I need to setup truststore in Tomcat in order my web application to communicate with other external system. The communication to the external system is accomplished using TCP via SSL.
What I found on the net is only how to setup Tomcat to receive ssl requests (user browse the tomcat web app with https). I need to setup Tomcat to be the client.
I managed to add a certificate in a truststore using java keytool, but I failed in the attempts of configuring Tomcat to load this truststore.
Currently my code looks something like this:
I want to get rid of 'System.setProperty' lines of code and add it in Tomcat configuration somehow so it can be loaded on server startup.
Tomcat is a typical server application. You shouldn't look for information on how to make Tomcat a SSL client. I guess what you really want to know is how to connect to another server from within a web application. Does this make sense to you? If so, then how exactly do you have to connect to what kind of server?
Sorry, I might have been a bit misleading in my explanation above.
I have a very standard and simple web application which is deployed on tomcat. Occasionally this web application needs to communicate with an external system to retrieve data. The communication protocol is TCP via SSL. All that is known for this external system is the certificate that it will accept (which i've imported in a trustore), its ip and port.
I have working solution for the above scenario (I use standard java ssl and net APIs). My webapp successfully connects to the external system. The problem is that I have hardcoded the following system properties in my code:
What I'm trying to find is if there is some way to configure this trusstore in Tomcat configuration rather than hardcoding it in my java code.
that explanation makes a lot more sense to me So basically your problem is all about externalizing configuration parameters for a web application!
One quick solution would be to set the required system properties via the environment variables JAVA_OPTS or CATALINA_OPTS before starting Tomcat. You could simply add a parameter like this:
The disadvantage is that you have to take care to add these parameter whenever you switch to another Tomcat server. Another (possible) disadvantage is that these properties are visible to ALL web applications.
Another solution could be to use the web.xml descriptor and set a context parameter or similar. This of course could require re-packaging in case of a change.
A third option is to use a completely different configuration file or configuration mechanism.
Surely there are additional possibilities like configuration via JMX etc. etc.
One more advice (from personal experience): It's a very good practice to avoid as much environment dependencies as possible, i.e. it should always be clear what parameters and where to configure them in order to make the application work correctly. Especially some "magic parameters" like system environment variables are easily forgotten if someone tries to run the application on a different machine.
Moreover I would try to avoid portability issues by using OS dependent paths like in your example. This makes it much easier to simply deploy the application into any compatible application server or servlet container running on any OS. In some situations it may be arguable to take care of portability issues but if you plan for it early it usually isn't hard to achieve to keep everything portable.