Hi Niranjan, You are correct we should follow the same way as msf4j to detect whether it is OSGi mode or not. The properties suggested are to avoid the OSGi mode check in several places. With the suggested properties, secure-vault.yaml will have all the information it needs for the initialization. Hence it could check the mode at one place and initialize the secure vault accordingly.
Thanks, Jayanga. *Jayanga Dissanayake* Associate Technical Lead WSO2 Inc. - http://wso2.com/ lean . enterprise . middleware email: [email protected] mobile: +94772207259 <http://wso2.com/signature> On Fri, Mar 17, 2017 at 9:43 AM, Niranjan Karunanandham <[email protected]> wrote: > Hi Vidura, > > We can identify whether it is in OSGi mode or non-OSGi mode by checking if > the bundleContext is set. If it is not set, then it is in non-OSGi mode. > This is the way we have done for msf4j. Any reason for this new approach? > > Regards, > Nira > > On Fri, Mar 17, 2017 at 9:37 AM, Lakshman Udayakantha <[email protected]> > wrote: > >> Hi Vidura, >> >> On Fri, Mar 17, 2017 at 9:15 AM, Vidura Nanayakkara <[email protected]> >> wrote: >> >>> Hi All, >>> >>> An example for a secure vault YAML configuration file is as shown below >>> according to the current implementation. >>> >>> secretRepository: >>> type: org.wso2.carbon.kernel.securevault.repository.DefaultSecretR >>> epository >>> parameters: >>> privateKeyAlias: wso2carbon >>> keystoreLocation: resources/security/wso2carbon.jks >>> masterKeyReader: >>> type: org.wso2.carbon.kernel.securevault.reader.DefaultMasterKeyReader >>> >>> However, according to the discussion made in [1] >>> <http://wso2-oxygen-tank.10903.n7.nabble.com/C5-Moving-Carbon-Configuration-and-Carbon-Sec-Vault-to-2-Separate-Repositories-Removing-from-Kernel-td146953.html> >>> , we decided to move Carbon Secure Vault out of Carbon Kernel for the >>> specified reasons in [1] >>> <http://wso2-oxygen-tank.10903.n7.nabble.com/C5-Moving-Carbon-Configuration-and-Carbon-Sec-Vault-to-2-Separate-Repositories-Removing-from-Kernel-td146953.html>. >>> According to this change, in OSGi mode the Secret repository and the >>> master key reader will be an implementation of the specified classes ( >>> org.wso2.carbon.kernel.securevault.repository.DefaultSecretRepository >>> and org.wso2.carbon.kernel.securevault.reader.DefaultMasterKeyReader) and >>> will be registered via the Secure Vault Component while in standalone >>> mode the secret repository and master key reader will be instances of the >>> specified classes and will be created using the class.forName() method. >>> >>> According to this implementation, it was decided to delegate providing >>> other file paths (secret.properties, master-key.yaml) to relevant >>> implementation classes because other file paths (secret.properties, >>> master-key.yaml) are bound to the relevant implementation. However, with >>> this approach, we are forced to check whether the code is being executed in >>> OSGi mode or non-OSGi mode in order to provide the correct location of the >>> file paths (secret.properties, master-key.yaml). >>> >> Since this happens in implementation class as in this case in Default >> implementation, IMO it is not a problem to check whether OSGI or not to >> give the correct file location. Even when you create another implementation >> that should work in both OSGI and non OSGI enviorenments you have to check >> for OSGI or not to give the correct file location. >> >>> >>> >> >>> *Suggestion:* >>> >>> secretRepository: >>> type: org.wso2.carbon.secvault.securevault.repository.DefaultSecre >>> tRepository >>> parameters: >>> privateKeyAlias: wso2carbon >>> keystoreLocation: securevault/resources/security/wso2carbon.jks >>> secretProperties: securevault/resources/security/secrets.properties >>> masterKeyReader: >>> type: org.wso2.carbon.secvault.securevault.utils.DefaultHardCodedM >>> asterKeyReader >>> parameters: >>> masterKeyFile: securevault/resources/security/master-keys.yaml >>> >>> >>> If we could add the highlighted properties to the secure vault YAML >>> configuration file specifying the location of the master-keys.yaml and >>> secrets.properties, we only need to check whether the code is being >>> executed in OSGi mode or non-OSGi mode once at the time of secure vault >>> initialisation. >>> >>> WDYT? >>> >>> [1] [C5] Moving Carbon Configuration and Carbon Sec-Vault to 2 Separate >>> Repositories (Removing from Kernel) >>> <http://wso2-oxygen-tank.10903.n7.nabble.com/C5-Moving-Carbon-Configuration-and-Carbon-Sec-Vault-to-2-Separate-Repositories-Removing-from-Kernel-td146953.html> >>> >>> >>> Best Regards, >>> >>> *Vidura Nanayakkara* >>> Software Engineer >>> >>> Email : [email protected] >>> Mobile : +94 (0) 717 919277 <+94%2071%20791%209277> >>> Web : http://wso2.com >>> Blog : https://medium.com/@viduran <http://wso2.com/> >>> Twitter : http://twitter.com/viduranana >>> LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara >>> <http://wso2.com/> >>> >> >> >> >> -- >> Lakshman Udayakantha >> WSO2 Inc. www.wso2.com >> lean.enterprise.middleware >> Mobile: *0717429601* >> >> > > > -- > > > *Niranjan Karunanandham* > Associate Technical Lead - WSO2 Inc. > WSO2 Inc.: http://www.wso2.com > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
