I use JBoss 4.2.3.GA. In previous task I've used base encryption mechanism which JBoss supports (WS-Security). I.e. I used keystore, truststore files for encryption and signing messages. As usually (in standard way) in jboss-wsse-* files were defined aliases of keys that must be used during crypt process. I used ws security configuration from JBoss in Action book.
That's Ok. Encryption works fine.
But in my current task I need to specify aliases for keys manually and dynamically. Task description:
I have several profiles. In every profile can be specifiey alias of public key that must be used for encrypting message.
I have keystore containing private/public key of server and public keys of clients that will send message to server
I need get alias from profile and encrypt message (on client side) using public key specified by this alias.
- So I need somehow to load data from keystore (it must resides in file system folder, i.e. outside ear file), get appropriate public key from it and then do encryption.
- After that I need to send message to remote web service (server side) that has private keys for decryption.
- Here I see several variants for server side logic: web service makes decryption using standard JBoss mechanism or I can do it manually loading keystore data and do decryption manually.
So the questions are about:
- Is there a way to specify for JBoss the file system directory to load keystores from?
- Can I specify alias for encryption for standard JBoss WSS mechanism to allow jboss to use this information in crypt process?
- If I must to do manual encryption/decryption then How can I wrap several Java-objects into WS message and then encrypt it using necessary alias and how to send this message to remote web service manually?
I just don't know how to start, what framework to use and even is it necessary to use external (non JBoss) frameworks for this...
If possible you can use Axis2 and Rampart. I've successfully used them both in a similar situation.
Rampart is an axis2 module for handling security and it exposes an API that allows you to define the key store location and aliases that you want to use, thus allowing you to define it dynamically.
Axis2
Rampart
Sample code:
PasswordCallbackHandler:
}
1&2: Defining keystore for jboss:
3: Encryption replacement (and manual too) example described here for axis2: http://www.javaranch.com/journal/2008/10/web-service-security-encryption-axis2.html