Interesting ... okay and to follow up: do you have any idea how I'd go
about programmatically giving the server instance the required
credentials before starting the server? I'm currently starting up the
REST service through a JAXRSServerFactoryBean with a code sequence
something like this:
JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
sf.setResourceClasses(MyService.class);
sf.setResourceProvider(MyService.class, new
SingletonResourceProvider(this));
sf.setAddress("https://0.0.0.0:"; + MyConfigClass.getPort() + "/");
sf.create();
But I can't see any way to give CXF the username/password until *after*
I call sf.create() to get a Server instance, but by that point the
info's already been read into memory.
-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Wednesday, March 23, 2011 5:08 PM
To: [email protected]
Subject: Re: Eliminating Cleartext Passwords
Hi
> The issue I'm trying to resolve is the following: currently the XML
> configuration file from the server requires sec:keyManagers and
> sec:keyStore entries which specify the keyPassword and keystore
> password.
>
> I'd very much like to not have these passwords appearing in plain text
> in the configuration file, but I'd also rather not have to prompt the
> user for the password every time the server is restarted. Is it safe
to
> delete the file after the server has started up (assuming I generate a
> new certificate every time I restart the server)? I tried this using
> the sample server and it seemed to work fine: i.e. the server kept
> running and serving requests even though the config file and the JKS
> cert were moved after startup, I just want to make sure that wasn't a
> fluke.
>
>
I think the needed information is loaded in memory, so removing the
config
after the restart does not affect the current instance.
Spring property place holders should help with hiding the sensitive
info, I
tried the "spring property placeholder clear text passwords" combination
and
quite a few interesting links were found,
Cheers, Sergey
> Thanks,
> -S
>
>
>
>
