Inthis example, nis the order of preference to be used by the Enterprise Server when
evaluatingsecurity providers. Set nto 2for the JCE provider you’ve just added.
Forexample, if you’ve downloaded The Legion of the Bouncy Castle JCE provider, you
wouldadd this line.
security.provider.2=org.bouncycastle.jce.provider.
BouncyCastleProvider
Makesure that the Sun security provider remains at the highest preference, with a value of 1.
security.provider.1=sun.security.provider.Sun
Adjustthe levels of the other security providers downward so that there is only one security
providerat each level.
Thefollowing is an example of a java.security le that provides the necessary JCE
providerand keeps the existing providers in the correct locations.
security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.
BouncyCastleProvider
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.rsajca.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
5. Saveand close the le.
ConguringtheEnterprise Ser ver forMessage S ecurity
SunGlassFishEnterprise Ser ver2.1 Administration Guide • December 2008136