There are no changes in the security provider infrastructure between 1.2 and 1.3. However, the SunRsaSign security provider is available only with 1.3; although 1.2 defines interfaces for RSA keys, you must obtain a third-party security provider to use them. The SunJSSE and SunJCE security providers may be installed into 1.3.

The security provider infrastructure works essentially the same in 1.1, but 1.1 supplies fewer engines. In 1.1, there are only engines to perform key pair generation, message digests, and digital signatures. There are no SPI classes in 1.1, so to implement an engine you extend the engine class directly (1.2 is backward-compatible with these classes, which is why the class hierarchy differs for these engines). If you must provide a engine that can be used in both 1.1 and 1.2, you should extend the engine class rather than the SPI.

In 1.1, the Provider class does not override the clear( ) , put( ), and remove( ) methods. In the Security class, certain methods still call the security manager to see if their operation should continue, but the string passed to the security manager is always simply the string “java.” In addition, the getProviders( ) , getProvider( ), and getProperty( ) methods also perform this check in 1.1.