You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Soactive Inc <so...@gmail.com> on 2005/11/22 08:18:46 UTC
WSS4J - Read KeyStore from a non-file resource (such as database, etc.)
I am using WSS4J and am wondering how I can use the WSS4J API in conjunction
with non-file resources such as a database. I know that there is a section
of code in AbstractCrypto.java that says:
...
*this*.properties = properties;
String location =
*this*.properties.getProperty(*"org.apache.ws.security.crypto.merlin.file"*);
InputStream is = *null*;
*/**
* Look for the keystore in classpaths
*/*
DiscoverResources disc = *new* DiscoverResources();
disc.addClassLoader(JDKHooks.getJDKHooks().getThreadContextClassLoader());
disc.addClassLoader(loader);
ResourceIterator iterator = disc.findResources(location);
*if* (iterator.hasNext()) {
Resource resource = iterator.nextResource();
is = resource.getResourceAsStream();
}
*/**
* If we don't find it, then look on the file system.
*/*
*if* (is == *null*) {
*try* {
is = *new* FileInputStream(location);
} *catch* (Exception e) {
*throw* *new* CredentialException(3,
*"proxyNotFound"*, *new* Object[]{location});
}
}
....
Does this mean I can provide a non-file resource URL in the same ...file
property? If so, how can I specify a database URL? Any ideas appreciated.
Thanks.
Re: WSS4J - Read KeyStore from a non-file resource (such as database, etc.)
Posted by Davanum Srinivas <da...@gmail.com>.
See http://issues.apache.org/jira/browse/WSS
On 12/10/05, Soactive Inc <so...@gmail.com> wrote:
> Sounds good. I will submit a JIRA shortly. First, can you please tell me
> which product would this JIRA go into - is it XML Security or Axis? I don't
> see one for WSS4J.
>
> Also, the patch for this consists of changes in 2 files:
>
> -----------
>
> 1. org.apache.ws.security.components.crypto.CryptoFactory
>
> Add: public static Crypto getInstance(String cryptoClassName, Properties
> properties, InputStream keystoreStream);
>
> Add: private static Crypto loadClass(String cryptoClassName, Properties
> properties, InputStream keystoreStream);
>
> 2. org.apache.ws.security.components.crypto.Merlin
>
> Add: public Merlin(Properties properties, InputStream keystoreSteam) throws
> CredentialException, IOException;
>
> ---------
>
> Please let me know if this sounds good since I would like to make sure
> these changes are optimal enough to allow for any input stream to be used
> (instead of the de facto file source) for the key store.
>
> Best Regards,
> -Arun
>
>
> On 11/22/05, Davanum Srinivas <da...@gmail.com> wrote:
> > soactive,
> >
> > +1, Please open a new JIRA issue with a patch.
> >
> > thanks,
> > dims
> >
> > On 11/22/05, Soactive Inc <so...@gmail.com> wrote:
> > > One quick follow-up: If its not possible to do what I just asked for
> with
> > > the current API, can we add another signature to the
> > > CryptoFactory.getInstance() API as follows (please correct me if I am
> > > missing something):
> > >
> > > public static Crypto getInstance(String cryptoClassName, Properties
> > > properties, InputStream keystoreStream)
> > >
> > > Thanks!
> > >
> > >
> > > On 11/21/05, Soactive Inc <so...@gmail.com> wrote:
> > > > I am using WSS4J and am wondering how I can use the WSS4J API in
> > > conjunction with non-file resources such as a database. I know that
> there is
> > > a section of code in AbstractCrypto.java that says:
> > > >
> > > > ...
