Throughout this book, we’ve mentioned several modifications that you may make to the file $JREHOME/lib/security/java.security in order to modify how various aspects of the Java security policy work. This appendix provides an annotated listing of that file (including entries that are not present in the default version of the file).

# The list of security providers (see Chapter 8) that will be consulted for
# all programs. There may be any number of these, as long as they are
# numbered sequentially starting with 1. The order is important, since this
# is the order in which providers will be searched for a particular
# algorithm.
#
# In 1.3, there are two default security providers (the first two in this
# list). JCE and JSSE each provide an additional provider, which we
# configured into this file in Chapter 1.
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.rsajca.Provider
security.provider.3=com.sun.crypto.provider.SunJCE
security.provider.4=com.sun.net.ssl.internal.ssl.Provider

# This is the name of the class that will be used as the Policy object.
# This class must be on the system classpath (e.g., in rt.jar or the
# extensions directory). See Chapter 5. policy.provider=sun.security.provider.PolicyFile # This is the name of the class that will be used as the JAAS Policy # object. This line does not appear in the standard java.security # file, in which case the class to use is hardwired into JAAS code # itself. You ...