Hello again. First of all, thanks a lot for helping me resolve this problem I've encountered.
I've been trying to locate the part of the code where I should start implementing my patch but I haven't decided yet. I agree with you on modifying the getKeystoreManager() method from HttpEndpoint, but I think I should rewrite the method instead of overriding it (I understand overriding would mean creating a new class extending HttpEndpoint). Do you think my assumption is correct or do you really think I should create a new class? I've thought on the idea of adding a KeystoreManager field to the HttpEndpoint. My idea would be to add a new sslParameter in the xbean.xmlfile, but that would mean modifying the servicemix-http.xsd wouldn't it? Would it be a problem? Doing this would allow me to do something like "if (this.getSsl().getKeyStoreManager() == null)" in the getKeystoreManager() method. Returning "true" would mean the parameter has not been specified, so I would let the HttpComponent be initialized as it has been done until now, but returning "false" would mean creating and returning a new instance of the specified KeystoreManager. Does this make sense to you, or am I missing something out? Best regards. Sebastian Gomez. On Jan 21, 2008 8:30 PM, Guillaume Nodet <[EMAIL PROTECTED]> wrote: > I think the easiest way would be to add a KeystoreManager field on the > HttpEndpoint and override > the getKeystoreManager() method from HttpEndpoint [1]. > It doesn't seem you actually need to work with the HttpComponent or > HttpConfiguration directly. > > FYI, the defaut KeystoreManager is retrieved from the HttpComponent in the > doInit() method [2]. > > Hopes this helps, > > [1] > > http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-http/src/main/java/org/apache/servicemix/http/HttpEndpoint.java?revision=602826&view=markup > [2] > > http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-http/src/main/java/org/apache/servicemix/http/HttpComponent.java?revision=602826&view=markup > > On Jan 21, 2008 8:11 PM, Sebas Gomez <[EMAIL PROTECTED]> wrote: > > > Hi. > > > > I have decided to create the patch to configure the KeyStoreInstance > > directly on the endpoint, and I would be willing to share it, but I > think > > I > > will need a little orientation. I've been trying to trace > > the initialization of the http-component, but I haven't been able to > find > > where the KeystoreInstance is created. Would it be possible for you to > > point > > me out where it is done? > > > > Thank you. > > On Jan 21, 2008 4:45 PM, Guillaume Nodet <[EMAIL PROTECTED]> wrote: > > > > > Implementing a KeyStoreInstance manager is the way to go. > > > Currently, the only way to configure it is to go to the JMX mbean > > > associated > > > with the servicemix-http component and change the keystoreManagerName > to > > a > > > new entry in the JNDI tree where you would put your own > implementation. > > > You'd also have to register it in the conf/jndi.xml configuration > file. > > > This is not very easy, so if you're fancy providing a patch to > configure > > > it > > > on the endpoint directly, i'd be happy to apply it. > > > > > > On Jan 18, 2008 2:31 PM, Sebas Gomez <[EMAIL PROTECTED]> wrote: > > > > > > > Hi. > > > > > > > > Thanks for the quick answer. > > > > > > > > I only retieve the certificate from the card, nothing else. I think > > the > > > > easiest way of getting the certificate would be implementing a > custom > > > > KeyStoreInstance but I can't find the place in the configuration of > > the > > > > servicemix-http component where to tell ServiceMix to use it. I > > suppose > > > it > > > > should be in one of the sslParameters, but I don't know which one. > > > > > > > > The other possibility would be to subclass the servicemix-http, but > I > > > > think > > > > the easy solution would be the one explained on the paragraph above. > > > > > > > > Would it be possible to implement my custom KeystoreInstance or > should > > I > > > > be > > > > thinking of subclassing the component? > > > > > > > > Best regards. > > > > > > > > Sebastian Gomez > > > > > > > > On Jan 18, 2008 1:24 PM, Guillaume Nodet <[EMAIL PROTECTED]> wrote: > > > > > > > > > I'm not aware of anything done on this subject. > > > > > What kind of data do you retrieve from the smartcard and how ? > > > > > Do you simply retrieve the certificate ? > > > > > servicemix-http uses an abstraction on top of a keystore so you > may > > be > > > > > able to implement you own that would delegate calls to the > smartcard > > > > > somehow. > > > > > > > > > > > > > > > > > > > > > > > > > http://svn.apache.org/viewvc/servicemix/smx3/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/keystore/KeystoreInstance.java?revision=602826&view=markup > > > > > > > > > > On Jan 18, 2008 11:07 AM, Sebas Gomez <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > Hello. > > > > > > > > > > > > I need to access a web service secured with WS-Security using a > > > Smart > > > > > > Card. > > > > > > If I had the security certificate in local, I know I could set > the > > > > > > http:sslParameters with the path of the keystore and its > keystore > > > > > > password, > > > > > > but this is not the case. > > > > > > > > > > > > I suppose I will have to extend either servicemix-http or > > > > servicemix-cxf > > > > > > to > > > > > > support reading smart cards, but I don't know if there is an > > easier > > > > > > workaround. > > > > > > > > > > > > Is there anything similar already implemented? If not, I would > > > > > appreciate > > > > > > any kind of indication as to what would be the best way to solve > > > this > > > > > > problem. > > > > > > > > > > > > Best regards. > > > > > > > > > > > > Sebastian Gomez > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Cheers, > > > > > Guillaume Nodet > > > > > ------------------------ > > > > > Blog: http://gnodet.blogspot.com/ > > > > > > > > > > > > > > > > > > > > > -- > > > Cheers, > > > Guillaume Nodet > > > ------------------------ > > > Blog: http://gnodet.blogspot.com/ > > > > > > > > > -- > Cheers, > Guillaume Nodet > ------------------------ > Blog: http://gnodet.blogspot.com/ >
