I've been looking into it. What happens is that JettyContextManager attempts to create a server and consults the SSLParameter's "managed" attribute in order to decide whether to create a managed or non-managed server.
In line 273: sslConnector.setKeystoreManager(getConfiguration().getKeystoreManager()); This gets the KeystoreManager configured in the file security.xml (it has been published at the default location via jndi.xml). However, it the attribute is not set, it doesn't use it. Question: what's the use of the managed attribute? is it only used to determine whether a KeystoreManager should be used or not? (Thing is, by default, the attribute is false. Also, I cannot find the documentation for the attribute on the servicemix-http page...) Thanks in advance, Philipp gnodet wrote: > > I may have missed something, but I think you should be able to > implement your own KeyStoreManager interface and use it. I suppose > the problem is that this is a global parameter, but one should be able > to specify one on the SslParameters class maybe. > I just had a quick look, so I may be wrong.... > > On 9/19/07, Rossmanith, Philipp <[EMAIL PROTECTED]> wrote: >> Hi, >> >> For a project, we'd like to provide Web services (servicemix-http) over >> an SSL connection that authenticates client certificates against an LDAP >> server. >> >> I've been looking at the code, and I see file-based trust- and keystores, >> only. >> >> What I have planned so far is the following: >> The JSSE reference guide proposes an implementation of the >> X509TrustManager interface in order to customize the SSL-remote-side >> authentication. >> >> My idea would be to specify a new algorithm and set that on >> SslParameters. Then, in theory, classes using SslParameters should ask a >> TrustManagerFactory for the new algorithm - and get my custom >> implementation. >> >> My question is: would this be a feasible way of providing the outlined >> functionality given the 3.1.1 code as a basis? Is there a more elegant >> solution that I am not aware of? And - did I overlook something? >> >> Thanks in advance for any comments, >> Ciao, Philipp >> >> This e-mail and any attachments may contain confidential or >> privileged information. Any unauthorised copying, use or distribution of >> this information is strictly prohibited. >> > > > -- > Cheers, > Guillaume Nodet > ------------------------ > Blog: http://gnodet.blogspot.com/ > > -- View this message in context: http://www.nabble.com/SSL-with-certificates-provided-by-LDAP-server-tf4482375s12049.html#a12830338 Sent from the ServiceMix - User mailing list archive at Nabble.com.
