You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Nencho Lupanov <ne...@googlemail.com> on 2007/06/01 09:03:21 UTC
Transport Binding fixed, please review
Hi all,
I've managed to configure ssl on the client side in order to activate a
transport binding policy.
The client request is automated - a modified rampart reads a rampart policy
in order to apply
jsse properties to the vm. The rampart policy info looks like this for the
transport binding(ssl):
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:passwordCallbackClass>
org.apache.rampart.samples.policy.sample01.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:sslConfig>
<ramp:property name="javax.net.ssl.keyStoreType">JKS</ramp:property>
<ramp:property name="javax.net.ssl.keyStorePassword
">apache</ramp:property>
<ramp:property name="javax.net.ssl.keyStore
">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
<ramp:property name="javax.net.ssl.trustStore
">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
<ramp:property
name="javax.net.ssl.trustStorePassword">apache</ramp:property>
</ramp:sslConfig>
</ramp:RampartConfig>
As you can see, there is a new configuration element - sslConfig(maybe we
better call that jsseConfig or just jsse).
there is also a class SSLConfigBuilder that reads the properties and set's
them like this:
System.*setProperty*(property_name, property_value);
Can you review if this is ok.I intend to propose it as a patch?Is the policy
config ok?Does it need something in addition?Could someone change the
rampart policy schema in order to affect those changes?
Thanks,
Nencho
Re: Transport Binding fixed, please review
Posted by Nencho Lupanov <ne...@googlemail.com>.
Hi Dimuthu,
A patch is attached at https://issues.apache.org/jira/browse/RAMPART-42
Can you also review another jira request concerning rampart, i also proposed
a patch
but i havent saw any feedback for it :
https://issues.apache.org/jira/browse/AXIS2-2570
Thanks,
Nencho
2007/6/1, Dimuthu <mu...@apache.org>:
>
> Hi Nencho,
>
> +1 for the proposed fix.
> +1 for the name "sslConfig".
>
> Please attach a patch.
>
> Thank you,
> Dimuthu
>
> On Fri, 2007-06-01 at 10:03 +0300, Nencho Lupanov wrote:
> > Hi all,
> >
> > I've managed to configure ssl on the client side in order to activate a
> > transport binding policy.
> > The client request is automated - a modified rampart reads a rampart
> policy
> > in order to apply
> > jsse properties to the vm. The rampart policy info looks like this for
> the
> > transport binding(ssl):
> >
> >
> > <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> >
> > <ramp:user>alice</ramp:user>
> > <ramp:passwordCallbackClass>
> > org.apache.rampart.samples.policy.sample01.PWCBHandler
> > </ramp:passwordCallbackClass>
> >
> > <ramp:sslConfig>
> > <ramp:property name="javax.net.ssl.keyStoreType
> ">JKS</ramp:property>
> > <ramp:property name="javax.net.ssl.keyStorePassword
> > ">apache</ramp:property>
> > <ramp:property name="javax.net.ssl.keyStore
> > ">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
> > <ramp:property name="javax.net.ssl.trustStore
> > ">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
> > <ramp:property
> > name="javax.net.ssl.trustStorePassword">apache</ramp:property>
> >
> > </ramp:sslConfig>
> >
> > </ramp:RampartConfig>
> >
> >
> >
> > As you can see, there is a new configuration element - sslConfig(maybe
> we
> > better call that jsseConfig or just jsse).
> >
> > there is also a class SSLConfigBuilder that reads the properties and
> set's
> > them like this:
> >
> > System.*setProperty*(property_name, property_value);
> >
> > Can you review if this is ok.I intend to propose it as a patch?Is the
> policy
> > config ok?Does it need something in addition?Could someone change the
> > rampart policy schema in order to affect those changes?
> >
> > Thanks,
> >
> > Nencho
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
Re: Transport Binding fixed, please review
Posted by Dimuthu <mu...@apache.org>.
Hi Nencho,
+1 for the proposed fix.
+1 for the name "sslConfig".
Please attach a patch.
Thank you,
Dimuthu
On Fri, 2007-06-01 at 10:03 +0300, Nencho Lupanov wrote:
> Hi all,
>
> I've managed to configure ssl on the client side in order to activate a
> transport binding policy.
