You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@velocity.apache.org by Manvendra Baghel <ma...@yahoo.com> on 2005/08/19 16:03:26 UTC

Client Authentication in XML RPC

Hi friends,
I am working on Turbine 2.3 and velocity.
I am trying to implement xml rpc in Brihaspati e LMS
I am unable to decide how to go in for client
authentication.
Turbine xml-rpc service use file handler methods 
get/ send for handling files.But they are not secure
Any one can access files by them.
 MY PROBLEM IS THIS:
 I HAVE LIST OF IP ADDRESSES AND I WANT THAT ONLY THEY
SHOULD ACCESS MY FILES    .
   for that how to work with
TurbineResouces.properties
is not clear.
My property file is below

services.XmlRpcService.handler.file =
org.apache.turbine.services.xmlrpc.util.FileHandler
services.XmlRpcService.handler.remote =
org.iitk.brihaspati.modules.utils.RemoteCourseUtil
services.XmlRpcService.handler.remote1 =
org.iitk.brihaspati.modules.utils.RemoteCourseUtilServer
services.XmlRpcService.paranoid = true
services.XmlRpcService.acceptClient = 172.28.44.*
services.XmlRpcService.denyClient =

# Do we want a secure server

services.XmlRpcService.secure.server = false

# Secure server options

services.XmlRpcService.secure.server.option.java.protocol.handler.pkgs
= \
    com.sun.net.ssl.internal.www.protocol

services.XmlRpcService.secure.server.option.security.provider
= \
    com.sun.net.ssl.internal.ssl.Provider

services.XmlRpcService.secure.server.option.security.protocol
= TLS

# You probably want to keep your key stores and trust
stores
# clear out of your webapp.

services.XmlRpcService.secure.server.option.javax.net.ssl.keyStore
= /tmp/keystore
services.XmlRpcService.secure.server.option.javax.net.ssl.keyStoreType
= jks
services.XmlRpcService.secure.server.option.javax.net.ssl.keyStorePassword
= password
services.XmlRpcService.secure.server.option.javax.net.ssl.trustStore
= /tmp/truststore
services.XmlRpcService.secure.server.option.javax.net.ssl.trustStoreType
= jks
services.XmlRpcService.secure.server.option.javax.net.ssl.trustStorePassword
= password

services.XmlRpcService.secure.server.option.sun.ssl.keymanager.type
= SunX509
services.XmlRpcService.secure.server.option.sun.ssl.trust.manager.type
= SunX509

# These values should be set to 'all' for debugging
purposes.

services.XmlRpcService.secure.server.option.javax.net.debug
= all
services.XmlRpcService.secure.server.option.java.security.debug
= all


ONE OF MY PROBLEM IS WHEN I SET
services.XmlRpcService.secure.server = true

Xml rpc call  fails

HOW TO USE SECURE SERVER OPTION......

Thanks for help in advance

cheers
Manav



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org

Re: Client Authentication in XML RPC

Posted by Nathan Bubna <nb...@gmail.com>.

Hi Manvendra,

Since this question doesn't actually have anything to do with Velocity
or Turbine's VelocityService, you'll be a lot more likely to find
someone who can help you answer it on the turbine-user mailing list. 
I suggest you try asking it there.

Thanks!

On 8/19/05, Manvendra Baghel <ma...@yahoo.com> wrote:
> Hi friends,
> I am working on Turbine 2.3 and velocity.
> I am trying to implement xml rpc in Brihaspati e LMS
> I am unable to decide how to go in for client
> authentication.
> Turbine xml-rpc service use file handler methods
> get/ send for handling files.But they are not secure
> Any one can access files by them.
>  MY PROBLEM IS THIS:
>  I HAVE LIST OF IP ADDRESSES AND I WANT THAT ONLY THEY
> SHOULD ACCESS MY FILES    .
>    for that how to work with
> TurbineResouces.properties
> is not clear.
> My property file is below
> 
> services.XmlRpcService.handler.file =
> org.apache.turbine.services.xmlrpc.util.FileHandler
> services.XmlRpcService.handler.remote =
> org.iitk.brihaspati.modules.utils.RemoteCourseUtil
> services.XmlRpcService.handler.remote1 =
> org.iitk.brihaspati.modules.utils.RemoteCourseUtilServer
> services.XmlRpcService.paranoid = true
> services.XmlRpcService.acceptClient = 172.28.44.*
> services.XmlRpcService.denyClient =
> 
> # Do we want a secure server
> 
> services.XmlRpcService.secure.server = false
> 
> # Secure server options
> 
> services.XmlRpcService.secure.server.option.java.protocol.handler.pkgs
> = \
>     com.sun.net.ssl.internal.www.protocol
> 
> services.XmlRpcService.secure.server.option.security.provider
> = \
>     com.sun.net.ssl.internal.ssl.Provider
> 
> services.XmlRpcService.secure.server.option.security.protocol
> = TLS
> 
> # You probably want to keep your key stores and trust
> stores
> # clear out of your webapp.
> 
> services.XmlRpcService.secure.server.option.javax.net.ssl.keyStore
> = /tmp/keystore
> services.XmlRpcService.secure.server.option.javax.net.ssl.keyStoreType
> = jks
> services.XmlRpcService.secure.server.option.javax.net.ssl.keyStorePassword
> = password
> services.XmlRpcService.secure.server.option.javax.net.ssl.trustStore
> = /tmp/truststore
> services.XmlRpcService.secure.server.option.javax.net.ssl.trustStoreType
> = jks
> services.XmlRpcService.secure.server.option.javax.net.ssl.trustStorePassword
> = password
> 
> services.XmlRpcService.secure.server.option.sun.ssl.keymanager.type
> = SunX509
> services.XmlRpcService.secure.server.option.sun.ssl.trust.manager.type
> = SunX509
> 
> # These values should be set to 'all' for debugging
> purposes.
> 
> services.XmlRpcService.secure.server.option.javax.net.debug
> = all
> services.XmlRpcService.secure.server.option.java.security.debug
> = all
> 
> 
> ONE OF MY PROBLEM IS WHEN I SET
> services.XmlRpcService.secure.server = true
> 
> Xml rpc call  fails
> 
> HOW TO USE SECURE SERVER OPTION......
> 
> Thanks for help in advance
> 
> cheers
> Manav
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: velocity-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org