The current Resin snapshot has an implementation of message security (http://caucho.com/download/resin-3_1-snap.tar.gz). You'll need resin-util.jar and resin.jar in your classpath.
Since the message security is primarily for end-to-end, not single- hop, it's not integrated with the server/proxy. In other words, the first cut is for people serializing messages directly with HessianInput/HessianOutput. There are two envelopes: X509Encryption and X509Signature. They can be nested if desired. It's the application's responsibility to load the Certificate/PrivateKey. Once the HessianEnvelope has been created, it can be reused, i.e. you can configure once and use multiple times. A) Encryption: X509Encryption envelope = new X509Encryption(); X509Certificate cert = ...; // normal java.security calls envelope.setCertificate(cert); OutputStream os = ...; Hessian2Output out = new Hessian2Output(os); out = envelope.wrap(out); // normal Hessian serialization stuff here out.close(); // the close() is critical to finish writing B) Decryption X509Encryption envelope = new X509Encryption(); X509Certificate cert = ...; // normal java.security calls PrivateKey key = ...; envelope.setCertificate(cert); envelope.setPrivateKey(key); InputStream is = ...; Hessian2Input in = new Hessian2Input(is); in = envelope.unwrap(in); // normal Hessian deserialization out.close(); // again, this is important C) Signing X509Signature envelope = new X509Signature(); X509Certificate cert = ...; PrivateKey key = ...; envelope.setCertificate(cert); envelope.setPrivateKey(key); OutputStream os = ...; Hessian2Output out = new Hessian2Output(os); out = envelope.wrap(out); // normal hessian serialization out.close(); // critical so the signature can actually be written D) Signature validation X509Signature envelope = new X509Signature(); X509Certificate cert = ...; envelope.setCertificate(cert); InputStream is = ...; Hessian2Input in = new Hessian2Input(is); in = envelope.unwrap(in); // normal hessian deserialization in.close(); // critical, signature validation occurs in the close() _______________________________________________ hessian-interest mailing list [email protected] http://maillist.caucho.com/mailman/listinfo/hessian-interest
