On Thu, Jul 4, 2013 at 8:16 AM, Amila Suriarachchi <[email protected]> wrote:
> > > > On Wed, Jul 3, 2013 at 6:46 PM, Supun Malinga <[email protected]> wrote: > >> Hi Amila, >> >> On Tue, Jun 25, 2013 at 3:18 PM, Amila Suriarachchi <[email protected]>wrote: >> >>> >>> >>> >>> On Tue, Jun 25, 2013 at 3:03 PM, Prabath Siriwardena >>> <[email protected]>wrote: >>> >>>> Currently key stores are configured in following files.. >>> >>> >>> +1. we need to configure that only at the carbon.xml file. >>> >>> >>>> >>>> 1. carbon.xml >>>> 2. axis2.xml >>>> >>> >>> Should be able to do by extending the transports and setting the >>> keystore values from there. >>> >> >> This means we have to extent all the transports in synapse/axis2... ? >> > > Not all transports uses key stores. > Most of the https transports use the keystores r8?. > > >> Or is there a generic way to extend?. Please enlighten.. >> > > What you mean by a generic way? > I meant, without taking the trouble to extend each transport that uses a keystore.. thanks, > > thanks, > Amila. > >> >> thanks, >> >> >>> >>>> 3. catalina-server.xml >>>> >>> >>> This is already fixed. >>> >>> >>>> 4. identity.xml >>>> >>> >>> thanks, >>> Amila. >>> >>>> >>>> Key store configurations are duplicated across all these files.. so we >>>> need to bring all to a single file and refer that from different places... >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> On Mon, Jun 24, 2013 at 1:31 PM, Prabath Siriwardena >>>> <[email protected]>wrote: >>>> >>>>> +1 >>>>> >>>>> Also we need to avoid keystores been configured in different places. >>>>> Like datasources - we need to have key stores configured in a single place >>>>> and reference those from other places.. >>>>> >>>>> Thanks & regards, >>>>> -Prabath >>>>> >>>>> On Sat, Jun 22, 2013 at 3:05 PM, Amila Suriarachchi <[email protected]>wrote: >>>>> >>>>>> hi, >>>>>> >>>>>> After reading some tomcat codes I found we can set the keystore >>>>>> password by overriding the setkeystorepass method in Http1NioProtocol >>>>>> class. >>>>>> >>>>>> package org.wso2.carbon.tomcat.ext.transport; >>>>>> >>>>>> import org.apache.coyote.http11.Http11NioProtocol; >>>>>> >>>>>> public class CarbonHttp1NioProtocol extends Http11NioProtocol { >>>>>> >>>>>> @Override >>>>>> public void setKeystorePass(String s) { >>>>>> System.out.println("setting the key store pass "); >>>>>> super.setKeystorePass("wso2carbon"); >>>>>> } >>>>>> } >>>>>> >>>>>> Now we can set our class at the tomcat connector level. >>>>>> >>>>>> <Connector >>>>>> protocol="org.wso2.carbon.tomcat.ext.transport.CarbonHttp1NioProtocol" >>>>>> port="9443" >>>>>> bindOnInit="false" >>>>>> sslProtocol="TLS" >>>>>> maxHttpHeaderSize="8192" >>>>>> acceptorThreadCount="2" >>>>>> maxThreads="250" >>>>>> minSpareThreads="50" >>>>>> disableUploadTimeout="false" >>>>>> enableLookups="false" >>>>>> connectionUploadTimeout="120000" >>>>>> maxKeepAliveRequests="200" >>>>>> acceptCount="200" >>>>>> server="WSO2 Carbon Server" >>>>>> clientAuth="false" >>>>>> compression="on" >>>>>> scheme="https" >>>>>> secure="true" >>>>>> SSLEnabled="true" >>>>>> compressionMinSize="2048" >>>>>> noCompressionUserAgents="gozilla, traviata" >>>>>> >>>>>> compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg" >>>>>> >>>>>> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks" >>>>>> keystorePass="carbon1" >>>>>> URIEncoding="UTF-8"/> >>>>>> >>>>>> so what we can do is to read the pass word from the carbon.xml key >>>>>> stores which is secured at that method and set the correct password >>>>>> instead >>>>>> of letting users to declare it. Even we can override the keystore >>>>>> location. >>>>>> so we can remove both those parameters from there and read only from >>>>>> carbon.xml file. >>>>>> >>>>>> WDYT? >>>>>> >>>>>> thanks, >>>>>> Amila. >>>>>> >>>>>> >>>>>> -- >>>>>> *Amila Suriarachchi* >>>>>> >>>>>> Software Architect >>>>>> WSO2 Inc. ; http://wso2.com >>>>>> lean . enterprise . middleware >>>>>> >>>>>> phone : +94 71 3082805 >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Prabath >>>>> >>>>> Mobile : +94 71 809 6732 >>>>> >>>>> http://blog.facilelogin.com >>>>> http://RampartFAQ.com >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Mobile : +94 71 809 6732 >>>> >>>> http://blog.facilelogin.com >>>> http://RampartFAQ.com >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Amila Suriarachchi* >>> >>> Software Architect >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 71 3082805 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Supun Malinga, >> >> Senior Software Engineer, >> >> WSO2 Inc. >> http://wso2.com >> http://wso2.org >> email - [email protected] <[email protected]> >> mobile - 071 56 91 321 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Amila Suriarachchi* > > Software Architect > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 71 3082805 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Supun Malinga, Senior Software Engineer, WSO2 Inc. http://wso2.com http://wso2.org email - [email protected] <[email protected]> mobile - 071 56 91 321
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
