Appendix C. JSTK Tools - J2EE Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice

Appendix C. JSTK Tools

The author developed a number of simple command line tools and sample applications in the course of writing this book to explore various Java security capabilities and APIs. The discussion of these tools appears along with the relevant concepts throughout the book, with a suggestion to look at the source code for complete working programs. This appendix provides comprehensive user level documentation on these tools at one place. Hopefully, these tools will prove to be useful to you in better understanding and utilizing the power of the security capabilities inherent in the Java platform.

These tools and applications have been packaged, along with source files and documentation, as an integrated toolkit and given a name桱STK (Java Security Tool Kit). The directory structure of this package is shown in Figure C-1.

Figure C-1. JSTK installation directory structure.

graphics/ap03fig01.jpg

Follow the steps below to download, install and check successful installation of JSTK on a MS Windows machine.

Prepare for Installation. Make sure that you have J2SE SDK v1.4.x on your machine and the environment variable JAVA_HOME is pointing to the base installation directory.
Get JSTK. Download the JSTK distribution file, jstk-1_0.zip, from http://www.j2ee-security.net, the companion website to this book.
Install. Unzip the distribution file. One way of doing so is to issue the command "%JAVA_HOME%\bin\jar xvf jstk-1_0.zip" in the directory where the downloaded file jstk-1_0.zip is saved. This should create the subdirectory jstk-1.0 and place all source, binary and data files within the appropriate directory tree. This directory is referred to as the JSTK installation or home directory.
Build. This is an optional step and is required only if you modify one or more source files for the JSTK tools. To be able to compile the sources, you must have Apache Ant installed on your machine and its bin directory in the PATH. To perform the build, simply issue the command "ant" from the JSTK installation directory. This command will create the jar file jstk.jar in the build subdirectory. To remove compiled classes and jar files, issue the command "ant clean".
Verify Installation. Go to the JSTK installation directory and issue the command "bin\crypttool listp 朿sinfo". This command should list all the available cryptographic service providers and their services.

Instructions for UNIX and Linux machines are quite similar and can be obtained by performing following substitutions in the above instructions:

Replace %JAVA_HOME% by $JAVA_HOME.
Replace backslash with forward slash in the pathnames.
Add .sh to command file names. For example: crypttool.sh.

The rest of the appendix explains the individual JSTK tools and various commands and options supported by them. As you go through these tools, you will notice that almost all JSTK tools share the following structure: A JSTK tool takes a command and zero or more options as command line arguments. You can get a list of all the commands supported by the tool by specifying help command as in "bin\crypttool help". Help on individual commands are obtained by placing help after the command as in "bin\crypttool listp help".

It is best to invoke these tools from the JSTK installation directory, specifying the pathname of the script file.

< Day Day Up >