Hi Bruno Thanks for the replay, I'll try to put the jetty.xml together with the required org.jsslutils classes in an extender bundle. As pax-web is not yet using jetty 7 it would be great if you could provide the org.mortbay.jetty.security.SslSocketConnector. And how this is used.
Cheers, reto On Tue, Jun 8, 2010 at 6:54 PM, Bruno Harbulot < [email protected]> wrote: > Hello, > > Just to add a few details on how it can be done with Jetty, here is a > sample configuration (I've used the ops4j names for this example). I think > what we would be looking for is some advice regarding how to do it with Pax > Web properly. > > It would require using the jSSLutils jar (from the jetty connector), and, > with Jetty 6, an extra class that extends > org.mortbay.jetty.security.SslSocketConnector (or the select connector) to > be able to set the SSLContext (I think I could provide this). > > > > <Configure id="Server" class="org.eclipse.jetty.server.Server"> > <New class="org.jsslutils.keystores.KeyStoreLoader"> > <Set name="keyStoreType"><SystemProperty > name="org.ops4j.pax.web.ssl.keystore.type" default="JKS" /></Set> > <Set name="keyStorePath"><SystemProperty > name="org.ops4j.pax.web.ssl.keystore" /></Set> > <Set name="keyStorePassword"><SystemProperty > name="org.ops4j.pax.web.ssl.password" /></Set> > <Call id="keystore" name="loadKeyStore"><Arg /></Call> > </New> > > <New class="org.jsslutils.sslcontext.PKIXSSLContextFactory"> > <Arg><Ref id="keystore" /></Arg> > <Arg><SystemProperty name="org.ops4j.pax.web.ssl.keypassword" /></Arg> > <Arg /> > <Set name="trustManagerWrapper"><New > class="org.jsslutils.sslcontext.trustmanagers.TrustAllClientsWrappingTrustManager$Wrapper" > /></Set> > <Call id="context" name="buildSSLContext"> > <Arg>TLS</Arg> > </Call> > </New> > > <Call name="addConnector"> > <Arg> > <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> > <Set name="Port"><SystemProperty > name="org.osgi.service.http.port.secure" default="8443" /></Set> > <Set name="maxIdleTime">30000</Set> > <Set name="Acceptors">2</Set> > <Set name="AcceptQueueSize">100</Set> > <Set name="sslContext"> > <Ref id="context" /> > </Set> > <Set name="wantClientAuth">true</Set> > </New> > </Arg> > </Call> > </Configure> > > > More examples are available from: > http://code.google.com/p/jsslutils/wiki/JettyUsage > > > Best wishes, > > Bruno. > > > > > On 08/06/10 17:34, Reto Bachmann-Gmuer wrote: > >> Hello >> >> I wold like to set an X509TrustManager to support self-signed client >> certificates (for use with foaf+ssl), I think one way of doing this is >> by providing a jetty.xml in a fragment bundle. However I'm not sure >> that's the best approach or if there's a way to do without this.I I'm >> not sure how jetty would be able to load the implementation of >> X509TrustManager, I guess I would have to add this to the fragment >> bundle as well. >> >> Cheers, >> reto >> >> >> >> _______________________________________________ >> general mailing list >> [email protected] >> http://lists.ops4j.org/mailman/listinfo/general >> > > > _______________________________________________ > general mailing list > [email protected] > http://lists.ops4j.org/mailman/listinfo/general >
_______________________________________________ general mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/general
