Support searching for truststore and keystore files on the classpath like Spring-WS can
---------------------------------------------------------------------------------------
Key: JBWS-2893
URL:
https://jira.jboss.org/jira/browse/JBWS-2893
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Components: ws-security
Reporter: Aleksander Adamowski
JBoss-WS should be able to search for truststore and keystore files on the classpath, not
on a fixed path.
Currently it can be done with Spring-WS, e.g. in spring-ws-servlet.xml I can specify the
following:
<bean id="keystore"
class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="keyStorePassword" value="password" />
<property name="keyStoreLocation"
value="classpath:/wssec-server.jks" />
<property name="defaultX509Alias" value="server" />
</bean>
This way we don't have to put the same keystores and truststores in all the WARs that
compose the full enterprise application EAR.
We couldn't find any similar functionality for JBoss-WS. Here are the example paths in
the wsse configuration file:
<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/bob-sign.jks</key-store-file>
<key-store-password>password</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>META-INF/wsse10.truststore</trust-store-file>
<trust-store-password>password</trust-store-password>
The paths are either:
1) filesystem-absolute, which makes configuration, deployment and general management of
server environments a nightmare: keystores have to be placed in exactly the same locations
on all servers in all dev, test and production environments regardless of OS - this
completely eliminates the possibility of using an OS with incompatible filesystems layout,
like MS Windows, in the development chain,
2) or relative to the root of the WAR archive, which requires placing keystore copies in
all WARs and complicates production deployment: all cryptographic keys must be replaced by
key staff, which isn't qualified to mess with the EARs and WARs inside them.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira