I have a tomcat 7.x servlet container which deploys multiple war files from its webapps
directory. I would like to make sure that none of these applications deployed in my tomcat use MD5
algorithms. I can do that from java by:
Provider[] providers = Security.getProviders();
for(Provider p : providers) {
p.remove("MessageDigest.MD5");
}
However, this requires all web applications deployed in my tomcat to do the same. Is there anyway for me to do this just once, globally for this tomcat instance?
One possibility is to add it in a servlet init method, the configure the servlet to load on start up from global deployment descriptor.
I tried doing this, but in my tomcat instance, regardless of where I do this, the following lines never throw an exception:
MessageDigest hash = MessageDigest.getInstance("MD5");
hash.digest("ABCDEFGH".getBytes());
I was expecting it to throw NoSuchAlgorithmException
since I removed MessageDigest.MD5
. What could be the reason?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…