Updating JDK and Security Property
Follow these steps to manually update JDK:
1. Windows and Linux users, download the new JDK from:
AIX users, download the new JDK from:
2. Stop TDV java processes
3. Backup the current JDK:
mv <TDV_INSTALL_DIR>/jdk <TDV_INSTALL_DIR>/jdk_old
4. Unzip/untar new JDK under <TDV_INSTALL_DIR>/jdk
5. Delete the following:
AIX/LINUX:
<TDV_INSTALL_DIR>/jdk/lib/libsunec.so
Windows:
<TDV_INSTALL_DIR>/jdk/bin/sunec.dll
6. Backup the default java security property file:
copy INSTALL_DIR/jdk/conf/security/java.security INSTALL_DIR/jdk/conf/security/java.security.orig
7. The java security provider list is maintained in the file: <TDV_INSTALL_DIR>/jdk/conf/security/java.security
The content of this file is:
Linux x64:
security.provider.1=SUN
security.provider.2=SunRsaSign
security.provider.3=SunEC
security.provider.4=SunJSSE
security.provider.5=SunJCE
security.provider.6=SunJGSS
security.provider.7=SunSASL
security.provider.8=XMLDSig
security.provider.9=SunPCSC
security.provider.10=JdkLDAP
security.provider.11=JdkSASL
security.provider.12=SunPKCS11
Windows x64:
security.provider.1=SUN
security.provider.2=SunRsaSign
security.provider.3=SunEC
security.provider.4=SunJSSE
security.provider.5=SunJCE
security.provider.6=SunJGSS
security.provider.7=SunSASL
security.provider.8=XMLDSig
security.provider.9=SunPCSC
security.provider.10=JdkLDAP
security.provider.11=JdkSASL
security.provider.12=SunMSCAPI
security.provider.13=SunPKCS11
AIX ppc64:
security.provider.1=SUN
security.provider.2=SunRsaSign
security.provider.3=SunEC
security.provider.4=SunJSSE
security.provider.5=SunJCE
security.provider.6=SunJGSS
security.provider.7=SunSASL
security.provider.8=XMLDSig
security.provider.9=SunPCSC
security.provider.10=JdkLDAP
security.provider.11=JdkSASL
security.provider.12=SunPKCS11
Whenever, there is a change to the list of providers, the java.security file has to be updated, so that TDV security settings will be applied correctly.
Specifically, care should be taken that
a. whenever a provider is removed from this list, the list should be renumbered so as to maintain the correct sequence. Also make sure that the TDV security file mentioned in step 8 below is updated.
b. whenever a new provider is added, always add it to the end of the above list and make sure that the TDV security file mentioned in step 8 below is updated..
Note: Java's default security property has SunEC in the list, but it's not loaded since the module file (either .so or .dll) was removed in #5 above.
8. The two TDV security files are in the following locations:
• <TDV_INSTALL_DIR>/conf/server/security/java.security (all TDV Server supported platforms)
• <TDV_INSTALL_DIR>/apps/drill/conf/java.security (only for Linux x64 platforms).
The content of these files is:
Linux x64
security.provider.13=BC
Windows x64
security.provider.14=BC
AIX ppc64
security.provider.13=BC
The sequence number mentioned here is one more than the last number mentioned in the JDK security file. Whenever the sequence number in the JDK security file changes, care must be taken to update the content of the TDV security files.