So if I initialize the JSS CryptoManager directly from inside my servlet I can then use JSS SSLSocket directly. This seems wrong to me for the following reasons:
- JSS has many configuration options beyond just directory, I would rather have the container manage these.
- Since glassfish is running in EE mode, clearly there is already another instance of JSS CryptoManager initialized for use by the web server. How do I know that my servlet won't trample on its internal native NSS library state when I initialize my CryptoManager?
- When I initialize my CryptoManager, I get a security exception when JSS CryptoManager tries to set the some kind of JSSProvider.
java.security.AccessControlException: access denied (java.security.SecurityPermission putProviderProperty.Mozilla-JSS)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
at java.security.Provider.check(Provider.java:349)
at java.security.Provider.put(Provider.java:303)
at org.mozilla.jss.JSSProvider.<init>(JSSProvider.java:66)
at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:873)
-
[Message sent by forum member 'suggarglider' (suggarglider)]
http://forums.java.net/jive/thread.jspa?messageID=322259