WAS v8.5 > Reference > Administrator best practices

Example: Running the thin or pluggable application client with security enabled

Your Java thin application client no longer needs additional code to set security providers if we have enabled security for the WebSphere Application Server instance. This code found in iSeries Java thin or pluggable application clients should be removed to prevent migration and compatibility problems. The java.security file from your WebSphere instance in the properties directory is now used to configure the security providers.

The security providers were set programmatically in the main() method and occurred prior to any code that accessed enterprise beans:

import java.security.*;
  ...
  if (System.getProperty("os.name").equals("OS/400")) {

    // Set the default provider list first.
    Provider jceProv = null;
    Provider jsseProv = null;
    Provider sunProv = null;

    // Allow for when the Provider is not needed, when 
    // it is not in the client application's classpath.
    try {
      jceProv = new com.ibm.crypto.provider.IBMJCE();
    }
    catch (Exception ex) {
 ex.printStackTrace();
    throw new Exception("Unable to acquire provider.");
 }

    try {
      jsseProv = new com.ibm.jsse.JSSEProvider();
    }
    catch (Exception ex) {
 ex.printStackTrace();
    throw new Exception("Unable to acquire provider.");
 }

    try {
      sunProv = new sun.security.provider.Sun();
    }
    catch (Exception ex) {
 ex.printStackTrace();
    throw new Exception("Unable to acquire provider.");
 }

    // Enable providers early and ahead of other providers     // for consistent performance and function.
    if ( (null != sunProv) && (1 != Security.insertProviderAt(sunProv, 1)) ) {
      Security.removeProvider(sunProv.getName());
      Security.insertProviderAt(sunProv, 1);
    }
    if ( (null != jceProv) && (2 != Security.insertProviderAt(jceProv, 2)) ) {
      Security.removeProvider(jceProv.getName());
      Security.insertProviderAt(jceProv, 2);
    }
    if ( (null != jsseProv) && (3 != Security.insertProviderAt(jsseProv, 3)) ) {
      Security.removeProvider(jsseProv.getName());
      Security.insertProviderAt(jsseProv, 3);
    }

    // Adjust default ordering based on admin/startstd properties file.
    // Maximum allowed in property file is 20.
    String provName;
    Class  provClass;
    Object provObj =  null;

    for (int i = 0; i < 21; i++) {
      provName = System.getProperty("os400.security.provider."+ i);

      if (null != provName) {

        try {
          provClass = Class.forName(provName);
          provObj = provClass.newInstance();
        }
        catch (Exception ex) {
          // provider not found
          continue;
        }

        if (i != Security.insertProviderAt((Provider) provObj, i)) {

          // index 0 adds to end of existing list           if (i != 0) {
            Security.removeProvider(((Provider) provObj).getName());
            Security.insertProviderAt((Provider) provObj, i);
          }
        }
      } // end if (null != provName)
    } // end for (int i = 0; i < 21; i++)
  } // end if ("os.name").equals("OS/400")


Related


Develop stand-alone thin client applications


+

Search Tips   |   Advanced Search