I am implementing a JBoss 7-backed web application that is a provider of one Web Service, as well as a client of another Web Service. Both services use a WS-SecurityPolicy, requiring the use of a JKS keystore file and/or a JKS truststore file. I'm using JBossWS (with CXF under the hood).
The code examples that I've seen for these situations have the keystore and truststore files contained within the application EAR. This concerns me for two reasons:
In the JBoss world, is there a way to place the JKS files outside the EAR, but still have the JBoss-deployed web application be able to reach them? If so, then how might this be accomplished? For example, how might the org.apache.ws.security.crypto.merlin.keystore.file property be defined in order to reference the outside-the-EAR JKS file?