In what scenarios do we need to use the property “java.property.com.tibco.security.EntrustLast=true”?
Article ID: KB0085904
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | - |
| Not Applicable | - |
Description
Resolution:
Environment:
===========
ALL
Resolution:
==========
The property “java.property.com.tibco.security.EntrustLast” was introduced in TRA 5.6.2. TIBCO Business Work(BW) uses TIBcrypt which uses Entrust directly. The Entrust cryptographic provider is installed at the top of the list of Providers.
Certain implementations, third party LDAP or JDBC provider, that goes through standard JSSE (Java Secure Socket Extension) or JCE (Java Cryptography Extension) interfaces end up using Entrust provider. (By default Entrust is at the top of the list).
These applications fail to connect to their application servers/databases.
For example: We are not able to connect to SQL Server using SQL native driver(sqljdbc4.jar).
Two options:
1). Change the Security vendor i.e. set java.property.TIBCO_SECURITY_VENDOR=j2se in designer.tra/application.tra
-OR-(NOT And)
2). Set the property “java.property.com.tibco.security.EntrustLast=true in designer.tra/ application.tra. The property “java.property.com.tibco.security.EntrustLast” directs that the Entrust provider be added at the end of the list. BW code will still use Entrust through TIBCrypt since it request the provider by name but other code that relied on the default provider will now use JRE's default provider.
Option 2 is also useful in scenarios where one activity wants to use Entrust and other J2SE.
Environment:
===========
ALL
Resolution:
==========
The property “java.property.com.tibco.security.EntrustLast” was introduced in TRA 5.6.2. TIBCO Business Work(BW) uses TIBcrypt which uses Entrust directly. The Entrust cryptographic provider is installed at the top of the list of Providers.
Certain implementations, third party LDAP or JDBC provider, that goes through standard JSSE (Java Secure Socket Extension) or JCE (Java Cryptography Extension) interfaces end up using Entrust provider. (By default Entrust is at the top of the list).
These applications fail to connect to their application servers/databases.
For example: We are not able to connect to SQL Server using SQL native driver(sqljdbc4.jar).
Two options:
1). Change the Security vendor i.e. set java.property.TIBCO_SECURITY_VENDOR=j2se in designer.tra/application.tra
-OR-(NOT And)
2). Set the property “java.property.com.tibco.security.EntrustLast=true in designer.tra/ application.tra. The property “java.property.com.tibco.security.EntrustLast” directs that the Entrust provider be added at the end of the list. BW code will still use Entrust through TIBCrypt since it request the provider by name but other code that relied on the default provider will now use JRE's default provider.
Option 2 is also useful in scenarios where one activity wants to use Entrust and other J2SE.
Issue/Introduction
In what scenarios do we need to use the property “java.property.com.tibco.security.EntrustLast=true”?
Feedback
Yes
No
Powered by
