Author: ruwan Date: Wed Jul 1 02:41:20 2009 New Revision: 40499 URL: http://wso2.org/svn/browse/wso2?view=rev&revision=40499
Log: Fixing documentation issues Modified: trunk/esb/java/docs/xdoc/securing_secret_information.xml Modified: trunk/esb/java/docs/xdoc/securing_secret_information.xml URL: http://wso2.org/svn/browse/wso2/trunk/esb/java/docs/xdoc/securing_secret_information.xml?rev=40499&r1=40498&r2=40499&view=diff ============================================================================== --- trunk/esb/java/docs/xdoc/securing_secret_information.xml (original) +++ trunk/esb/java/docs/xdoc/securing_secret_information.xml Wed Jul 1 02:41:20 2009 @@ -36,9 +36,9 @@ <h2>Secret Providers</h2> -<p>The word ‘secret’ was used to refer anything need to keep as +<p>The word 'secret' was used to refer anything need to keep as secret. Even current usage is only for passwords, API is for any things. Secret -retrieving is done through ‘SecretCallbackHandler’ implementations. +retrieving is done through 'SecretCallbackHandler' implementations. Currently there are few and can add as needed.</p> <ul> <li><strong>JBossEncryptionSecretCallbackHandler</strong></li> @@ -47,7 +47,7 @@ <p>This is the default way use within the JBoss Application Server to secure database passwords. Use a hardcode pass phrase (Need to use same pass phrase that have used for encryption). Admin can encrypt passwords using a pass phrase -and hard code that in the ‘JBossEncryptionSecretCallbackHandler’ +and hard code that in the 'JBossEncryptionSecretCallbackHandler' and make close source.</p> <ul> <li><strong>JlineSecretCallbackHandler</strong></li> @@ -68,7 +68,7 @@ <p>Admin needed to hard code password and make close source. This can be used to just provide keystore passwords and other secrets can be retrieved using -‘SecretManagerSecretCallbackHandler’ (next one)</p> +'SecretManagerSecretCallbackHandler' (next one)</p> <ul> <li><strong>SecretManagerSecretCallbackHandler</strong></li> </ul> @@ -79,7 +79,7 @@ providing alias for those (no need to put encrypted value in inline in application configurations). Key Stores needed for Secret Manager and secret repositories are configurable. It can be done through the -‘secret-conf.properties’. Currently, there is only one secret +'secret-conf.properties'. Currently, there is only one secret repository and it is FileBaseSecretRepository. It uses cipher-text.properties to keep secrets. It keeps aliases vs. its actual secret in encrypted format (encrypted by a key in keystore)</p> @@ -147,15 +147,12 @@ <p>Consider that an application has configuration for password as</p> -<p></p> <pre> <datasource> <password>pass</password> <secretProvider>any implementation of SecretCallbackHandler- class name</secretProvider> </datasource> </pre> -<p></p> - -<p>For JBossEncryptionSecretCallbackHandler , ‘password’ should +<p>For JBossEncryptionSecretCallbackHandler, 'password' should contain an encrypted value. In any other case, it is just an alias- can keep any human readable text. For example in Secret Manger, actual password is in secret repositories. For file based repository, it is something like bellow.</p> @@ -163,16 +160,12 @@ aliases=pass pass.secret=EsY65tztE9R5b9pErVxLp8Br5d3ol6vRdWAkYHdc7XkZteGf37VJ+iNlCenqxYSEto0vcjpcmmzwf7K2wd9u3KQtVGKEoNLSe2LYZtrm3tKmGd6PX9YpdN72ml3JISNXPJ69yybFi6DVUIJfE5MFOd7gswWfCnkmZ3eJ6M1nuiI=</pre> -<p></p> - <p>To retrieve secret, it is needed to use following API and follow steps.</p> -<p></p> - <h3>Retrieving API</h3> -<p>Read the configuration parameter value of ‘secret Provider’ - -say ‘secretProvider’</p> +<p>Read the configuration parameter value of 'secret Provider' - +say 'secretProvider'</p> <pre>// Create SecretCallbackHandler SecretCallbackHandler secretCallbackHanlder SecretCallbackHandlerFactory.createSecretCallbackHandler(secretProvider); @@ -181,40 +174,33 @@ secretLoadingModule.init(new SecretCallbackHandler[]{secretCallbackHanlder}); // Create SecretCallbacks -SingleSecretCallback secretCallback = new SingleSecretCallback(aliases); // for above example 'aliases' is ‘pass’ +SingleSecretCallback secretCallback = new SingleSecretCallback(aliases); // for above example 'aliases' is 'pass' secretLoadingModule.load(new SecretCallback[]{secretCallback}); String actualPassword= secretCallback.getSecret();</pre> -<p></p> - <p>If you want to load multiple secret at one time you can used -‘MultiSecretCallback’ or array of SingleSecretCallback s.</p> +'MultiSecretCallback'; or array of SingleSecretCallback s.</p> <p>There is a simple way to avoid code repeating.</p> -<p></p> <pre>SecretInformation secretInformation = SecretInformationFactory.createSecretInformation(secretProvider, aliasPassword, passwordPrompt); String actualPassword = secretInformation.getResolvedSecret();</pre> -<p></p> - <h2>Adapting in OSGI Environment</h2> -<p></p> - -<p>All ‘SecretCallbackHandlers’ other than -‘SecretManagerSecretCallbackHandler’ are stateless enabling to use -without any extra code. With ‘SecretManagerSecretCallbackHandler’, -it is better to be there only a one ‘SecretManager’ instance. More -precisely, a single ‘SecretManagerSecretCallbackHandler’ instance. -For this, there is a carbon module ‘secretvault’. It just read -‘secret-conf.properties’ and initiate a new -‘SecretCallbackHandler’ instance. This can be -‘SecretManagerSecretCallbackHandler’ or any other -‘SecretCallbackHandlers’ that need to be shared a one instance +<p>All 'SecretCallbackHandlers' other than +'SecretManagerSecretCallbackHandler' are stateless enabling to use +without any extra code. With 'SecretManagerSecretCallbackHandler', +it is better to be there only a one 'SecretManager' instance. More +precisely, a single 'SecretManagerSecretCallbackHandler' instance. +For this, there is a carbon module 'secretvault'. It just read +'secret-conf.properties' and initiate a new +'SecretCallbackHandler' instance. This can be +'SecretManagerSecretCallbackHandler' or any other +'SecretCallbackHandlers' that need to be shared a one instance globally.To acccess this and use need to following instuctions</p> <p></p> _______________________________________________ Esb-java-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