> > > > this.properties = properties;
> > > > String location =
> > >
> this.properties.getProperty("org.apache.ws.security.crypto.merlin.file
> > > >
> > > > ");
> > > > InputStream is = null;
> > > >
> > > > /**
> > > > * Look for the keystore in classpaths
> > > > */
> > > > DiscoverResources disc =
> > > >
> > > > new DiscoverResources();
> > > >
> > >
> disc.addClassLoader(JDKHooks.getJDKHooks().getThreadContextClassLoader());
> > > > disc.addClassLoader (loader);
> > > > ResourceIterator iterator =
> > > >
> > > > disc.findResources(location);
> > > > if (iterator.hasNext()) {
> > > > Resource resource = iterator.nextResource();
> > > > is = resource.getResourceAsStream();
> > > >
> > > > }
> > > >
> > > >
> > > > /**
> > > > * If we don't find it, then look on the file system.
> > > > */
> > > > if (is ==
> > > > null
> > > > ) {
> > > > try {
> > > > is = new FileInputStream(location);
> > > > } catch
> > > >
> > > > (Exception e) {
> > > > throw new CredentialException(3, "proxyNotFound",
> > > >
> > > > new Object[]{location});
> > > > }
> > > >
> > > >
> > > > }
> > > > ....
> > > >
> > > > Does this mean I can provide a non-file resource URL in the same
> ...file
> > > property? If so, how can I specify a database URL? Any ideas
> appreciated.
> > > >
> > > > Thanks.
> > > >
> > >
> > >
> >
> >
> > --
> > Davanum Srinivas : http://wso2.com/blogs/
> >
>
>
--
Davanum Srinivas : http://wso2.com/blogs/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J - Read KeyStore from a non-file resource (such as database, etc.)
Posted by Davanum Srinivas <da...@gmail.com>.
See http://issues.apache.org/jira/browse/WSS
On 12/10/05, Soactive Inc <so...@gmail.com> wrote:
> Sounds good. I will submit a JIRA shortly. First, can you please tell me
> which product would this JIRA go into - is it XML Security or Axis? I don't
> see one for WSS4J.
>
> Also, the patch for this consists of changes in 2 files:
>
> -----------
>
> 1. org.apache.ws.security.components.crypto.CryptoFactory
>
> Add: public static Crypto getInstance(String cryptoClassName, Properties
> properties, InputStream keystoreStream);
>
> Add: private static Crypto loadClass(String cryptoClassName, Properties
> properties, InputStream keystoreStream);
>
> 2. org.apache.ws.security.components.crypto.Merlin
>
> Add: public Merlin(Properties properties, InputStream keystoreSteam) throws
> CredentialException, IOException;
>
> ---------
>
> Please let me know if this sounds good since I would like to make sure
> these changes are optimal enough to allow for any input stream to be used
> (instead of the de facto file source) for the key store.
>
> Best Regards,
> -Arun
>
>
> On 11/22/05, Davanum Srinivas <da...@gmail.com> wrote:
> > soactive,
> >
> > +1, Please open a new JIRA issue with a patch.
> >
> > thanks,
> > dims
> >
> > On 11/22/05, Soactive Inc <so...@gmail.com> wrote:
> > > One quick follow-up: If its not possible to do what I just asked for
> with
> > > the current API, can we add another signature to the
> > > CryptoFactory.getInstance() API as follows (please correct me if I am
> > > missing something):
> > >
> > > public static Crypto getInstance(String cryptoClassName, Properties
> > > properties, InputStream keystoreStream)
> > >
> > > Thanks!
> > >
> > >
> > > On 11/21/05, Soactive Inc <so...@gmail.com> wrote:
> > > > I am using WSS4J and am wondering how I can use the WSS4J API in
> > > conjunction with non-file resources such as a database. I know that
> there is
> > > a section of code in AbstractCrypto.java that says:
> > > >
> > > > ...
> > > > this.properties = properties;
> > > > String location =
> > >
> this.properties.getProperty("org.apache.ws.security.crypto.merlin.file
> > > >
> > > > ");
> > > > InputStream is = null;
> > > >
> > > > /**
> > > > * Look for the keystore in classpaths
> > > > */
> > > > DiscoverResources disc =
> > > >
> > > > new DiscoverResources();
> > > >
> > >
> disc.addClassLoader(JDKHooks.getJDKHooks().getThreadContextClassLoader());
> > > > disc.addClassLoader (loader);
> > > > ResourceIterator iterator =
> > > >
> > > > disc.findResources(location);
> > > > if (iterator.hasNext()) {
> > > > Resource resource = iterator.nextResource();
> > > > is = resource.getResourceAsStream();
> > > >
> > > > }
> > > >
> > > >
> > > > /**
> > > > * If we don't find it, then look on the file system.
