Dynamically Loading A Security Provider in an App Server
843810Aug 22 2003 — edited Aug 24 2003Where should I install a security provider (that is loaded dynamically by my application(s)) when running in an application server?
My problem is that I have a web portal and a set of EJB objects that both leverage the bouncy castle security provider. Each application is packaged as a separate ear file and all support classes (includiing the bouncy castle jar file) are packaged with the application. The web app has the bouncy castle jar file in its WEB-INF/lib directory and the ejbs have a class-path entry in the jar manifest.
This packaging works fine as long as both applications are not loaded into the same application server. If both applications are installed, the first one will add the bouncy castle provider pacakged with it. When the second application starts, it adds the bouncy castle provider again...this time using its copy of bouncy castle. The first application will then recieve a ClassCastException if its attempts to get a cypher with getInstance() because the JCE framework is returning the other application's instance of bouncy castle.
So....Do I
a) Install the bouncy castle jar in higher level classloader of the app server? And if so...do I do this at the JDK/JRE/LIB/EXT directory?
b) Distribute my applications with their own copy of JCE.jar?
Thanks
Tyler Van Gorder
tkv@landacorp.com