Hi Niranjan, If we add this new API to securevault, then we will have increment the minor version (ie. the second version digit) of carbon kernel. So, may be there is a way to get this done without doing an api change.
On Wed, Jun 10, 2015 at 11:31 AM, Niranjan Karunanandham <[email protected]> wrote: > Hi all, > > Currently when we secure files using cipher-tool, it adds *xmls:svns* and > *svns:secretAlias* to the xml files mentioned in cipher-tool.properties. > When secure catalina-server.xml, the cipher-tool converts the file as given > in [1], and when we start the server, it gives the warning message as shown > in [2] as mentioned in JIRA [3]. This is because in ServerManager class > [4], we directly pass the catalina-server.xml to CarbonTomcat [5]. > > In-order to remove the warning message, if the catalina-server.xml is > encrypted then *xmls:svns* and *svns:secretAlias* need to be removed > before passing it to CarbonTomcat. Since these two constants are related to > SecureVault, IMO the constants (*xmls:svns* and *svns:secretAlias*) for > need to be added to org.wso2.securevault [6]. WDYT? If so, then we need to > move org.wso2.securevault to Git and update the kernel 4.4.1-SNAPSHOT to > the latest version of securevault. > > > [1] - > <Server *xmlns:svns="http://org.wso2.securevault/configuration > <http://org.wso2.securevault/configuration>"* port="8005" > shutdown="SHUTDOWN"> > <Service > className="org.wso2.carbon.tomcat.ext.service.ExtendedStandardService" > name="Catalina"> > <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="200" > acceptorThreadCount="2" bindOnInit="false" clientAuth="false" > compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg" > compression="on" compressionMinSize="2048" connectionUploadTimeout="120000" > disableUploadTimeout="false" enableLookups="false" > keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks" > keystorePass="password" maxHttpHeaderSize="8192" maxKeepAliveRequests="200" > maxThreads="250" minSpareThreads="50" noCompressionUserAgents="gozilla, > traviata" port="9443" protocol="org.apache.coyote.http11.Http11NioProtocol" > scheme="https" secure="true" server="WSO2 Carbon Server" sslProtocol="TLS" > *svns:secretAlias="Server.Service.Connector.keystorePass"*/> > ... > </Service> > </Server> > > [2] - > [2015-06-10 11:20:44,521] WARN > {org.apache.tomcat.util.digester.SetPropertiesRule} - > [SetPropertiesRule]{Server} Setting property 'xmlns:svns' to ' > http://org.wso2.securevault/configuration' did not find a matching > property. > [2015-06-10 11:20:44,903] WARN > {org.apache.catalina.startup.SetAllPropertiesRule} - > [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'svns:secretAlias' to 'Server.Service.Connector.keystorePass' did not find > a matching property. > > [3] - https://wso2.org/jira/browse/WSAS-1917 > > [4] - > https://github.com/wso2/carbon4-kernel/blob/master/core/org.wso2.carbon.tomcat/src/main/java/org/wso2/carbon/tomcat/internal/ServerManager.java#L85 > > [5] - > https://github.com/wso2/carbon4-kernel/blob/master/core/org.wso2.carbon.tomcat/src/main/java/org/wso2/carbon/tomcat/internal/CarbonTomcat.java#L67 > > [6] - http://svn.wso2.org/repos/wso2/trunk/commons/securevault/ > > Regards, > Nira > -- > > *Niranjan Karunanandham* > Senior Software Engineer - WSO2 Inc. > WSO2 Inc.: http://www.wso2.com > -- *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. email: kasung AT spamfree wso2.com linked-in: http://lk.linkedin.com/in/gajasinghe blog: http://kasunbg.org
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
