+

Search Tips   |   Advanced Search

Tune Web Services Security for v5.x applications

The Java Cryptography Extension (JCE) policy is integrated into the IBM SDK Version 1.4.x and is no longer an optional package. However, due to export and import regulations, the default JCE jurisdiction policy file shipped with the SDK enables us to use strong, but limited, cryptography only.

To enforce this default policy, WebSphere Application Server uses a JCE jurisdiction policy file that might introduce a performance impact. The default JCE jurisdiction policy might have a performance impact on the cryptographic functions supported by Web Services Security. If we have web services applications that use transport level security for XML encryption or digital signatures, we might encounter performance degradation over previous releases of WAS. However, IBM and Sun Microsystems provide versions of these jurisdiction policy files that do not have restrictions on cryptographic strengths. If we are permitted by your governmental import and export regulations, download one of these jurisdiction policy files. After downloading one of these files, the performance of JCE and Web Services Security might improve.


Tasks

  1. (AIX) (Linux) (Windows) For WAS platforms using IBM Developer Kit, Java Technology Edition, Version 1.4.2, including the AIX, Linux, and Windows platforms, we can obtain unlimited jurisdiction policy files by completing the following steps:

    1. Go to the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.

    2. Click Java 1.4.2.

    3. Click IBM SDK Policy files. The Unrestricted JCE Policy files for SDK 1.4 website is displayed.

    4. Enter your user ID and password or register with IBM to download the policy files. The policy files are downloaded onto the machine.

  2. (Solaris) (HPUX) For WAS platforms using the Sun-based Java SE Development Kit 6 (JDK 6) Version 1.4.2, including the Solaris environments and the HP-UX platform, we can obtain unlimited jurisdiction policy files by completing the following steps:

    1. Go to the following website: http://java.sun.com/j2se/1.4.2/download.html.

    2. Click Other Downloads.
    3. Locate the JCE Unlimited Strength Jurisdiction Policy Files 1.4.2 information and click Download. The policy files are downloaded onto the machine.

  3. (iSeries) For IBM i and IBM Software Development Kit Version 1.4, the tuning of Web Services Security is not required. The unrestricted jurisdiction policy files for IBM SDK Version 1.4 are automatically configured when the prerequisite software is installed.

    1. For IBM i (formerly known as IBM i V5R3), the unrestricted jurisdiction policy files for IBM Software Development Kit Version 1.4 are automatically configured by installing product 5722AC3, Crypto Access Provider 128-bit.

    2. For IBM i 5.4, the unrestricted jurisdiction policy files for IBM SDK Version 1.4 are automatically configured by installing product 5722SS1 Option 3, Extended Base Directory Support.

After following either of these sets of steps, two JAR files are placed in the JVM directory. 

(UNIX) (Linux) jre/lib/security/
(Windows) C:\ibm\jre\lib\security


Related:

  • Secure web services