On 21/01/2020 15:53, Christopher Schultz wrote: > Mark, > > On 1/20/20 2:25 PM, Mark Thomas wrote: >> On 20/01/2020 17:21, Mark Thomas wrote: >>> On 20/01/2020 17:08, Christopher Schultz wrote: >>>> On 1/20/20 12:01 PM, ma...@apache.org wrote: >>> >>> <snip/> >>> >>>>> Add encryption as the first option to secure a cluster --- >>> >>> <snip/> >>> >>>> I could have sworn I added this, already. Thanks for doing it. >>> >>> I'm looking at back-porting the Interceptor to 7.0.x. I've got >>> everything done apart from GCMParameterSpec which is new in Java >>> 7. >>> >>> I don't suppose you've looked into this previously and know if >>> there is a Java 6 equivalent? It would save me the time to >>> research it. >>> >>> If not, I'll make it a Java 7+ feature with JreCompat. > >> Java 6 doesn't support GCM. JreCompat it is. > > You may not need it: I checked, and the GCMParameterSpec class isn't > referenced except in the GCMEncryptionManager class, which will only > be loaded if the user specifically requests GCM block-cipher mode.
It won't compile unless we compile with Java 7 and Tomcat 7 ideally needs to compile with Java 6 unless we want to start jumping through the same sort of hoops we have to jump through for WebSocket. > So maybe you could just leave it alone and allow CNFE to occur on Java > 7. Or, if you want a nicer error message, you can catch CNFE (or > similar) or explicitly check the Java version and print a nice error > message. > > But don't require Java 7 for the EncryptInterceptor in general. I went with the option of using reflection to call the Constructor. That way it compiles on Java 6 but if the user specifies GCM it will fail unless GCM is available (Java 7+ for Solaris, Java 8+ for everyone else). Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
