I don't think you should be putting the keystore/truststore in the WAR file (although my example[1] is apparently doing that, out of simplicity due to multiple platforms--I should probably update that with a disclaimer). You can hardcode your *.jks files to a location outside the WAR in the clientKeystore.properties and serviceKeystore.properties files mentioned in [1].
Glen [1] http://www.jroller.com/gmazza/entry/implementing_ws_security_with_the Mark2008 wrote: > > I am looking at the online tutorials on how to use Encryption / Signature > to secure CXF web service. > > The examples package the keystore / truststore into the web war file and > deploy to the some web container. > > My question is, after the cxf/webservice application has been deployed to > a production environment, how do we import the client certificate and > update the truststore for any new client without shutting down the web > server? What's the best practice on this? > > Thanks, > > Mark > -- View this message in context: http://www.nabble.com/WS-Security-in-Production-Environment-tp20719606p20720159.html Sent from the cxf-user mailing list archive at Nabble.com.