> > > > */
> > > > if (is ==
> > > > null
> > > > ) {
> > > > try {
> > > > is = new FileInputStream(location);
> > > > } catch
> > > >
> > > > (Exception e) {
> > > > throw new CredentialException(3, "proxyNotFound",
> > > >
> > > > new Object[]{location});
> > > > }
> > > >
> > > >
> > > > }
> > > > ....
> > > >
> > > > Does this mean I can provide a non-file resource URL in the same
> ...file
> > > property? If so, how can I specify a database URL? Any ideas
> appreciated.
> > > >
> > > > Thanks.
> > > >
> > >
> > >
> >
> >
> > --
> > Davanum Srinivas : http://wso2.com/blogs/
> >
>
>
--
Davanum Srinivas : http://wso2.com/blogs/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J - Read KeyStore from a non-file resource (such as database, etc.)
Posted by Soactive Inc <so...@gmail.com>.
Sounds good. I will submit a JIRA shortly. First, can you please tell me
which product would this JIRA go into - is it XML Security or Axis? I don't
see one for WSS4J.
Also, the patch for this consists of changes in 2 files:
-----------
1. org.apache.ws.security.components.crypto.CryptoFactory
Add: public static Crypto getInstance(String cryptoClassName, Properties
properties, InputStream keystoreStream);
Add: private static Crypto loadClass(String cryptoClassName, Properties
properties, InputStream keystoreStream);
2. org.apache.ws.security.components.crypto.Merlin
Add: public Merlin(Properties properties, InputStream keystoreSteam) throws
CredentialException, IOException;
---------
Please let me know if this sounds good since I would like to make sure these
changes are optimal enough to allow for any input stream to be used (instead
of the de facto file source) for the key store.
Best Regards,
-Arun
On 11/22/05, Davanum Srinivas <da...@gmail.com> wrote:
>
> soactive,
>
> +1, Please open a new JIRA issue with a patch.
>
> thanks,
> dims
>
> On 11/22/05, Soactive Inc <so...@gmail.com> wrote:
> > One quick follow-up: If its not possible to do what I just asked for
> with
> > the current API, can we add another signature to the
> > CryptoFactory.getInstance() API as follows (please correct me if I am
> > missing something):
> >
> > public static Crypto getInstance(String cryptoClassName, Properties
> > properties, InputStream keystoreStream)
> >
> > Thanks!
> >
> >
> > On 11/21/05, Soactive Inc <so...@gmail.com> wrote:
> > > I am using WSS4J and am wondering how I can use the WSS4J API in
> > conjunction with non-file resources such as a database. I know that
> there is
> > a section of code in AbstractCrypto.java that says:
> > >
> > > ...
> > > this.properties = properties;
> > > String location =
> > this.properties.getProperty("org.apache.ws.security.crypto.merlin.file
> > >
> > > ");
> > > InputStream is = null;
> > >
> > > /**
> > > * Look for the keystore in classpaths
> > > */
> > > DiscoverResources disc =
> > >
> > > new DiscoverResources();
> > >
> > disc.addClassLoader(JDKHooks.getJDKHooks
> ().getThreadContextClassLoader());
> > > disc.addClassLoader(loader);
> > > ResourceIterator iterator =
> > >
> > > disc.findResources(location);
> > > if (iterator.hasNext()) {
> > > Resource resource = iterator.nextResource();
> > > is = resource.getResourceAsStream();
> > >
> > > }
> > >
> > >
> > > /**
> > > * If we don't find it, then look on the file system.
