-
1. Re: ws-security JBWS-638 - Design Notes
jason.greene Aug 9, 2006 9:35 AM (in response to mageshbk)Ideally the existing SecurityStore and configuration will remain for doing per-deployment keystore configuration.
Optionally they should be able to refer to a JaasSecurityDomain, which would be globaly configured. So there would be no need to dynamically create one. This needs to be optional because we deploy against the mc, which is not necessarily jboss (could be tomcat).
-Jason -
2. Re: ws-security JBWS-638 - Design Notes
mageshbk Aug 12, 2006 7:46 AM (in response to mageshbk)According to jassSecurityDomain implementation, KeyStorePassword can be
Plain Text
{EXT} command
{CLASS} command
Now I have given these two provisions in SecurityStore as we need to be independent of the mc that we are deploying in. I was thinking to write Testcases for these two scenarios. Any idea where I can get a {EXT} command line tool and how do I integrate with our code. Should I put it as a thirdparty library? I can use the jbosssx.jar but the PBEUtils does not have a decode command line interface. Please help! -
3. Re: ws-security JBWS-638 - Design Notes
jason.greene Aug 13, 2006 1:36 AM (in response to mageshbk)I would test {CLASS} using org.jboss.security.plugins.FilePassword, and you can test {EXT} by either creating a dummy implementation, or just creating a class with a main method that calls FilePassword.
-
4. Re: ws-security JBWS-638 - Design Notes
mageshbk Oct 30, 2006 3:15 AM (in response to mageshbk)>>>Optionally they should be able to refer to a JaasSecurityDomain, which would be globaly configured.
In order to do this, we could use a MBeanServer code to load the global configuration and call the appropriate methods on that to do the decode, but the {CLASS} and {EXT} implementations within SecurityStore will remain as is for use otherwise.
1. Doesn't this seem to be a duplicate code?
2. Using MBeanServer we will have to use the org.jboss.mx.util.MBeanServerLocator, isn't this tied up to JBoss alone? It will not work on Tomcat! -
5. Re: ws-security JBWS-638 - Design Notes
mageshbk Oct 30, 2006 3:54 AM (in response to mageshbk)As an alternative approach we can just use the MBeanServer in WSSecurityDispatcher to load the url, store type and passwords and create a SecurityStore leaving the decode option to SecurityStore. This way only the {EXT} and {CLASS} will be supported and it is transparent. Is this fine?
I like this approach! -
6. Re: ws-security JBWS-638 - Design Notes
mageshbk Oct 30, 2006 5:54 AM (in response to mageshbk)Moreover the MBeanServer approach does not expose the getKeyStorePas() and getTrustStorePass() methods, is this a viable approach?