[jbossws-issues] [JBoss JIRA] (JBWS-2893) Support searching for truststore and keystore files on the classpath like Spring-WS can

Alessio Soldano (JIRA) jira-events at lists.jboss.org
Sat Feb 4 09:15:48 EST 2012 

     [ https://issues.jboss.org/browse/JBWS-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alessio Soldano updated JBWS-2893:
----------------------------------

      Fix Version/s: community contributions
    Forum Reference: http://community.jboss.org/message/521661#521661  (was: http://community.jboss.org/message/521661#521661)

    
> Support searching for truststore and keystore files on the classpath like Spring-WS can
> ---------------------------------------------------------------------------------------
>
>                 Key: JBWS-2893
>                 URL: https://issues.jboss.org/browse/JBWS-2893
>             Project: JBoss Web Services
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: ws-security
>            Reporter: Aleksander Adamowski
>             Fix For: community contributions
>
>
> JBoss-WS should be able to search for truststore and keystore files on the classpath, not on a fixed path.
> Currently it can be done with Spring-WS, e.g. in spring-ws-servlet.xml I can specify the following:
>  
>   <bean id="keystore" class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
>     <property name="keyStorePassword" value="password" />
>     <property name="keyStoreLocation" value="classpath:/wssec-server.jks" />
>     <property name="defaultX509Alias" value="server" />
>   </bean>
>  
> This way we don't have to put the same keystores and truststores in all the WARs that compose the full enterprise application EAR.
>  
> We couldn't find any similar functionality for JBoss-WS. Here are the example paths in the wsse configuration file:
>  <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>   xsi:schemaLocation="http://www.jboss.com/ws-security/config
>                       http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
>   <key-store-file>META-INF/bob-sign.jks</key-store-file>
>   <key-store-password>password</key-store-password>
>   <key-store-type>jks</key-store-type>
>   <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
>   <trust-store-password>password</trust-store-password>
>  
>  
>  
> The paths are either:
> 1) filesystem-absolute, which makes configuration, deployment and general management of server environments a nightmare: keystores have to be placed in exactly the same locations on all servers in all dev, test and production environments regardless of OS - this completely eliminates the possibility of using an OS with incompatible filesystems layout, like MS Windows, in the development chain,
> 2) or relative to the root of the WAR archive, which requires placing keystore copies in all WARs and complicates production deployment: all cryptographic keys must be replaced by key staff, which isn't qualified to mess with the EARs and WARs inside them.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list