craigmcc 01/09/12 10:38:47
Modified: catalina/src/bin catalina.bat catalina.sh
webapps/tomcat-docs ssl-howto.xml
Log:
Simplify the process of installing SSL support by the following actions:
* Have SSLSocketFactory register the JSSE provider if needed
(see previous commit)
* Have "catalina.bat" and "catalina.sh" automatically add the JSSE JAR
files to the system classpath used to start Tomcat, if an environment
variable named "JSSE_HOME" is defined.
* Trimmed out the steps that are no longer needed from the HOW-TO docs.
Submitted by: Wolfgang Hoschek <[EMAIL PROTECTED]>
Revision Changes Path
1.18 +10 -2 jakarta-tomcat-4.0/catalina/src/bin/catalina.bat
Index: catalina.bat
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/bin/catalina.bat,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- catalina.bat 2001/08/27 19:10:25 1.17
+++ catalina.bat 2001/09/12 17:38:47 1.18
@@ -16,7 +16,11 @@
rem
rem JAVA_HOME Must point at your Java Development Kit installation.
rem
-rem $Id: catalina.bat,v 1.17 2001/08/27 19:10:25 craigmcc Exp $
+rem JSSE_HOME (Optional) May point at your Java Secure Sockets Extension
+rem (JSSE) installation, whose JAR files will be added to the
+rem system class path used to start Tomcat.
+rem
+rem $Id: catalina.bat,v 1.18 2001/09/12 17:38:47 craigmcc Exp $
rem ---------------------------------------------------------------------------
@@ -65,10 +69,14 @@
rem ----- Set Up The Runtime Classpath ----------------------------------------
set CP=%CATALINA_HOME%\bin\bootstrap.jar;%JAVA_HOME%\lib\tools.jar
+if "%JSSE_HOME%" == "" goto noJsse
+set CP=%CP%;%JSSE_HOME%\lib\jcert.jar;%JSSE_HOME%\lib\jnet.jar;%JSSE_HOME%\jsse.jar
+:noJsse
set CLASSPATH=%CP%
echo Using CATALINA_BASE: %CATALINA_BASE%
echo Using CATALINA_HOME: %CATALINA_HOME%
-echo Using CLASSPATH: %CLASSPATH%
+echo Using CLASSPATH: %CLASSPATH%
+echo Using JAVA_HOME: %JAVA_HOME%
rem ----- Execute The Requested Command ---------------------------------------
1.19 +8 -1 jakarta-tomcat-4.0/catalina/src/bin/catalina.sh
Index: catalina.sh
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/bin/catalina.sh,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- catalina.sh 2001/09/12 00:54:28 1.18
+++ catalina.sh 2001/09/12 17:38:47 1.19
@@ -20,7 +20,11 @@
# command is executed. Defaults to
# "-classic -Xdebug -Xnoagent
-Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
#
-# $Id: catalina.sh,v 1.18 2001/09/12 00:54:28 craigmcc Exp $
+# JSSE_HOME (Optional) May point at your Java Secure Sockets Extension
+# (JSSE) installation, whose JAR files will be added to the
+# system class path used to start Tomcat.
+#
+# $Id: catalina.sh,v 1.19 2001/09/12 17:38:47 craigmcc Exp $
# -----------------------------------------------------------------------------
@@ -86,6 +90,9 @@
if [ -f "$JAVA_HOME/lib/tools.jar" ] ; then
CP=$CP:"$JAVA_HOME/lib/tools.jar"
+fi
+if [ -f "$JSSE_HOME/lib/jsse.jar" ] ; then
+
CP=$CP:"$JSSE_HOME/lib/jcert.jar":"$JSSE_HOME/lib/jnet.jar":"$JSSE_HOME/lib/jsse.jar"
fi
1.7 +15 -62 jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml
Index: ssl-howto.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- ssl-howto.xml 2001/09/07 18:39:08 1.6
+++ ssl-howto.xml 2001/09/12 17:38:47 1.7
@@ -31,20 +31,14 @@
<ol>
<li>Download JSSE 1.0.2 (or later) from
<a
href="http://java.sun.com/products/jsse/">http://java.sun.com/products/jsse/</a>
- and either make it an <em>installed extension</em> on the system, or else add it
- to the classpath being passed to Tomcat in the Catalina startup script.
