On Tue, Jun 25, 2013 at 3:03 PM, Prabath Siriwardena <[email protected]>wrote:
> Currently key stores are configured in following files.. +1. we need to configure that only at the carbon.xml file. > > 1. carbon.xml > 2. axis2.xml > Should be able to do by extending the transports and setting the keystore values from there. > 3. catalina-server.xml > This is already fixed. > 4. identity.xml > thanks, Amila. > > Key store configurations are duplicated across all these files.. so we > need to bring all to a single file and refer that from different places... > > Thanks & regards, > -Prabath > > On Mon, Jun 24, 2013 at 1:31 PM, Prabath Siriwardena <[email protected]>wrote: > >> +1 >> >> Also we need to avoid keystores been configured in different places. Like >> datasources - we need to have key stores configured in a single place and >> reference those from other places.. >> >> Thanks & regards, >> -Prabath >> >> On Sat, Jun 22, 2013 at 3:05 PM, Amila Suriarachchi <[email protected]>wrote: >> >>> hi, >>> >>> After reading some tomcat codes I found we can set the keystore password >>> by overriding the setkeystorepass method in Http1NioProtocol class. >>> >>> package org.wso2.carbon.tomcat.ext.transport; >>> >>> import org.apache.coyote.http11.Http11NioProtocol; >>> >>> public class CarbonHttp1NioProtocol extends Http11NioProtocol { >>> >>> @Override >>> public void setKeystorePass(String s) { >>> System.out.println("setting the key store pass "); >>> super.setKeystorePass("wso2carbon"); >>> } >>> } >>> >>> Now we can set our class at the tomcat connector level. >>> >>> <Connector >>> protocol="org.wso2.carbon.tomcat.ext.transport.CarbonHttp1NioProtocol" >>> port="9443" >>> bindOnInit="false" >>> sslProtocol="TLS" >>> maxHttpHeaderSize="8192" >>> acceptorThreadCount="2" >>> maxThreads="250" >>> minSpareThreads="50" >>> disableUploadTimeout="false" >>> enableLookups="false" >>> connectionUploadTimeout="120000" >>> maxKeepAliveRequests="200" >>> acceptCount="200" >>> server="WSO2 Carbon Server" >>> clientAuth="false" >>> compression="on" >>> scheme="https" >>> secure="true" >>> SSLEnabled="true" >>> compressionMinSize="2048" >>> noCompressionUserAgents="gozilla, traviata" >>> >>> compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg" >>> >>> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks" >>> keystorePass="carbon1" >>> URIEncoding="UTF-8"/> >>> >>> so what we can do is to read the pass word from the carbon.xml key >>> stores which is secured at that method and set the correct password instead >>> of letting users to declare it. Even we can override the keystore location. >>> so we can remove both those parameters from there and read only from >>> carbon.xml file. >>> >>> WDYT? >>> >>> thanks, >>> Amila. >>> >>> >>> -- >>> *Amila Suriarachchi* >>> >>> Software Architect >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 71 3082805 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Amila Suriarachchi* Software Architect WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 71 3082805
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
