java sec_java.security文件
java.security文件
(2009-10-30 10:44:21)
标签:
杂谈
#
# This is the "master security properties file".
#
# In this file, various security properties are set for use
by
# java.security classes. This is where users can statically
register
# Cryptography Package Providers ("providers" for short). The
term
# "provider" refers to a package or set of packages that supply
a
# concrete implementation of a subset of the cryptography aspects
of
# the Java Security API. A provider may, for example, implement one
or
# more digital signature algorithms or message digest
algorithms.
#
# Each provider must implement a subclass of the Provider
class.
# To register a provider in this master security properties
file,
# specify the Provider subclass name and priority in the
format
#
# security.provider.=
#
# This declares a provider, and specifies its preference
# order n. The preference order is the order in which providers
are
# searched for requested algorithms (when no specific provider
is
# requested). The order is 1-based; 1 is the most preferred,
followed
# by 2, and so on.
#
# must specify the
subclass of the Provider class whose
# constructor sets the values of various properties that are
required
# for the Java Security API to look up the algorithms or
other
# facilities implemented by the provider.
#
# There must be at least one provider specification in
java.security.
# There is a default provider that comes standard with the JDK.
It
# is called the "SUN" provider, and its Provider subclass
# named Sun appears in the sun.security.provider package. Thus,
the
# "SUN" provider is registered via the following:
#
# security.provider.1=sun.security.provider.Sun
#
# (The number 1 is used for the default provider.)
#
# Note: Providers can be dynamically registered instead by calls
to
# either the addProvider or insertProviderAt method in the
Security
# class.
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=sun.security.mscapi.SunMSCAPI
#
# Select the source of seed data for SecureRandom. By default
an
# attempt is made to use the entropy gathering device specified
by
# the securerandom.source property. If an exception occurs
when
# accessing the URL then the traditional system/thread
activity
# algorithm is used.
#
# On Solaris and Linux systems, if file:/dev/urandom is specified
and it
# exists, a special SecureRandom implementation is activated by
default.
# This "NativePRNG" reads random bytes directly from
/dev/urandom.
#
# On Windows systems, the URLs file:/dev/random and
file:/dev/urandom
# enables use of the Microsoft CryptoAPI seed functionality.
#
securerandom.source=file:/dev/urandom
#
# The entropy gathering device is described as a URL and can
also
# be specified with the system property "java.security.egd". For
example,
# -Djava.security.egd=file:/dev/urandom
# Specifying this system property will override the
securerandom.source
# setting.
#
# Class to instantiate as the
javax.security.auth.login.Configuration
# provider.
#
login.configuration.provider=com.sun.security.auth.login.ConfigFile
#
# Default login configuration file
#
#login.config.url.1=file:${user.home}/.java.login.config
#
# Class to instantiate as the system Policy. This is the name of
the class
# that will be used as the Policy object.
#
policy.provider=sun.security.provider.PolicyFile
# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
# whether or not we expand properties in the policy file
# if this is set to false, properties (${...}) will not be expanded
in policy
# files.
policy.expandProperties=true
# whether or not we allow an extra policy to be passed on the
command line
# with -Djava.security.policy=somefile. Comment out this line to
disable
# this feature.
policy.allowSystemProperty=true
# whether or not we look into the IdentityScope for trusted
Identities
# when encountering a 1.1 signed JAR file. If the identity is
found
# and is trusted, we grant it AllPermission.
policy.ignoreIdentityScope=false
#
# Default keystore type.
#
keystore.type=jks
#
# Class to instantiate as the system scope:
#
system.scope=sun.security.provider.IdentityDatabase
#
# List of comma-separated packages that start with or equal this
string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package)
has
# been granted.
package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.
#
# List of comma-separated packages that start with or equal this
string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package)
has
# been granted.
#
# by default, no packages are restricted for definition, and none
of
# the class loaders supplied with the JDK call
checkPackageDefinition.
#
#package.definition=
#
# Determines whether this properties file can be appended to
# or overridden on the command line via
-Djava.security.properties
#
security.overridePropertiesFile=true
#
# Determines the default key and trust manager factory algorithms
for
# the javax.net.ssl package.
#
ssl.KeyManagerFactory.algorithm=SunX509
ssl.TrustManagerFactory.algorithm=PKIX
#
# The Java-level namelookup cache policy for successful
lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address
for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons,
this
# caching is made forever when a security manager is set. When a
security
# manager is not set, the default behavior is to cache for 30
seconds.
