tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pae Choi" <paec...@earthlink.net>
Subject Externalizing the Configurable Inforamtion in TOMCAT -- Especially Security related Package
Date Fri, 01 Nov 2002 02:17:49 GMT
Folks,

As J2SDK v1.4.x made changes including the SSL/TLS related APIs, we
are no longer in need to embed the SUN's provider package, e.g.,

import com.sun.net.ssl.KeyManagerFactory;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManagerFactory;

as defined in the org.apache.catalina.net.SSLServerSocketFactory.

We now more use the javax.net.ssl.* package with J2SDK v4.x and
a good sample is the "RMI Using SSL" The sample came with J2SDK v1.3.x
and J2SDK v1.4.x are good example for the differences.

I am thinking that it would be better for international users and more
usability as well as acceptability, if TOMCAT can externalize the definitions
of configurable info. e.g., provider name, type of key store, etc.

Would it be possble to ask you, especially Harish Prabandham, Costin
Manolache, and Craig McClanahan, to add this in the future release.

+ Support for "PKCS12" key store type in addition to JKS
+ Ability to define the security provier package in the external
   configuration file. This can be one of three ways we can define the
   1. Use the "java.security"
   2. Use the command-line to deifne the sytem properties
   3. Embed it in the code as the TOMCAT does.

In this way we can continuously use the SUN's provider package as well
as other packages based on the USER's prference. BouncyCastle can be
one of packages other than SUN's package. Please note that I am not
againsnt any specifc vendor not package, but just think that it would
create ore flexibility.

I for one am very happy with you folks' work. And thank you always. Any
comments on this are welcome and will be appreciated.

Regards,


Pae



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message