SECURITY - INITIAL CONFIGURATION AND CONFIDENCE TEST

If you wish to configure your machine to use Security, rather than a
particular OS/2 session, you need to edit CONFIG.SYS on your boot
drive.

Find the line beginning SET PATH, and make sure it has x:\jdk1.1.8\bin
somewhere in it, where "x" is the appropriate drive.

Find the line SET CLASSPATH, and add x:\jdk1.1.8\lib\SecMA.jar at
the beginning, again using the appropriate letter for "x". Make sure that
CLASSPATH does not contain ".", ".\." or ";".

NOTE: You MUST ensure that SecMA.jar precedes the classes.zip file in
CLASSPATH. Failure to do so will result in security not working.

Now change directories to \jdk1.1.8\lib\security.

Rename java.security to java.security.118 or some equivalent name. This is the
security file for 1.1.x platforms.

Rename each of the following files:
java_ex.sec becomes java.sec;
java_ex.pol becomes java.pol;
user_ex.sec becomes user.sec;
user_ex.pol becomes user.pol .

Check that the line in user.sec beginning java.app.class.path points to the
drive on which you installed the JDK, otherwise the confidence test application
will not run properly.

Now run the supplied batch file qstart.cmd by changing back to the sma
directory and typing qstart. Follow the instructions which appear on the button
and in the window.

If the confidence test runs successfully, you should return to the lib\security
directory and modify the policy files as follows:

If you will be running applets, modify the user.security file and comment out
the java.security.manager= line. By doing this, you will need to use
-Djava.security.manager flag when invoking a java application. See the
usability hints below for information on creating .bat files that will work
with applications and applets and enabling security.

If you have applications that reside out of the jdk.1.1.8 library path, modify
the user.security file and add the path to your application and classes to
java.app.class.path=.

For example:

java.app.class.path=e:\\temp\\javasecurity;d:\\myapps\\

or, if you prefer:

java.app.class.path=e:/temp/javasecurity;d:/myapps

Modify the user.policy file as needed, i.e pointing to your keystore location,
and granting permissions.


USABILITY HINTS
For ease of use, you can create .cmd files to execute the java security tools,
applications and applets. See the following for examples of each:

For applications, create javam.cmd or any filename you wish with the following:

java -Djava.security.manager com.ibm.security12.sun.misc.Main %1

NOTE: If needed, you can add as many additional variables as needed. The above
example will invoke the default security manager.

For applets using the security AppletViewer, create javav.cmd or any filename
you wish with the following:

java com.ibm.security12.sun.applet.AppletViewer %1 %2 %3

NOTE: AppletViewer does not require the -Djava.security.manager flag as the
AppletViewer has its own security manager. Inclusion of this flag will result
in an error when command is invoked. If needed, you can add as many additional
variables as needed.

For the security tools, KeyTool, JarSigner, and PolicyTool, create javat.cmd or
any filename you wish with the following:

java -Djava.security.manager com.ibm.security12.sun.tools.%1 %2 %3 %4 %5 %6 %7

For example, the following command invokes the KeyTool command and will create
a keystore file with the alias javafvt and the key password of javafvtpass:

javat KeyTool -genkey -alias javafvt -keypass javafvtpass
