The managed attribute should be used when reusing an existing web server. The main use case is when servicemix is deployed as a web app and you want to reuse the web container instead of starting an embedded one.
On 9/21/07, prossma <[EMAIL PROTECTED]> wrote: > > I've been looking into it. What happens is that JettyContextManager attempts > to create a server and consults the SSLParameter's "managed" attribute in > order to decide whether to create a managed or non-managed server. > > In line 273: > sslConnector.setKeystoreManager(getConfiguration().getKeystoreManager()); > > This gets the KeystoreManager configured in the file security.xml (it has > been published at the default location via jndi.xml). > > However, it the attribute is not set, it doesn't use it. > > Question: what's the use of the managed attribute? is it only used to > determine whether a KeystoreManager should be used or not? (Thing is, by > default, the attribute is false. Also, I cannot find the documentation for > the attribute on the servicemix-http page...) > > Thanks in advance, > Philipp > > > gnodet wrote: > > > > I may have missed something, but I think you should be able to > > implement your own KeyStoreManager interface and use it. I suppose > > the problem is that this is a global parameter, but one should be able > > to specify one on the SslParameters class maybe. > > I just had a quick look, so I may be wrong.... > > > > On 9/19/07, Rossmanith, Philipp <[EMAIL PROTECTED]> wrote: > >> Hi, > >> > >> For a project, we'd like to provide Web services (servicemix-http) over > >> an SSL connection that authenticates client certificates against an LDAP > >> server. > >> > >> I've been looking at the code, and I see file-based trust- and keystores, > >> only. > >> > >> What I have planned so far is the following: > >> The JSSE reference guide proposes an implementation of the > >> X509TrustManager interface in order to customize the SSL-remote-side > >> authentication. > >> > >> My idea would be to specify a new algorithm and set that on > >> SslParameters. Then, in theory, classes using SslParameters should ask a > >> TrustManagerFactory for the new algorithm - and get my custom > >> implementation. > >> > >> My question is: would this be a feasible way of providing the outlined > >> functionality given the 3.1.1 code as a basis? Is there a more elegant > >> solution that I am not aware of? And - did I overlook something? > >> > >> Thanks in advance for any comments, > >> Ciao, Philipp > >> > >> This e-mail and any attachments may contain confidential or > >> privileged information. Any unauthorised copying, use or distribution of > >> this information is strictly prohibited. > >> > > > > > > -- > > Cheers, > > Guillaume Nodet > > ------------------------ > > Blog: http://gnodet.blogspot.com/ > > > > > > -- > View this message in context: > http://www.nabble.com/SSL-with-certificates-provided-by-LDAP-server-tf4482375s12049.html#a12830338 > Sent from the ServiceMix - User mailing list archive at Nabble.com. > > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/
