[kaffe] repost: help w/ java.security + gnucrypto

Casey Marshall csm at gnu.org
Mon Sep 6 22:33:14 PDT 2004

>>>>> "Dalibor" == Dalibor Topic <robilad at kaffe.org> writes:

Dalibor> D greene wrote:
>> Hello all (sorry for the repost):

Dalibor> Hi Dgreene,

Dalibor> thanks for the repost - if you can not manage to solve a
Dalibor> problem that bothers you, reposting within a week is OK, as a
Dalibor> reminder, in my opinion.

(and thanks to Dalibor for reminding me to reply to this!)

>> I need some pointers to docs on how to use the java.security file
>> (below) with Kaffe 1.1.4:
>> # Security configuration file for Kaffe
>> #
>> # You'll need to have kaffe configured to use GNU Crypto for the GNU
>> Crypto provider
>> # to be picked up.
>> security.provider.1=gnu.crypto.jce.GnuCrypto
>> security.provider.2=kaffe.security.provider.Kaffe

Dalibor> I've merged in GNU Crypto directy into kaffe's sources now,
Dalibor> so if you use the CVS head, you'll have GNU Crypto right in;)

Also: recent GNU Crypto CVS has had its provider structure changed, so
there are four providers that need to be installed:


Dalibor>   java -Djava.security.manager -Djava.security.policy=someURL
Dalibor> SomeApp is what Sun's docs[1] say, but I haven't tried it
Dalibor> myself. There is a free JSSE implemenetation, Jessie[2], that
Dalibor> has also been merged into CVS, and *should*[3] work. I've
Dalibor> CC:ed Casey as he should be able to tell you more about
Dalibor> Jessie's status.

Kaffe was the VM I used when developing Jessie, and as far as I know,
it has always worked on it. Since Kaffe includes it (and GNU Crypto)
it should work as-is, though I haven't tried it.

I've done a little hacking on supporting the `-Djava.security.manager'
property in Classpath (GCJ and Kaffe, actually) and have found that
the best place to support this is in java.lang.System.<clinit>. I'm
just not satisfied yet, because Kaffe handles exceptions thrown from
that method badly.

In Kaffe CVS, you need to do this:

   kaffe -Dpolicy.provider=gnu.java.security.PolicyFile

Since the default Policy implementation is a trivial all-permissive
one. And since you can't get a security manager by default, you need
to install one.

I also don't believe the OP's problems with Runtime.exec are related
to the security manager.

Casey Marshall || csm at gnu.org

More information about the kaffe mailing list