[jbossws-issues] [JBoss JIRA] (JBWS-2893) Support searching for truststore and keystore files on the classpath like Spring-WS can
Alessio Soldano (JIRA)
jira-events at lists.jboss.org
Sat Feb 4 09:15:48 EST 2012
[ https://issues.jboss.org/browse/JBWS-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alessio Soldano updated JBWS-2893:
----------------------------------
Fix Version/s: community contributions
Forum Reference: http://community.jboss.org/message/521661#521661 (was: http://community.jboss.org/message/521661#521661)
> Support searching for truststore and keystore files on the classpath like Spring-WS can
> ---------------------------------------------------------------------------------------
>
> Key: JBWS-2893
> URL: https://issues.jboss.org/browse/JBWS-2893
> Project: JBoss Web Services
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: ws-security
> Reporter: Aleksander Adamowski
> Fix For: community contributions
>
>
> JBoss-WS should be able to search for truststore and keystore files on the classpath, not on a fixed path.
> Currently it can be done with Spring-WS, e.g. in spring-ws-servlet.xml I can specify the following:
>
> <bean id="keystore" class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
> <property name="keyStorePassword" value="password" />
> <property name="keyStoreLocation" value="classpath:/wssec-server.jks" />
> <property name="defaultX509Alias" value="server" />
> </bean>
>
> This way we don't have to put the same keystores and truststores in all the WARs that compose the full enterprise application EAR.
>
> We couldn't find any similar functionality for JBoss-WS. Here are the example paths in the wsse configuration file:
> <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://www.jboss.com/ws-security/config
> http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
> <key-store-file>META-INF/bob-sign.jks</key-store-file>
> <key-store-password>password</key-store-password>
> <key-store-type>jks</key-store-type>
> <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
> <trust-store-password>password</trust-store-password>
>
>
>
> The paths are either:
> 1) filesystem-absolute, which makes configuration, deployment and general management of server environments a nightmare: keystores have to be placed in exactly the same locations on all servers in all dev, test and production environments regardless of OS - this completely eliminates the possibility of using an OS with incompatible filesystems layout, like MS Windows, in the development chain,
> 2) or relative to the root of the WAR archive, which requires placing keystore copies in all WARs and complicates production deployment: all cryptographic keys must be replaced by key staff, which isn't qualified to mess with the EARs and WARs inside them.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list