When we introduced the security section into the carbon.xml, the intention was to declare reused common stuff like keystores in one place, and use it throughout the runtime.
Azeez On Tue, Jun 25, 2013 at 10:35 PM, Supun Malinga <[email protected]> wrote: > > > > On Mon, Jun 24, 2013 at 1:31 PM, Prabath Siriwardena <[email protected]>wrote: > >> +1 >> >> Also we need to avoid keystores been configured in different places. Like >> datasources - we need to have key stores configured in a single place and >> reference those from other places.. >> > > +1 for both. > keystores we refer in many places.. > > thanks, > >> >> Thanks & regards, >> -Prabath >> >> On Sat, Jun 22, 2013 at 3:05 PM, Amila Suriarachchi <[email protected]>wrote: >> >>> hi, >>> >>> After reading some tomcat codes I found we can set the keystore password >>> by overriding the setkeystorepass method in Http1NioProtocol class. >>> >>> package org.wso2.carbon.tomcat.ext.transport; >>> >>> import org.apache.coyote.http11.Http11NioProtocol; >>> >>> public class CarbonHttp1NioProtocol extends Http11NioProtocol { >>> >>> @Override >>> public void setKeystorePass(String s) { >>> System.out.println("setting the key store pass "); >>> super.setKeystorePass("wso2carbon"); >>> } >>> } >>> >>> Now we can set our class at the tomcat connector level. >>> >>> <Connector >>> protocol="org.wso2.carbon.tomcat.ext.transport.CarbonHttp1NioProtocol" >>> port="9443" >>> bindOnInit="false" >>> sslProtocol="TLS" >>> maxHttpHeaderSize="8192" >>> acceptorThreadCount="2" >>> maxThreads="250" >>> minSpareThreads="50" >>> disableUploadTimeout="false" >>> enableLookups="false" >>> connectionUploadTimeout="120000" >>> maxKeepAliveRequests="200" >>> acceptCount="200" >>> server="WSO2 Carbon Server" >>> clientAuth="false" >>> compression="on" >>> scheme="https" >>> secure="true" >>> SSLEnabled="true" >>> compressionMinSize="2048" >>> noCompressionUserAgents="gozilla, traviata" >>> >>> compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg" >>> >>> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks" >>> keystorePass="carbon1" >>> URIEncoding="UTF-8"/> >>> >>> so what we can do is to read the pass word from the carbon.xml key >>> stores which is secured at that method and set the correct password instead >>> of letting users to declare it. Even we can override the keystore location. >>> so we can remove both those parameters from there and read only from >>> carbon.xml file. >>> >>> WDYT? >>> >>> thanks, >>> Amila. >>> >>> >>> -- >>> *Amila Suriarachchi* >>> >>> Software Architect >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 71 3082805 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Supun Malinga, > > Senior Software Engineer, > WSO2 Inc. > http://wso2.com > http://wso2.org > email - [email protected] <[email protected]> > mobile - 071 56 91 321 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * <http://www.apache.org/>** email: **[email protected]* <[email protected]>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