> The client request is automated - a modified rampart reads a rampart policy
> in order to apply
> jsse properties to the vm. The rampart policy info looks like this for the
> transport binding(ssl):
>
>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
>
> <ramp:user>alice</ramp:user>
> <ramp:passwordCallbackClass>
> org.apache.rampart.samples.policy.sample01.PWCBHandler
> </ramp:passwordCallbackClass>
>
> <ramp:sslConfig>
> <ramp:property name="javax.net.ssl.keyStoreType">JKS</ramp:property>
> <ramp:property name="javax.net.ssl.keyStorePassword
> ">apache</ramp:property>
> <ramp:property name="javax.net.ssl.keyStore
> ">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
> <ramp:property name="javax.net.ssl.trustStore
> ">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
> <ramp:property
> name="javax.net.ssl.trustStorePassword">apache</ramp:property>
>
> </ramp:sslConfig>
>
> </ramp:RampartConfig>
>
>
>
> As you can see, there is a new configuration element - sslConfig(maybe we
> better call that jsseConfig or just jsse).
>
> there is also a class SSLConfigBuilder that reads the properties and set's
> them like this:
>
> System.*setProperty*(property_name, property_value);
>
> Can you review if this is ok.I intend to propose it as a patch?Is the policy
> config ok?Does it need something in addition?Could someone change the
> rampart policy schema in order to affect those changes?
>
> Thanks,
>
> Nencho
Re: Transport Binding fixed, please review
Posted by Dimuthu <mu...@apache.org>.
Hi Nencho,
+1 for the proposed fix.
+1 for the name "sslConfig".
Please attach a patch.
Thank you,
Dimuthu
On Fri, 2007-06-01 at 10:03 +0300, Nencho Lupanov wrote:
> Hi all,
>
> I've managed to configure ssl on the client side in order to activate a
> transport binding policy.
> The client request is automated - a modified rampart reads a rampart policy
> in order to apply
> jsse properties to the vm. The rampart policy info looks like this for the
> transport binding(ssl):
>
>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
>
> <ramp:user>alice</ramp:user>
> <ramp:passwordCallbackClass>
> org.apache.rampart.samples.policy.sample01.PWCBHandler
> </ramp:passwordCallbackClass>
>
> <ramp:sslConfig>
> <ramp:property name="javax.net.ssl.keyStoreType">JKS</ramp:property>
> <ramp:property name="javax.net.ssl.keyStorePassword
> ">apache</ramp:property>
> <ramp:property name="javax.net.ssl.keyStore
> ">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
> <ramp:property name="javax.net.ssl.trustStore
> ">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
> <ramp:property
> name="javax.net.ssl.trustStorePassword">apache</ramp:property>
>
> </ramp:sslConfig>
>
> </ramp:RampartConfig>
>
>
>
> As you can see, there is a new configuration element - sslConfig(maybe we
> better call that jsseConfig or just jsse).
>
> there is also a class SSLConfigBuilder that reads the properties and set's
> them like this:
>
> System.*setProperty*(property_name, property_value);
>
> Can you review if this is ok.I intend to propose it as a patch?Is the policy
> config ok?Does it need something in addition?Could someone change the
> rampart policy schema in order to affect those changes?
>
> Thanks,
>
> Nencho
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Transport Binding fixed, please review
Posted by Dimuthu <mu...@apache.org>.
Hi Nencho,
+1 for the proposed fix.
+1 for the name "sslConfig".
Please attach a patch.
Thank you,
Dimuthu
On Fri, 2007-06-01 at 10:03 +0300, Nencho Lupanov wrote:
> Hi all,
>
> I've managed to configure ssl on the client side in order to activate a
> transport binding policy.
> The client request is automated - a modified rampart reads a rampart policy
> in order to apply
> jsse properties to the vm. The rampart policy info looks like this for the
> transport binding(ssl):
>
>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
>
> <ramp:user>alice</ramp:user>
> <ramp:passwordCallbackClass>
> org.apache.rampart.samples.policy.sample01.PWCBHandler
> </ramp:passwordCallbackClass>
>
> <ramp:sslConfig>
> <ramp:property name="javax.net.ssl.keyStoreType">JKS</ramp:property>
> <ramp:property name="javax.net.ssl.keyStorePassword
> ">apache</ramp:property>
> <ramp:property name="javax.net.ssl.keyStore
> ">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
> <ramp:property name="javax.net.ssl.trustStore
> ">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
> <ramp:property
> name="javax.net.ssl.trustStorePassword">apache</ramp:property>
>
> </ramp:sslConfig>
>
> </ramp:RampartConfig>
>
>
>
> As you can see, there is a new configuration element - sslConfig(maybe we
> better call that jsseConfig or just jsse).
>
> there is also a class SSLConfigBuilder that reads the properties and set's
> them like this:
>
> System.*setProperty*(property_name, property_value);
>
> Can you review if this is ok.I intend to propose it as a patch?Is the policy
> config ok?Does it need something in addition?Could someone change the
> rampart policy schema in order to affect those changes?
>
> Thanks,
>
> Nencho
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org