-</li><br/><br/>
+ and either make it an <em>installed extension</em> on the system, or else
+ set an environment variable <code>JSSE_HOME</code> that points at the
+ directory into which you installed JSSE.</li><br/><br/>
<li>Create a certificate keystore by executing the following command:
<source>
keytool -genkey -alias tomcat -keyalg RSA
</source>
and specify a password value of "changeit".</li><br/><br/>
-<li>Edit <code>$JAVA_HOME/jre/lib/security/java.security</code> and add
-<source>
-security.provider.2=com.sun.net.ssl.internal.ssl.Provider
-</source>
- (if you already have a <code>security.provider.2</code> entry, use the
- next available numeric identifier).</li><br/><br/>
<li>Uncomment the "SSL HTTP/1.1 Connector" entry in
<code>$CATALINA_HOME/conf/server.xml</code> and tweak as necessary.</li>
<br/><br/>
@@ -182,25 +176,16 @@
package. If you are running JDK 1.4 (currently in beta), these classes have
been integrated directly into the JDK, so you can skip this entire step.</p>
-<p>After expanding the package, there are two ways to make it available to Tomcat.
-The easiest approach is to simply make it an <em>installed extension</em> by
-copying all three JAR files (<code>jcert.jar</code>, <code>jnet.jar</code>, and
-<code>jsse.jar</code>) into your <code>$JAVA_HOME/jre/lib/ext</code> directory.
-In effect, this eliminates the need to have them in any <code>CLASSPATH</code>.</p>
-
-<p>If making the JSSE libraries an installed extension is either not possible or
-not desirable in your particular environment, the alternative approach is to
-add the JAR files to Tomcat's startup <code>CLASSPATH</code>. Because Tomcat
-ignores the system <code>CLASSPATH</code>, this approach involves modifying the
-Catalina command script for your particular environment (<code>catalina.sh</code>
-under Unix, or <code>catalina.bat</code> in Windows). Add the JSSE libraries to
-the classpath being passed to the <code>java</code> command.</p>
-
-<p><strong>WARNING</strong> - Do <strong>not</strong> copy any of these JAR
-files into any of the internal Tomcat directories. Also, do not make them both an
-installed extension <em>and</em> include them in the startup script's
-<code>CLASSPATH</code>. Either of these two scenerios will cause Tomcat to fail
-on startup.</p>
+<p>After expanding the package, there are two ways to make it available to
+Tomcat (choose one or the other):</p>
+<ul>
+<li>Make JSSE an <em>installed extension</em> by copying all three JAR files
+ (<code>jcert.jar</code>, <code>jnet.jar</code>, and <code>jsse.jar</code>)
+ into your <code>$JAVA_HOME/jre/lib/ext</code> directory.</li>
+<li>Create a new environment variable <code>JSSE_HOME</code> that contains
+ the absolute path to the directory into which you unpacked the
+ JSSE binary distribution.</li>
+</ul>
</subsection>
@@ -259,35 +244,6 @@
</subsection>
-<subsection name="Add the SSL Provider to the JVM">
-
-<p>When the JVM attempts to load up the necessary classes for SSL during
-server startup, it checks for an appropriate <em>Provider</em> for each
-cryptographic service. In order to let the JVM know that it has a suitable
-SSL provider installed (which you did when you installed JSSE), you must
-edit the <code>$JAVA_HOME/jre/lib/security/java.security</code> file and
-add an entry. The very first section of this configuration file should
-already have one or more lines that look like this:</p>
-<source>
-security.provider.1=sun.security.provider.Sun
-</source>
-
-<p>The syntax here is:</p>
-<source>
-security.provider.{search-order}={fully-qualified-Provider-class-name}
-</source>
-
-<p>In order to register the SSL provider, add a line like this:</p>
-<source>
-security.provider.2=com.sun.net.ssl.internal.ssl.Provider
-</source>
-
-<p>If there is already an entry for <code>security.provider.2</code>,
-simply use the next available number (such as
-<code>security.provider.3</code>) that is not currently in use.</p>
-
-</subsection>
-
<subsection name="Edit the Tomcat Configuration File">
<p>The final step is to configure your secure socket in the
@@ -400,11 +356,8 @@
<li>I get "java.security.NoSuchAlgorithmException" errors in my
log files.
<blockquote>
- <p>The JVM cannot find the JSSE JAR files, or you have not registered
- the JSSE Provider. Follow all of the directions to
- <a href="#Download and Install JSSE">download and install JSSE</a>, and
- <a href="#Add the SSL Provider to the JVM">register the SSL provider</a>
- with your JVM.</p>
+ <p>The JVM cannot find the JSSE JAR files. Follow all of the directions to
+ <a href="#Download and Install JSSE">download and install JSSE</a>.</p>
</blockquote></li>
<li>When Tomcat starts up, I get an exception like