Tune Web services security for V6.1 applications
The Java Cryptography Extension (JCE) is integrated into the software development kit (SDK) V1.4.x and is no longer an optional package. However, the default JCE jurisdiction policy file shipped with the SDK enables you to use cryptography to enforce this default policy.
Overview
Due to export and import regulations, the default JCE jurisdiction policy file shipped with the SDK enables you to use strong, but limited, cryptography only. To enforce this default policy, WAS uses a JCE jurisdiction policy file that might introduce a performance impact. The default JCE jurisdiction policy might have a performance impact on the cryptographic functions that are supported by Web services security. If you have Web services applications that use transport level security for XML encryption or digital signatures, you might encounter performance degradation over previous releases of WAS. However, IBM and Sun Microsystems provide versions of these jurisdiction policy files that do not have restrictions on cryptographic strengths. If you are permitted by your governmental import and export regulations, download one of these jurisdiction policy files. After downloading one of these files, the performance of JCE and Web services security might improve.
For WAS platforms using IBM Developer Kit, Java Technology Edition V5, including the AIX, Linux, and Windows platforms, you can obtain unlimited jurisdiction policy files by completing the following steps:
- Go to the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html
- Click J2SE 5.0
- Scroll down and click IBM SDK Policy files.
The Unrestricted JCE Policy files for the SDK Web site is displayed.
- Click Sign in and provide your IBM intranet ID and password or register with IBM to download the files.
- Select the appropriate Unrestricted JCE Policy files and then click Continue.
- View the license agreement and then click I Agree.
- Click Download Now.
For WebSphere Application Server platforms using the Sun-based Java Development Kit (JDK) V5, including the Solaris environments and the HP-UX platform, you can obtain unlimited jurisdiction policy files by completing the following steps:
- Go to the following Web site: http://java.sun.com/j2se/1.5.0/download.jsp
- Click Other Downloads.
- Locate the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 1.5.1 information and click Download. The policy files are downloaded onto your machine.
Results
After following these steps, two Java Archive (JAR) files are placed in the JVM jre/lib/security/ directory.
What to do next
In IBM WAS V6.1 and later, Web services security supports the use of cryptographic hardware devices. There are two ways in which to use hardware cryptographic devices with Web services security. See Hardware cryptographic device support for Web Services Security for more information.
Related concepts
Hardware cryptographic device support for Web Services Security
Related tasks
Securing Web services applications using JAX-RPC at the message level