> > > */
> > > if (is ==
> > > null
> > > ) {
> > > try {
> > > is = new FileInputStream(location);
> > > } catch
> > >
> > > (Exception e) {
> > > throw new CredentialException(3, "proxyNotFound",
> > >
> > > new Object[]{location});
> > > }
> > >
> > >
> > > }
> > > ....
> > >
> > > Does this mean I can provide a non-file resource URL in the same
> ...file
> > property? If so, how can I specify a database URL? Any ideas
> appreciated.
> > >
> > > Thanks.
> > >
> >
> >
>
>
> --
> Davanum Srinivas : http://wso2.com/blogs/
>
Re: WSS4J - Read KeyStore from a non-file resource (such as database, etc.)
Posted by Soactive Inc <so...@gmail.com>.
Sounds good. I will submit a JIRA shortly. First, can you please tell me
which product would this JIRA go into - is it XML Security or Axis? I don't
see one for WSS4J.
Also, the patch for this consists of changes in 2 files:
-----------
1. org.apache.ws.security.components.crypto.CryptoFactory
Add: public static Crypto getInstance(String cryptoClassName, Properties
properties, InputStream keystoreStream);
Add: private static Crypto loadClass(String cryptoClassName, Properties
properties, InputStream keystoreStream);
2. org.apache.ws.security.components.crypto.Merlin
Add: public Merlin(Properties properties, InputStream keystoreSteam) throws
CredentialException, IOException;
---------
Please let me know if this sounds good since I would like to make sure these
changes are optimal enough to allow for any input stream to be used (instead
of the de facto file source) for the key store.
Best Regards,
-Arun
On 11/22/05, Davanum Srinivas <da...@gmail.com> wrote:
>
> soactive,
>
> +1, Please open a new JIRA issue with a patch.
>
> thanks,
> dims
>
> On 11/22/05, Soactive Inc <so...@gmail.com> wrote:
> > One quick follow-up: If its not possible to do what I just asked for
> with
> > the current API, can we add another signature to the
> > CryptoFactory.getInstance() API as follows (please correct me if I am
> > missing something):
> >
> > public static Crypto getInstance(String cryptoClassName, Properties
> > properties, InputStream keystoreStream)
> >
> > Thanks!
> >
> >
> > On 11/21/05, Soactive Inc <so...@gmail.com> wrote:
> > > I am using WSS4J and am wondering how I can use the WSS4J API in
> > conjunction with non-file resources such as a database. I know that
> there is
> > a section of code in AbstractCrypto.java that says:
> > >
> > > ...
> > > this.properties = properties;
> > > String location =
> > this.properties.getProperty("org.apache.ws.security.crypto.merlin.file
> > >
> > > ");
> > > InputStream is = null;
> > >
> > > /**
> > > * Look for the keystore in classpaths
> > > */
> > > DiscoverResources disc =
> > >
> > > new DiscoverResources();
> > >
> > disc.addClassLoader(JDKHooks.getJDKHooks
> ().getThreadContextClassLoader());
> > > disc.addClassLoader(loader);
> > > ResourceIterator iterator =
> > >
> > > disc.findResources(location);
> > > if (iterator.hasNext()) {
> > > Resource resource = iterator.nextResource();
> > > is = resource.getResourceAsStream();
> > >
> > > }
> > >
> > >
> > > /**
> > > * If we don't find it, then look on the file system.
> > > */
> > > if (is ==
> > > null
> > > ) {
> > > try {
> > > is = new FileInputStream(location);
> > > } catch
> > >
> > > (Exception e) {
> > > throw new CredentialException(3, "proxyNotFound",
> > >
> > > new Object[]{location});
> > > }
> > >
> > >
> > > }
> > > ....
> > >
> > > Does this mean I can provide a non-file resource URL in the same
> ...file
> > property? If so, how can I specify a database URL? Any ideas
> appreciated.
> > >
> > > Thanks.
> > >
> >
> >
>
>
> --
> Davanum Srinivas : http://wso2.com/blogs/
>
Re: WSS4J - Read KeyStore from a non-file resource (such as database, etc.)
