Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Encrypt org.apache.ws.security.crypto.merlin.keystore.password  RSS feed

 
Ed Lee
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Would it be possible to have the property field of org.apache.ws.security.crypto.merlin.keystore.password encrypted similarly to the passwordCallbackClass so the password is not hardcoded and visible in the services.xml?

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>service</ramp:user>
<ramp:passwordCallbackClass>ServiceCallback</ramp:passwordCallbackClass>
<ramp:policyValidatorCbClass>CustomPolicyBasedResultsValidator</ramp:policyValidatorCbClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
 
R Srini
Ranch Hand
Posts: 215
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi. I don't have experience with Rampart per se, but this type of thing is usually done by specifying a callback class, e.g. class PWCallback extends javax.security.auth.callback.CallbackHandler. A few links:

- Search for passwordCallbackClass in this page.
- Sun tutorial
- org.apache.ws.security.WSPasswordCallback - also has a nice example

Hope that helps.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!