[jboss-user] [JBoss Web Services] New message: "Re: WS-Security: keystores and truststores"

Aleksander Adamowski do-not-reply at jboss.com
Fri Jan 22 05:08:28 EST 2010 

User development,

A new message was posted in the thread "WS-Security: keystores and truststores":

http://community.jboss.org/message/521661#521661

Author  : Aleksander Adamowski
Profile : http://community.jboss.org/people/the_olo

Message:
--------------------------------------------------------------
Hi!
 
Does anyone know of a method for JBoss-WS that would make it search for truststore and keystore files on the classpath, not on a fixed path?
I can do this currently with Spring-WS, e.g. in spring-ws-servlet.xml I can specify the following:
 

 
 
This way we don't have to put the same keystores and truststores in all the WARs that compose the full enterprise application EAR.
 
We couldn't find any similar functionality for JBoss-WS. Here are the example paths in the wsse configuration file:

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.jboss.com/ws-security/config
                      http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  <key-store-file>META-INF/bob-sign.jks</key-store-file>
  <key-store-password>password</key-store-password>
  <key-store-type>jks</key-store-type>
  <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
  <trust-store-password>password</trust-store-password>
 
 
 
The paths are either:
1. filesystem-absolute, which makes configuration, deployment and general management of server environments a nightmare: keystores have to be placed in exactly the same locations on all servers in all dev, test and production environments regardless of OS - this completely eliminates the possibility of using an OS with incompatible filesystems layout, like MS Windows, in the development chain,
2. or relative to the root of the WAR archive, which requires placing keystore copies in all WARs and complicates production deployment: all cryptographic keys must be replaced by key staff, which isn't qualified to mess with the EARs and WARs inside them.

--------------------------------------------------------------

To reply to this message visit the message page: http://community.jboss.org/message/521661#521661

More information about the jboss-user mailing list