#
# NOTE: setting this to anything other than the default value can
have
# serious security implications. Do not set it unless
# you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1
# The Java-level namelookup cache policy for failed lookups:
#
# any negative value: cache forever
# any positive value: the number of seconds to cache negative
lookup results
# zero: do not cache
#
# In some Microsoft Windows networking environments that
employ
# the WINS name service in addition to DNS, name service
lookups
# that fail may take a noticeably long time to return (approx. 5
seconds).
# For this reason the default caching policy is to maintain
these
# results for 10 seconds.
#
#
networkaddress.cache.negative.ttl=10
#
# Properties to configure OCSP for certificate revocation
checking
#
#在线证书状态协议(OCSP)是两种维护服务器和其它网络资源安全的普通方法之一。
#另一个比较旧的方法是证书吊销列表(CRL),有些情况下可以代替OCSP。
# Enable OCSP
#
# By default, OCSP is not used for certificate revocation
checking.
# This property enables the use of OCSP when set to the value
"true".
#
# NOTE: SocketPermission is required to connect to an OCSP
responder.
#
# Example,
# ocsp.enable=true
#
# Location of the OCSP responder
#
# By default, the location of the OCSP responder is determined
implicitly
# from the certificate being validated. This property explicitly
specifies
# the location of the OCSP responder. The property is used when
the
# Authority Information Access extension (defined in RFC 3280) is
absent
# from the certificate or when it requires overriding.
#
# Example,
# ocsp.responderURL=http://ocsp.example.net:80
#
# Subject name of the OCSP responder's certificate
#
# By default, the certificate of the OCSP responder is that of the
issuer
# of the certificate being validated. This property identifies the
certificate
# of the OCSP responder when the default does not apply. Its value
is a string
# distinguished name (defined in RFC 2253) which identifies a
certificate in
# the set of certificates supplied during cert path validation. In
cases where
# the subject name alone is not sufficient to uniquely identify the
certificate
# then both the "ocsp.responderCertIssuerName" and
# "ocsp.responderCertSerialNumber" properties must be used instead.
When this
# property is set then those two properties are ignored.
#
# Example,
# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
#
# Issuer name of the OCSP responder's certificate
#
# By default, the certificate of the OCSP responder is that of the
issuer
# of the certificate being validated. This property identifies the
certificate
# of the OCSP responder when the default does not apply. Its value
is a string
# distinguished name (defined in RFC 2253) which identifies a
certificate in
# the set of certificates supplied during cert path validation.
When this
# property is set then the "ocsp.responderCertSerialNumber"
property must also
# be set. When the "ocsp.responderCertSubjectName" property is set
then this
# property is ignored.
#
# Example,
# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
#
# Serial number of the OCSP responder's certificate
#
# By default, the certificate of the OCSP responder is that of the
issuer
# of the certificate being validated. This property identifies the
certificate
# of the OCSP responder when the default does not apply. Its value
is a string
# of hexadecimal digits (colon or space separators may be present)
which
# identifies a certificate in the set of certificates supplied
during cert path
# validation. When this property is set then the
"ocsp.responderCertIssuerName"
# property must also be set. When the
"ocsp.responderCertSubjectName" property
# is set then this property is ignored.
#
# Example,
# ocsp.responderCertSerialNumber=2A:FF:00
分享:
喜欢
0
赠金笔
加载中,请稍候......
评论加载中,请稍候...
发评论
登录名: 密码: 找回密码 注册记住登录状态
昵 称:
评论并转载此博文
发评论
以上网友发言只代表其个人观点,不代表新浪网的观点或立场。
java sec_java.security文件相关推荐
- 怎么读取java文件,Java怎么读取文件
当前位置:我的异常网» J2SE » Java怎么读取文件 Java怎么读取文件 www.myexceptions.net 网友分享于:2013-12-20 浏览:60次 Java如何读取文件? ...