Posted by Davanum Srinivas <da...@gmail.com>.
soactive,
+1, Please open a new JIRA issue with a patch.
thanks,
dims
On 11/22/05, Soactive Inc <so...@gmail.com> wrote:
> One quick follow-up: If its not possible to do what I just asked for with
> the current API, can we add another signature to the
> CryptoFactory.getInstance() API as follows (please correct me if I am
> missing something):
>
> public static Crypto getInstance(String cryptoClassName, Properties
> properties, InputStream keystoreStream)
>
> Thanks!
>
>
> On 11/21/05, Soactive Inc <so...@gmail.com> wrote:
> > I am using WSS4J and am wondering how I can use the WSS4J API in
> conjunction with non-file resources such as a database. I know that there is
> a section of code in AbstractCrypto.java that says:
> >
> > ...
> > this.properties = properties;
> > String location =
> this.properties.getProperty("org.apache.ws.security.crypto.merlin.file
> >
> > ");
> > InputStream is = null;
> >
> > /**
> > * Look for the keystore in classpaths
> > */
> > DiscoverResources disc =
> >
> > new DiscoverResources();
> >
> disc.addClassLoader(JDKHooks.getJDKHooks().getThreadContextClassLoader());
> > disc.addClassLoader(loader);
> > ResourceIterator iterator =
> >
> > disc.findResources(location);
> > if (iterator.hasNext()) {
> > Resource resource = iterator.nextResource();
> > is = resource.getResourceAsStream();
> >
> > }
> >
> >
> > /**
> > * If we don't find it, then look on the file system.
> > */
> > if (is ==
> > null
> > ) {
> > try {
> > is = new FileInputStream(location);
> > } catch
> >
> > (Exception e) {
> > throw new CredentialException(3, "proxyNotFound",
> >
> > new Object[]{location});
> > }
> >
> >
> > }
> > ....
> >
> > Does this mean I can provide a non-file resource URL in the same ...file
> property? If so, how can I specify a database URL? Any ideas appreciated.
> >
> > Thanks.
> >
>
>
--
Davanum Srinivas : http://wso2.com/blogs/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J - Read KeyStore from a non-file resource (such as database, etc.)
Posted by Davanum Srinivas <da...@gmail.com>.
soactive,
+1, Please open a new JIRA issue with a patch.
thanks,
dims
On 11/22/05, Soactive Inc <so...@gmail.com> wrote:
> One quick follow-up: If its not possible to do what I just asked for with
> the current API, can we add another signature to the
> CryptoFactory.getInstance() API as follows (please correct me if I am
> missing something):
>
> public static Crypto getInstance(String cryptoClassName, Properties
> properties, InputStream keystoreStream)
>
> Thanks!
>
>
> On 11/21/05, Soactive Inc <so...@gmail.com> wrote:
> > I am using WSS4J and am wondering how I can use the WSS4J API in
> conjunction with non-file resources such as a database. I know that there is
> a section of code in AbstractCrypto.java that says:
> >
> > ...
> > this.properties = properties;
> > String location =
> this.properties.getProperty("org.apache.ws.security.crypto.merlin.file
> >
> > ");
> > InputStream is = null;
> >
> > /**
> > * Look for the keystore in classpaths
> > */
> > DiscoverResources disc =
> >
> > new DiscoverResources();
> >
> disc.addClassLoader(JDKHooks.getJDKHooks().getThreadContextClassLoader());
> > disc.addClassLoader(loader);
> > ResourceIterator iterator =
> >
> > disc.findResources(location);
> > if (iterator.hasNext()) {
> > Resource resource = iterator.nextResource();
> > is = resource.getResourceAsStream();
> >
> > }
> >
> >
> > /**
> > * If we don't find it, then look on the file system.
> > */
> > if (is ==
> > null
> > ) {
> > try {
> > is = new FileInputStream(location);
> > } catch
> >
> > (Exception e) {
> > throw new CredentialException(3, "proxyNotFound",
> >
> > new Object[]{location});
> > }
> >
> >
> > }
> > ....
