Seems like 3 would be the best of the presented options. Certainly
option 1 is a general no-no as it uses System properties. Fine to do
it, but usually makes life hard if you ever want to run two of the
same thing in a vm.
-David
On Jul 20, 2006, at 8:40 AM, Rick McGuire wrote:
Concurrent with trying to enable Geronimo to use Yoko, I'm also
working on the changes for this JIRA
http://issues.apache.org/jira/browse/GERONIMO-2002
which configures the SSL support created for the ORB to use the
Geronimo KeystoreManager API. To handle this, I've create an
SSLConfigGBean that holds a reference to the KeystoreManager
instance, the names of the truststore and ketstores, etc. This
GBean has methods for creating SSLSocketFactory and
SSLServerSocketFactory instances based on the config information.
The challenge was then how to pass a reference to this GBean into
the socket factory instances used by the ORBs. The challenge here
is the same for both the Sun ORB and the Yoko ORB. The socket
factories are enabled by setting a property or argument to the name
of the socket factory class, and the ORB will use reflection to
instantiate the factory and plug it in. There's no way to pass in
an already constructed object through the ORB.init() call.
To pass in this instance, I'm able to set a string argument for the
factory, which I'm setting to the AbstractName for the GBean. The
factory then uses
Kernel kernel = KernelRegistry.getSingleKernel();
sslConfig = (SSLConfig)kernel.getGBean(new
AbstractName(new URI(configName)));
to retrieve the GBean. This works, and allows me access to the
SSLConfig object for getting the socket factories.
Unfortunately, for CorbaBean objects, I also need access to some of
the information stored in the TSSConfig that part of the CorbaBean
instance to sort out the requires and supports values for the
created SSLSocket. This information is needed to configure the
socket once it is created using the appropriate socket factory
instance. I have to pass multiple pieces of information from
multiple sources through a very narrow pipe (a single String).
There are a couple potential solutions I see:
1. Pass the requires/supports information as system properties.
This
is the approach currently used in the Sun socket factory, but
this
approach is not really thread safe, and also depends on the
socket
factory initialization occurring on the same initialization
thread.
2. Pass the supports/requires information somehow encoded with the
abstract name used to retrieve the factory. This will work, but
feels awkward to me.
3. Rather than using the AsbstactName of the SSLConfig GBean,
pass in
the AbstractName of the CorbaBean (or CSSBean) that's being
used. The beans already are holding an instance of the
SLLConfig GBean,
so all of the needed information can be requested directly from
the ORB configuration beans. I'll probably create an common
interface that both CorbaBean and CSSBean will implement so that
the socket factories don't need to deal with which sort of ORB is
getting created.
Does 3) sound like a reasonable approach? Are there other options
I've overlooked?
Rick
