On 10/26/2011 02:28 PM, Aaron Freeman wrote:


The following <password xmlns ...> technique works great for database definitions:

<database>

<jndi-name>jdbc/oracle</jndi-name>

<driver>

<type>oracle.jdbc.pool.OracleConnectionPoolDataSource</type>

<url>jdbc:oracle:thin:@${com.database.server}:${com.database.port}:${com.database.sid}</url>

<user>${com.database.username}</user>

<password xmlns:encryption="urn:java:com.company.encryption">

<encryption:Password>abcdef</encryption:Password>

</password>

</driver>

<max-connections>20</max-connections>

<max-idle-time>60s</max-idle-time>

</database>

However this same technique does not work for <jsse-ssl> definitions.

<jsse-ssl>

<key-store-type>jks</key-store-type>

<key-store-file>/opt/some/server/keys/some.kdb</key-store-file>

<password xmlns:encryption="urn:java:com.company.encryption">

<encryption:Password>abcdef</encryption:Password>

</password>

<cipher-suites>SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA</cipher-suites>

</jsse-ssl>

I get the following error at startup:

/opt/company/server/conf/resin.xml:76: unable to create attribute SetterAttribute[public void com.caucho.vfs.JsseSSLFactory.setPassword(java.lang.String)] for com.caucho.vfs.JsseSSLFactory@176f5261 and QName[{http://caucho.com/ns/resin}password]

Once upon a time ago there was discussion that this would be added to a future release. Any thoughts as to if that can happen easily?


I'll need to check why that's not happening for jsse.

We also have an open bug report to create a standard encryption class. It wouldn't be totally secure, of course, but would be better than plaintext.

-- Scott

Thanks,

Aaron


_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to