On Thu, Jul 4, 2013 at 8:33 AM, Supun Malinga <[email protected]> wrote:
> > > > On Thu, Jul 4, 2013 at 8:16 AM, Amila Suriarachchi <[email protected]> wrote: > >> >> >> >> On Wed, Jul 3, 2013 at 6:46 PM, Supun Malinga <[email protected]> wrote: >> >>> Hi Amila, >>> >>> On Tue, Jun 25, 2013 at 3:18 PM, Amila Suriarachchi <[email protected]>wrote: >>> >>>> >>>> >>>> >>>> On Tue, Jun 25, 2013 at 3:03 PM, Prabath Siriwardena >>>> <[email protected]>wrote: >>>> >>>>> Currently key stores are configured in following files.. >>>> >>>> >>>> +1. we need to configure that only at the carbon.xml file. >>>> >>>> >>>>> >>>>> 1. carbon.xml >>>>> 2. axis2.xml >>>>> >>>> >>>> Should be able to do by extending the transports and setting the >>>> keystore values from there. >>>> >>> >>> This means we have to extent all the transports in synapse/axis2... ? >>> >> >> Not all transports uses key stores. >> > > Most of the https transports use the keystores r8?. > Only one http transport in ESB. For tomcat connector this is already done. > >> >>> Or is there a generic way to extend?. Please enlighten.. >>> >> >> What you mean by a generic way? >> > I meant, without taking the trouble to extend each transport that uses a > keystore.. > I can not think such a method. If you have any idea please let us know. thanks, Amila. > > thanks, > >> >> thanks, >> Amila. >> >>> >>> thanks, >>> >>> >>>> >>>>> 3. catalina-server.xml >>>>> >>>> >>>> This is already fixed. >>>> >>>> >>>>> 4. identity.xml >>>>> >>>> >>>> thanks, >>>> Amila. >>>> >>>>> >>>>> Key store configurations are duplicated across all these files.. so we >>>>> need to bring all to a single file and refer that from different places... >>>>> >>>>> Thanks & regards, >>>>> -Prabath >>>>> >>>>> On Mon, Jun 24, 2013 at 1:31 PM, Prabath Siriwardena <[email protected] >>>>> > wrote: >>>>> >>>>>> +1 >>>>>> >>>>>> Also we need to avoid keystores been configured in different places. >>>>>> Like datasources - we need to have key stores configured in a single >>>>>> place >>>>>> and reference those from other places.. >>>>>> >>>>>> Thanks & regards, >>>>>> -Prabath >>>>>> >>>>>> On Sat, Jun 22, 2013 at 3:05 PM, Amila Suriarachchi >>>>>> <[email protected]>wrote: >>>>>> >>>>>>> hi, >>>>>>> >>>>>>> After reading some tomcat codes I found we can set the keystore >>>>>>> password by overriding the setkeystorepass method in Http1NioProtocol >>>>>>> class. >>>>>>> >>>>>>> package org.wso2.carbon.tomcat.ext.transport; >>>>>>> >>>>>>> import org.apache.coyote.http11.Http11NioProtocol; >>>>>>> >>>>>>> public class CarbonHttp1NioProtocol extends Http11NioProtocol { >>>>>>> >>>>>>> @Override >>>>>>> public void setKeystorePass(String s) { >>>>>>> System.out.println("setting the key store pass "); >>>>>>> super.setKeystorePass("wso2carbon"); >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> Now we can set our class at the tomcat connector level. >>>>>>> >>>>>>> <Connector >>>>>>> protocol="org.wso2.carbon.tomcat.ext.transport.CarbonHttp1NioProtocol" >>>>>>> port="9443" >>>>>>> bindOnInit="false" >>>>>>> sslProtocol="TLS" >>>>>>> maxHttpHeaderSize="8192" >>>>>>> acceptorThreadCount="2" >>>>>>> maxThreads="250" >>>>>>> minSpareThreads="50" >>>>>>> disableUploadTimeout="false" >>>>>>> enableLookups="false" >>>>>>> connectionUploadTimeout="120000" >>>>>>> maxKeepAliveRequests="200" >>>>>>> acceptCount="200" >>>>>>> server="WSO2 Carbon Server" >>>>>>> clientAuth="false" >>>>>>> compression="on" >>>>>>> scheme="https" >>>>>>> secure="true" >>>>>>> SSLEnabled="true" >>>>>>> compressionMinSize="2048" >>>>>>> noCompressionUserAgents="gozilla, traviata" >>>>>>> >>>>>>> compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg" >>>>>>> >>>>>>> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks" >>>>>>> keystorePass="carbon1" >>>>>>> URIEncoding="UTF-8"/> >>>>>>> >>>>>>> so what we can do is to read the pass word from the carbon.xml key >>>>>>> stores which is secured at that method and set the correct password >>>>>>> instead >>>>>>> of letting users to declare it. Even we can override the keystore >>>>>>> location. >>>>>>> so we can remove both those parameters from there and read only from >>>>>>> carbon.xml file. >>>>>>> >>>>>>> WDYT? >>>>>>> >>>>>>> thanks, >>>>>>> Amila. >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Amila Suriarachchi* >>>>>>> >>>>>>> Software Architect >>>>>>> WSO2 Inc. ; http://wso2.com >>>>>>> lean . enterprise . middleware >>>>>>> >>>>>>> phone : +94 71 3082805 >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> Prabath >>>>>> >>>>>> Mobile : +94 71 809 6732 >>>>>> >>>>>> http://blog.facilelogin.com >>>>>> http://RampartFAQ.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Prabath >>>>> >>>>> Mobile : +94 71 809 6732 >>>>> >>>>> http://blog.facilelogin.com >>>>> http://RampartFAQ.com >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Amila Suriarachchi* >>>> >>>> Software Architect >>>> WSO2 Inc. ; http://wso2.com >>>> lean . enterprise . middleware >>>> >>>> phone : +94 71 3082805 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Supun Malinga, >>> >>> Senior Software Engineer, >>> >>> WSO2 Inc. >>> http://wso2.com >>> http://wso2.org >>> email - [email protected] <[email protected]> >>> mobile - 071 56 91 321 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Amila Suriarachchi* >> >> Software Architect >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 71 3082805 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Supun Malinga, > > Senior Software Engineer, > WSO2 Inc. > http://wso2.com > http://wso2.org > email - [email protected] <[email protected]> > mobile - 071 56 91 321 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Amila Suriarachchi* Software Architect WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 71 3082805
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
