Tuning Web services security

 

Overview

The Java Cryptography Extension (JCE) is integrated into the software development kit (SDK) version 1.4.x and is no longer an optional package. However, due to export and import regulations, the default Java Cryptography Extension (JCE) jurisdiction policy file shipped with the SDK enables you to use strong, but limited, cryptography only. To enforce this default policy, WebSphere Application Server uses a JCE jurisdiction policy file that introduces a significant performance impact. The default JCE jurisdiction policy has a significant performance impact on the cryptographic functions supported by Web services security. If you have Web services applications that use transport level security for XML encryption or digital signatures, you might encounter performance degradation over previous releases of WebSphere Application Server. However, IBM and Sun Microsystems provide versions of these jurisdiction policy files that do not have restrictions on cryptographic strengths. If you are permitted by your governmental import and export regulations, download one of these jurisdiction policy files. After downloading one of these files, the performance of JCE and Web Services security might improve substantially.

For WebSphere Application Server platforms using IBM Developer Kit, Java Technology Edition V1.4.1, including the AIX, Linux, and Windows platforms, you can obtain unlimited jurisdiction policy files by completing the following steps:

1. Go to the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html

2. Click Java 1.4.1 material

3. Click IBM SDK Policy files.

4. Select Unrestricted JCE Policy files for SDK 1.4.1

5. Enter your user ID and password or register with IBM to download the policy files. The unrestrict.jar files are downloaded onto your machine.

For WebSphere Application Server platforms using IBM Developer Kit, Java Technology Edition V1.4.2, including the AIX, Linux, and Windows platforms, you can obtain unlimited jurisdiction policy files by completing the following steps:

1. Go to the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html

2. Click Java 1.4.2 material

3. Click IBM SDK Policy files.

4. Select Unrestricted JCE Policy files for SDK 1.4.2

5. Enter your user ID and password or register with IBM to download the policy files. The policy files are downloaded onto your machine.

For WebSphere Application Server platforms using the Sun-based Java Development Kit (JDK) V1.4.1, including the Solaris environments and the HP-UX platform, you can obtain unlimited jurisdiction policy files by completing the following steps:

1. Go to the following Web site: http://java.sun.com/j2se/1.4.1/download.html

2. Click Archive area.

3. Locate the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 1.4.1 information and click Download. The jce_policy-1_4_1.zip file is downloaded onto your machine.

For WebSphere Application Server platforms using the Sun-based Java Development Kit (JDK) V1.4.2, including the Solaris environments and the HP-UX platform, you can obtain unlimited jurisdiction policy files by completing the following steps:

1. Go to the following Web site: http://java.sun.com/j2se/1.4.2/download.html

2. Click Archive area.

3. Locate the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 1.4.2 information and click Download. The jce_policy-1_4_1.zip file is downloaded onto your machine.

 

Results

After following either of these sets of steps, two Java Archive (JAR) files are placed in the JVM jre/lib/security/ directory.

---

Securing Web services based on WS-Security
    

 

---