You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by Apache Wiki <wi...@apache.org> on 2009/03/13 17:23:32 UTC

[Myfaces Wiki] Update of "Secure Your Application" by JasonRickabaugh

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Myfaces Wiki" for change notification.

The following page has been changed by JasonRickabaugh:
http://wiki.apache.org/myfaces/Secure_Your_Application

------------------------------------------------------------------------------
   java.lang.SecurityException: Unsupported keysize or algorithm parameters
  }}}
  
- This most likely means that you must go to a place like http://java.sun.com/j2se/1.4.2/download.html and get the unlimited jursidiction policy files.  You will basically need to replace a few jars under <JAVA_HOME>jre\lib\security .  All of
+ This most likely means that you must go to a place like http://java.sun.com/j2se/1.4.2/download.html or http://java.sun.com/javase/downloads/index.jsp (JCE) and get the unlimited jursidiction policy files.  You will basically need to replace a few jars under <JAVA_HOME>jre\lib\security .  All of
  the following examples require unlimited jurisdiction policy files.
  
  Here is an example of using [http://www.webopedia.com/TERM/T/Triple_DES.html 3DES] with a secret of size 24.
@@ -62, +62 @@

  Below is an example of using [http://en.wikipedia.org/wiki/AES AES] encryption with a secret of size 24. There are two new context parameters.  First, the org.apache.myfaces.algorithm.parameters context parameter is being used to override the default mode.  Second, because the mode is now CBC, we MUST supply an IV as well using the org.apache.myfaces.algorithm.iv context parameter.  The IV, like the secret, is base 64 encoded (and for the same reason).  The real value of the IV in this example is "7654321076543210" .
  {{{
      <context-param>
-         <param-name>org.apache.myfaces.secret</param-name>
+         <param-name>org.apache.myfaces.SECRET</param-name>
          <param-value>MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIz</param-value>
      </context-param>
      <context-param>
-         <param-name>org.apache.myfaces.algorithm</param-name>
+         <param-name>org.apache.myfaces.ALGORITHM</param-name>
          <param-value>AES</param-value>
      </context-param>
      <context-param>
-         <param-name>org.apache.myfaces.algorithm.parameters</param-name>
+         <param-name>org.apache.myfaces.ALGORITHM.PARAMETERS</param-name>
          <param-value>CBC/PKCS5Padding</param-value>
      </context-param>
      <context-param>
-         <param-name>org.apache.myfaces.algorithm.iv</param-name>
+         <param-name>org.apache.myfaces.ALGORITHM.IV</param-name>
          <param-value>NzY1NDMyMTA3NjU0MzIxMA==</param-value>
      </context-param>
  }}}