On Mon, Jun 24, 2013 at 1:31 PM, Prabath Siriwardena <[email protected]>wrote:
> +1 > > Also we need to avoid keystores been configured in different places. Like > datasources - we need to have key stores configured in a single place and > reference those from other places.. > +1 for both. keystores we refer in many places.. thanks, > > Thanks & regards, > -Prabath > > On Sat, Jun 22, 2013 at 3:05 PM, Amila Suriarachchi <[email protected]>wrote: > >> hi, >> >> After reading some tomcat codes I found we can set the keystore password >> by overriding the setkeystorepass method in Http1NioProtocol class. >> >> package org.wso2.carbon.tomcat.ext.transport; >> >> import org.apache.coyote.http11.Http11NioProtocol; >> >> public class CarbonHttp1NioProtocol extends Http11NioProtocol { >> >> @Override >> public void setKeystorePass(String s) { >> System.out.println("setting the key store pass "); >> super.setKeystorePass("wso2carbon"); >> } >> } >> >> Now we can set our class at the tomcat connector level. >> >> <Connector >> protocol="org.wso2.carbon.tomcat.ext.transport.CarbonHttp1NioProtocol" >> port="9443" >> bindOnInit="false" >> sslProtocol="TLS" >> maxHttpHeaderSize="8192" >> acceptorThreadCount="2" >> maxThreads="250" >> minSpareThreads="50" >> disableUploadTimeout="false" >> enableLookups="false" >> connectionUploadTimeout="120000" >> maxKeepAliveRequests="200" >> acceptCount="200" >> server="WSO2 Carbon Server" >> clientAuth="false" >> compression="on" >> scheme="https" >> secure="true" >> SSLEnabled="true" >> compressionMinSize="2048" >> noCompressionUserAgents="gozilla, traviata" >> >> compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg" >> >> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks" >> keystorePass="carbon1" >> URIEncoding="UTF-8"/> >> >> so what we can do is to read the pass word from the carbon.xml key stores >> which is secured at that method and set the correct password instead of >> letting users to declare it. Even we can override the keystore location. so >> we can remove both those parameters from there and read only from >> carbon.xml file. >> >> WDYT? >> >> thanks, >> Amila. >> >> >> -- >> *Amila Suriarachchi* >> >> Software Architect >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 71 3082805 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Supun Malinga, Senior Software Engineer, WSO2 Inc. http://wso2.com http://wso2.org email - [email protected] <[email protected]> mobile - 071 56 91 321
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
