Hi Waruna, Thanks a lot... it worked perfectly !!! Hi Johann, Yes now I've removed the HttpClient dependency. It is using javax.net.
On Thu, Oct 23, 2014 at 10:55 AM, Johann Nallathamby <[email protected]> wrote: > Hi Tharindu, > > Are you using HttpClient library or javax.net library ? I think its > better you use javax.net library like Waruna has used, then there will be > less dependencies to pack into the webapp. The authenticationendpoint > webapp should be lightweight as possible. > > Thanks, > Johann. > > On Thu, Oct 23, 2014 at 9:39 AM, Johann Nallathamby <[email protected]> > wrote: > >> You should be able to use SSLSocketFactory API to create a custom SSL >> context. >> >> However you need to think about where you are going to store the key >> store and trust store. For your requirement, it should default to the >> carbon key store and trust store in IS by default. Only if someone wants to >> they can override it with their own configuration. >> >> Basically you need to provide a callback to get this information. Default >> callback should populate it using carbon server key store. >> >> Thanks, >> Johann. >> >> On Wed, Oct 22, 2014 at 12:47 PM, Tharindu Edirisinghe < >> [email protected]> wrote: >> >>> Hi, >>> >>> I have a webapp that calls an admin service of IS through mutual ssl >>> authentication. The call is done using the HttpClient. For that I am >>> setting the keystore and truststore details of the client at runtime like >>> below. >>> >>> System.setProperty("javax.net.ssl.keyStore", >>> CLIENT_KEY_STORE_PATH); >>> System.setProperty("javax.net.ssl.trustStore", >>> CLIENT_TRUST_STORE_PATH); >>> System.setProperty("javax.net.ssl.keyStorePassword", >>> CLIENT_KEY_STORE_PASSWORD); >>> System.setProperty("javax.net.ssl.trustStorePassword", >>> CLIENT_TRUST_STORE_PASSWORD); >>> >>> SSLContext context = SSLContexts.createSystemDefault(); >>> HttpClientBuilder builder = HttpClientBuilder.create(); >>> >>> Registry<ConnectionSocketFactory> registry = RegistryBuilder >>> .<ConnectionSocketFactory>create() >>> .register("https", new >>> SSLConnectionSocketFactory(context)) >>> .build(); >>> >>> HttpClientConnectionManager ccm = new >>> BasicHttpClientConnectionManager(registry); >>> >>> builder.setConnectionManager(ccm); >>> HttpClient client = builder.build(); >>> >>> Now I want to get rid of the code that sets the ssl system properties at >>> runtime. Here it is assumed that those properties are already set. >>> >>> But System.getProperty("javax.net.ssl.keyStore") and >>> System.getProperty("javax.net.ssl.keyStorePassword") return null at runtime >>> and therefore the client cannot call the service properly. >>> >>> It seems those two properties get overwritten at runtime. TrustStore >>> properties are not overwritten and they remain with the same values set >>> previously. >>> >>> Any suggestions for setting the keyStore properties correctly (outside >>> the webapp) ? >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Software Engineer | WSO2 Inc >>> Identity Server Team >>> mobile : +94 775 181586 >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Associate Technical Lead & Product Lead of WSO2 Identity Server >> Integration Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Associate Technical Lead & Product Lead of WSO2 Identity Server > Integration Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Identity Server Team mobile : +94 775 181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
