I would first try to move the keys, see if you can solve that problem,
then the properties files (although it does seem strange not to keep the
properties files with the web application, just as you would the web.xml
and other config files).
Also, make sure you're using the full path when you specify the key
location--Metro requires that at least for its WAR-hosted web services,
for example:
location="/data/stswork/testcases/cxf-sts/metro-test-wsp/src/main/resources/servicestore.jks"--so
we know an expanded war can read outside its alloted folder.
Adding the location of the keystores to Tomcat is probably meaningless.
With WS-Security you're using app-specific keys that are configured in
the properties files for each web application. AFAIK the Tomcat
keystore is used only when you're using HTTPS
(http://www.jroller.com/gmazza/entry/ssl_for_web_services#SSL2), not
message-level security (unless of course you have your web apps
explicitly point to the Tomcat key.)
HTH,
Glen
On 10/26/2011 01:45 PM, nkunkov wrote:
Hi, I implemented WS-Security in a Tomcat application that is both a web
services client and a web services server.
It all works fine, but it looks like my server.keystore and trust.keystore
have to be in the Tomcat's WEB-INF/classes.
It's definitely not the right location for the keystores and also for the
server_sign.properties and other configs.
As soon as I move the keystores and .properties files over to Tomcat/conf -
the InInterceptor throws the following exception -
java.io.FileNotFoundException: trust.keystore (The system cannot find the
file specified)
I added the location of the keystores to the Java startup parameters in
Tomcat but it didn't help.
Looks like these files are not in the classpath unless they are in
WEB-INF/classes.
I'm not a Tomcat pro so bear with me if this is something extremely easy.
Appreciate your help.
Nadia
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-Interceptors-and-Tomcat-location-of-certificates-tp4940585p4940585.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend - http://www.talend.com/apache
Blog - http://www.jroller.com/gmazza/
Twitter - glenmazza