> >
> > Does this mean I can provide a non-file resource URL in the same ...file
> property? If so, how can I specify a database URL? Any ideas appreciated.
> >
> > Thanks.
> >
>
>
--
Davanum Srinivas : http://wso2.com/blogs/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J - Read KeyStore from a non-file resource (such as database, etc.)
Posted by Soactive Inc <so...@gmail.com>.
One quick follow-up: If its not possible to do what I just asked for with
the current API, can we add another signature to the
CryptoFactory.getInstance() API as follows (please correct me if I am
missing something):
*public* *static* Crypto getInstance(String cryptoClassName,
Properties properties, InputStream keystoreStream)
Thanks!
On 11/21/05, Soactive Inc <so...@gmail.com> wrote:
>
> I am using WSS4J and am wondering how I can use the WSS4J API in
> conjunction with non-file resources such as a database. I know that there is
> a section of code in AbstractCrypto.java that says:
>
> ...
>
> *this*.properties = properties;
> String location = *this*.properties.getProperty(*"org.apache.ws.security.crypto.merlin.file
> "*);
> InputStream is = *null*;
>
> */**
> * Look for the keystore in classpaths
> */*
> DiscoverResources disc =
> *new* DiscoverResources();
> disc.addClassLoader(JDKHooks.getJDKHooks().getThreadContextClassLoader());
> disc.addClassLoader(loader);
> ResourceIterator iterator =
> disc.findResources(location);
> *if* (iterator.hasNext()) {
> Resource resource = iterator.nextResource();
> is = resource.getResourceAsStream();
> }
>
>
> */**
> * If we don't find it, then look on the file system.
> */*
> *if* (is == *null
> *) {
> *try* {
> is = *new* FileInputStream(location);
> } *catch*
> (Exception e) {
> *throw* *new* CredentialException(3, *"proxyNotFound"*, *
> new* Object[]{location});
> }
>
>
> }
>
> ....
>
> Does this mean I can provide a non-file resource URL in the same ...file
> property? If so, how can I specify a database URL? Any ideas appreciated.
>
> Thanks.
>
Re: WSS4J - Read KeyStore from a non-file resource (such as database, etc.)
Posted by Soactive Inc <so...@gmail.com>.
One quick follow-up: If its not possible to do what I just asked for with
the current API, can we add another signature to the
CryptoFactory.getInstance() API as follows (please correct me if I am
missing something):
*public* *static* Crypto getInstance(String cryptoClassName,
Properties properties, InputStream keystoreStream)
Thanks!
On 11/21/05, Soactive Inc <so...@gmail.com> wrote:
>
> I am using WSS4J and am wondering how I can use the WSS4J API in
> conjunction with non-file resources such as a database. I know that there is
> a section of code in AbstractCrypto.java that says:
>
> ...
>
> *this*.properties = properties;
> String location = *this*.properties.getProperty(*"org.apache.ws.security.crypto.merlin.file
> "*);
> InputStream is = *null*;
>
> */**
> * Look for the keystore in classpaths
> */*
> DiscoverResources disc =
> *new* DiscoverResources();
> disc.addClassLoader(JDKHooks.getJDKHooks().getThreadContextClassLoader());
> disc.addClassLoader(loader);
> ResourceIterator iterator =
> disc.findResources(location);
> *if* (iterator.hasNext()) {
> Resource resource = iterator.nextResource();
> is = resource.getResourceAsStream();
> }
>
>
> */**
> * If we don't find it, then look on the file system.
> */*
> *if* (is == *null
> *) {
> *try* {
> is = *new* FileInputStream(location);
> } *catch*
> (Exception e) {
> *throw* *new* CredentialException(3, *"proxyNotFound"*, *
> new* Object[]{location});
> }
>
>
> }
>
> ....
>
> Does this mean I can provide a non-file resource URL in the same ...file
> property? If so, how can I specify a database URL? Any ideas appreciated.
>
> Thanks.
>