- Java Spring Security示例教程中的2种设置LDAP Active Directory身份验证的方法
LDAP身份验证是全球范围内最流行的企业应用程序身份验证机制之一,而Active Directory (Microsoft针对Windows的LDAP实现)是另一种广泛使用的LDAP服务器. 在许多项 ...
- Java实现批量文件加密
一.题目要求: 用Java实现一个文件批量加密解密工具,实现以下功能: 1. 要有图形界面. 2. 能够通过界面设置一个目录,软件对该目录下的所有文件进行加密或解密(使用对称或非对称加密算法). 加密 ...
- 基于 Java Spring Security 的关注微信公众号即登录的设计与实现 ya
太长不看版本 本文通过一个实际的具有一定商业价值的项目,展示了 API 优先的开发方法.通过薅羊毛的方式,落地了 Free Arch 架构. 背景和价值 通过微信公众号积累粉丝并进行商业活动宣传,是新 ...
- 如何用 Java 对 PDF 文件进行电子签章
转自:如何用 Java 对 PDF 文件进行电子签章 - Ferocious - 博客园 一.概述 二.技术选型 三.生成一个图片签章 四.如何按模板生成PDF文件 五.如何生成PKSC12证书 六. ...
- java spring js文件_005-html+js+spring multipart文件上传
一.概述 需求:通过html+js+java上传最大500M的文件,需要做MD5 消息摘要以及SHA256签名,文件上传至云存储 1.1.理解http协议 https://www.cnblogs.co ...
- java实现MinIO文件上传,并将视频文件截图,将视频封面及视频通过MinIo上传到服务器中
java实现MinIO文件上传,并将视频文件截图,将视频封面及视频通过MinIo上传到服务器中 配置完毕,接下来开始代码编写. 说明 总过程分为两步. 1.配置MinIO的环境. 2.代码编写. 下面 ...
- Java 通过证书文件获取私钥
java通过证书文件获取私钥 import org.springframework.core.io.ClassPathResource;import java.util.Arrays; import ...
- java 读取txt,java读取大文件
java 读取txt,java读取大文件 package com.bbcmart.util; import java.io.File; import java.io.RandomAccessFile; ...
- java 读取流的字符编码格式_如何使用Java代码获取文件、文件流或字符串的编码方式...
标签: 今天通过网络资源研究了一下如何使用Java代码获取文件.文件流或字符串的编码方式,现将代码与大家分享: package com.ghj.packageoftool; import info.m ...
最新文章
- [排序算法] 选择排序(2种)
- 13、MySQL索引的设计原则
- 插入排序、选择排序、快速排序以及归并排序(附Python代码)
- 接口设计的幂等性考虑
- C# DateTime ToString
- 林群院士:做科普也可以创新,和做科研一样
- matlab仿真三相交流电路,三相交流调压电路的MATLAB仿真
- LeetCode算法题-Design LinkedList(Java实现)
- Docker、Mesos和Marathon剖析以及入门实战
- php写2048,原生js编写2048小游戏实例代码
- 软考中级网络工程师学习笔记(知识点汇总)详细版本
- 如何将二维数组转化为一维数组
- 文本分类(0)——scrapy爬新浪滚动新闻
- Android 9.0中sdcard 的权限和挂载问题
- 极光Im + layIm 实现后台聊天
- 2019华北五省计算机应用大赛官网,软件学院学生在2019年华北五省(市、自治区)及港澳台大学生计算机应用大赛(河北赛区)中喜获佳绩...
- python 多态 知乎_Python鸭子类型和多态
- 电脑贴的标签 MFG YR是什么意思
- Oracle计算分组分位数
- TearDrop代码编程与SOCKET应用实例
热门文章
- 词组能够进入_四六级翻译100个常考词组~
- 命令调出本地链接_大牛进化路上之Linux基础命令,看看你了解多少?
- solidworks入门实例画图_分享用SolidWorks绘制的鸡蛋托盘,学会借助于曲面生成波浪线草图...
- css3伸缩布局(附实例、图解)
- WPF 设置TextBox为空时,背景为文字提示。
- 善用VS中的Code Snippet来提高开发效率
- Android Studio 3.3发布:官方支持导航编辑器
- Android 修改字体,跳不过的 Typeface
- Salesforce:下个财年营收我们有望突破100亿美元
- MplusAutomation包的使用 二