Hi,
This password is only for the keystore file
org.apache.ws.security.crypto.merlin.file=mykey.jks
org.apache.ws.security.crypto.merlin.keystore.password=password
The password to the private key is supplied by the password callback class
if ( usage == WSPasswordCallback.SIGNATURE )
{
System.out.println ( "SIGNATURE " + identifier ) ;
if ( identifier.equals ( "myuser" ) )
{
/*
keystore private key password
*/
callback.setPassword ( "password" ) ;
return ;
}
}
Could you use a keystore where the keystore password and private key
password are different ?
-----Original Message-----
From: Rodrigo Ruiz [mailto:[EMAIL PROTECTED]
Sent: Friday, 23 February 2007 12:41 AM
To: [email protected]
Subject: Re: Axis2: Encrypting the merlin keystore password property
Hi Ruchith,
Do you know any alternative to Merlin? :-)
Regards,
Rodrigo
Ruchith Fernando wrote:
> Hi Andrew,
>
> If you use Merlin it is not possible.
>
> However in practice if you host the web service in a server and if
> only the admin has access to read the deployment files then I don't
> see this as an issue.
>
> Thanks,
> Ruchith
>
> On 2/20/07, Andrew Fielden <[EMAIL PROTECTED]> wrote:
>> I have deployed an Axis2 service with security enabled. The crypto
>> properties specify a keystore and password. Is there any way that the
>> password property can be stored in an encrypted form, not plain text?
>>
>> org.apache.ws.security.crypto.merlin.keystore.password=password
>> org.apache.ws.security.crypto.merlin.file=mykey.jks
>>
>> Thanks.
>> Andrew.
>>
--
-------------------------------------------------------------------
GRID SYSTEMS, S.A. Rodrigo Ruiz
Parc Bit - Edificio 17 Research Coordinator
07121 Palma de Mallorca
Baleares - Spain Tel: +34 971 435 085
http://www.gridsystems.com/ Fax: +34 971 435 082
-------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
