Hi Amila, On Tue, Jun 25, 2013 at 3:18 PM, Amila Suriarachchi <[email protected]> wrote:
> > > > On Tue, Jun 25, 2013 at 3:03 PM, Prabath Siriwardena <[email protected]>wrote: > >> Currently key stores are configured in following files.. > > > +1. we need to configure that only at the carbon.xml file. > > >> >> 1. carbon.xml >> 2. axis2.xml >> > > Should be able to do by extending the transports and setting the keystore > values from there. > This means we have to extent all the transports in synapse/axis2... ? Or is there a generic way to extend?. Please enlighten.. thanks, > >> 3. catalina-server.xml >> > > This is already fixed. > > >> 4. identity.xml >> > > thanks, > Amila. > >> >> Key store configurations are duplicated across all these files.. so we >> need to bring all to a single file and refer that from different places... >> >> Thanks & regards, >> -Prabath >> >> On Mon, Jun 24, 2013 at 1:31 PM, Prabath Siriwardena <[email protected]>wrote: >> >>> +1 >>> >>> Also we need to avoid keystores been configured in different places. >>> Like datasources - we need to have key stores configured in a single place >>> and reference those from other places.. >>> >>> Thanks & regards, >>> -Prabath >>> >>> On Sat, Jun 22, 2013 at 3:05 PM, Amila Suriarachchi <[email protected]>wrote: >>> >>>> hi, >>>> >>>> After reading some tomcat codes I found we can set the keystore >>>> password by overriding the setkeystorepass method in Http1NioProtocol >>>> class. >>>> >>>> package org.wso2.carbon.tomcat.ext.transport; >>>> >>>> import org.apache.coyote.http11.Http11NioProtocol; >>>> >>>> public class CarbonHttp1NioProtocol extends Http11NioProtocol { >>>> >>>> @Override >>>> public void setKeystorePass(String s) { >>>> System.out.println("setting the key store pass "); >>>> super.setKeystorePass("wso2carbon"); >>>> } >>>> } >>>> >>>> Now we can set our class at the tomcat connector level. >>>> >>>> <Connector >>>> protocol="org.wso2.carbon.tomcat.ext.transport.CarbonHttp1NioProtocol" >>>> port="9443" >>>> bindOnInit="false" >>>> sslProtocol="TLS" >>>> maxHttpHeaderSize="8192" >>>> acceptorThreadCount="2" >>>> maxThreads="250" >>>> minSpareThreads="50" >>>> disableUploadTimeout="false" >>>> enableLookups="false" >>>> connectionUploadTimeout="120000" >>>> maxKeepAliveRequests="200" >>>> acceptCount="200" >>>> server="WSO2 Carbon Server" >>>> clientAuth="false" >>>> compression="on" >>>> scheme="https" >>>> secure="true" >>>> SSLEnabled="true" >>>> compressionMinSize="2048" >>>> noCompressionUserAgents="gozilla, traviata" >>>> >>>> compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg" >>>> >>>> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks" >>>> keystorePass="carbon1" >>>> URIEncoding="UTF-8"/> >>>> >>>> so what we can do is to read the pass word from the carbon.xml key >>>> stores which is secured at that method and set the correct password instead >>>> of letting users to declare it. Even we can override the keystore location. >>>> so we can remove both those parameters from there and read only from >>>> carbon.xml file. >>>> >>>> WDYT? >>>> >>>> thanks, >>>> Amila. >>>> >>>> >>>> -- >>>> *Amila Suriarachchi* >>>> >>>> Software Architect >>>> WSO2 Inc. ; http://wso2.com >>>> lean . enterprise . middleware >>>> >>>> phone : +94 71 3082805 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Mobile : +94 71 809 6732 >>> >>> http://blog.facilelogin.com >>> http://RampartFAQ.com >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Amila Suriarachchi* > > Software Architect > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 71 3082805 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Supun Malinga, Senior Software Engineer, WSO2 Inc. http://wso2.com http://wso2.org email - [email protected] <[email protected]> mobile - 071 56 91 321
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
