axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Van Sande <sebast...@vansande.org>
Subject Re: Reload keystore file
Date Thu, 29 Jan 2009 08:26:48 GMT
Hi,

Thanks for your reply, Yves Marie!

Unfortunately, restarting the application is something we don't want since
this application will run 24/7 in a production environment.

I'm looking for a way to let Axis2 know to reload the keystore file, at
runtime without restarting my application.
I know *when* it has to reload the keystore file, I just don't know *how* to
do this in code.

If anyone knows how to let Axis2 reload the keystore file, let me know!

Kind regards,
Sebastian

On Thu, Jan 29, 2009 at 9:11 AM, DANIEL, Yves Marie <
yves-marie.daniel@capgemini.com> wrote:

>  Hi !
>
> With a Jonas application server and a mutual authentication with SSL, we
> find that we had to restart Jonas so it could see change the changes of path
> or content for keystores. It seems to be the same with tomcat, don't know if
> it Axis2 or the application server.
>
> Yves-Marie
>
>  ------------------------------
> *De :* Sebastian Van Sande [mailto:sebastian@vansande.org]
> *Envoyé :* jeudi 29 janvier 2009 08:07
> *À :* axis-user@ws.apache.org
> *Objet :* Re: Reload keystore file
>
> Does anyone have a clue how I can refresh the keystore in axis2?
> Thank you.
>
> On Wed, Jan 28, 2009 at 10:56 AM, Sebastian Van Sande <
> sebastian@vansande.org> wrote:
>
>> Hi,
>>
>> I have a problem with Axis2.
>>
>> At my project, we have an Microsoft Exchange 2007, and some other project
>> has created an API to interact with this Exchange server with the help of
>> Axis2.
>> This other project uses a Websphere server to manage a keystore to do
>> basic authentication over SSL.
>> My application on the otherhand runs as a standalone application, and I
>> have to manage the keystore myself.
>>
>> Now, I managed to use this keystore to calling the Exchange 2007 Web
>> services over SSL, and it works great.
>> But, as you probably know, certificates expire ... and they have to get
>> renewed.
>>
>> So, I managed to create something a 'KeyStoreManager' that will fetch the
>> new certificates from the Exchange server and put it in the keystore file.
>> And this works great as well .. *IF* I restart my application.
>>
>> When my application modifies the keystore file, it looks like Axis2 is
>> using some caching mechanism. Because when I make the web service call again
>> (after inserting the new certificate in my keystore), it can't authenticate
>> because it cached the keystore file in memory.
>>
>> To specify the keystore to Axis2, I use this code:
>>
>>             System.setProperty("javax.net.ssl.trustStore",
>> "/path/to/keystore.jks");
>>             System.setProperty("javax.net.ssl.trustStorePassword",
>> "thisisnottherealpassword");
>>
>> To extract the new certificate and add it to my keystore, I use code based
>> on the one you can find at
>> http://helpdesk.objects.com.au/java/how-do-i-programatically-extract-a-certificate-from-a-site-and-add-it-to-my-keystore
>>
>> The problem is: when the keystore file is updated with the new
>> certificate, axis2 doesn't seem to know about it because it uses a cached
>> version of the keystore file.
>>
>> So my question is: how can I clear this axis2 keystore cache in some way
>> so axis2 will be forced to read the keystore file again?
>>
>> Thank you for your help,
>>
>> Kind regards,
>> Sebastian
>
>
>
>
>
> This message contains information that may be privileged or confidential and is the property
of the Capgemini Group. It is
> intended only for the person to whom it is addressed. If you are not the intended recipient,
you are not authorized to
> read, print, retain, copy, disseminate, distribute, or use this message or any part thereof.
If you receive this message
> in error, please notify the sender immediately and delete all copies of this message.
>
>

Mime
View raw message