hi,
After reading some tomcat codes I found we can set the keystore password by
overriding the setkeystorepass method in Http1NioProtocol class.
package org.wso2.carbon.tomcat.ext.transport;
import org.apache.coyote.http11.Http11NioProtocol;
public class CarbonHttp1NioProtocol extends Http11NioProtocol {
@Override
public void setKeystorePass(String s) {
System.out.println("setting the key store pass ");
super.setKeystorePass("wso2carbon");
}
}
Now we can set our class at the tomcat connector level.
<Connector
protocol="org.wso2.carbon.tomcat.ext.transport.CarbonHttp1NioProtocol"
port="9443"
bindOnInit="false"
sslProtocol="TLS"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
enableLookups="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
clientAuth="false"
compression="on"
scheme="https"
secure="true"
SSLEnabled="true"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
keystorePass="carbon1"
URIEncoding="UTF-8"/>
so what we can do is to read the pass word from the carbon.xml key stores
which is secured at that method and set the correct password instead of
letting users to declare it. Even we can override the keystore location. so
we can remove both those parameters from there and read only from
carbon.xml file.
WDYT?
thanks,
Amila.
--
*Amila Suriarachchi*
Software Architect
WSO2 Inc. ; http://wso2.com
lean . enterprise . middleware
phone : +94 71 3082805
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
