| Re: [higgins-dev] Custom SSL Socket Factory for JNDI CP |
|
I agree, but the other end of the spectrum has people pulling in a great number of jar files. Plus there's the project-related maintenance that each new project incurs (see component owner's checklist).
So we want a good balance -- is there conceptually a project that could contain this and other security-related common code? Maybe even where the scope is more narrow, like "transport" or "transport security".
Jim
>>> Michael McIntosh <mikemci@xxxxxxxxxx> 6/7/07 1:52 PM >>> higgins-dev-bounces@xxxxxxxxxxx wrote on 06/07/2007 03:37:51 PM: > Jim and I were just discussing a method where I could have my > Singleton use a non-Singleton version of the code so I could have > what JNDI needs and a general socket factory for everyone else > to use. I'm going to go ahead a do that when I can get to it. > > Anyone have a good idea for a higgins commons area? Things > that are small and don't fit anywhere and don't warrant a separate > project? The problem with not putting it into a separate project is that it drags a "commons" has a lot of dependancies. If you don't need all the common functionality you do't want to drag in JARs you don't need. > > Tom > > >>> "Tom Doman" <TDoman@xxxxxxxxxx> 6/7/2007 11:10 AM >>> > I'd like to do that but I'd have to not have it be a Singleton which is > currently required by the way the custom socket factory is set for > JNDI. That is, you have to give it a class name instead of an instance. > > I've got an e-mail in to the JNDI dev list to see if there's a way to > set an instance or any other ideas they might have to share the > same code within the same JVM while configuring it differently for > each consumer. > > Anyone here have an idea? > > Tom > > >>> Michael McIntosh <mikemci@xxxxxxxxxx> 6/6/2007 8:32 PM >>> > It seems like this functionality is needed throughout for clients to > connect to specific SSL server (LDAP. STS, MEX, etc.). It would be great > if this could be done in a re-usable way. > > Thanks, > Mike > > higgins-dev-bounces@xxxxxxxxxxx wrote on 06/06/2007 07:03:59 PM: > > > I'm not sure I understand the question. Are you asking ...? > > > > 1. Will the socket factory be configured independently separately > > from the JNDI CP? > > No, regardless of which configuration code we use, the setting of > > the trust store and other settings (ie. an "ldaps" address) that > > cause us to use the custom socket factory are simply specific > > configuration settings for the JNDI CP. Unless [#3]. > > > > 2. Will the JNDI CP become a configurable component? > > Yes, that's in progress. Actually, I had to defer that effort to create > > this custom SSL Socket Factory for our old Identity Abstraction and > > so I brought that code forward because we need it in Higgins as well > > because the current JNDI CP effects the entire JVM when it's trust > > store is configured. Anyway, next task for me is to get back to using > > the common configuration code in the JNDI CP. > > > > 3. Could it be commonly configured and used by other components? > > Yes, I suppose it could. Right now it's a singleton but there's nothing > > JNDI or LDAP specific about > > it except that it's being used solely by the JNDI CP to isolate itself > > from effecting the default SSL Socket Factory every other process > > in the JVM will use. > > > > 4. Something else? > > > > Tom > > > > >>> Anthony Nadalin <drsecure@xxxxxxxxxx> 6/6/2007 4:21 PM >>> > > > > So this would socket factory would be configured by configuration > > component ? > > > > Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 > > > > > > > > "Tom Doman" > > <TDoman@xxxxxxxxx > > m> To > > Sent by: "Higgins (Trust Framework) > Project > > higgins-dev-bounc developer discussions" > > es@xxxxxxxxxxx <higgins-dev@xxxxxxxxxxx> > > cc > > > > 06/06/2007 03:04 Subject > > PM [higgins-dev] Custom SSL Socket > > Factory for JNDI CP > > > > Please respond to > > "Higgins \(Trust > > Framework\) > > Project developer > > discussions" > > <higgins-dev@ecli > > pse.org> > > > > > > > > > > > > > > I have created a custom SSL socket factory for use with the JNDI CP. > This > > allows the JNDI configured trust store to be specific to the JNDI CP > secure > > sockets instead of the store store for entire JVM as it currently is. > > Unless this is considered a necessary bug fix by someone, I guess I'll > just > > check it in to the forked branch. Let me know if you have any > questions. > > > > Tom > > > > > > _______________________________________________ > > higgins-dev mailing list > > higgins-dev@xxxxxxxxxxx > > https://dev.eclipse.org/mailman/listinfo/higgins-dev > > > > _______________________________________________ > > higgins-dev mailing list > > higgins-dev@xxxxxxxxxxx > > https://dev.eclipse.org/mailman/listinfo/higgins-dev > > _______________________________________________ > higgins-dev mailing list > higgins-dev@xxxxxxxxxxx > https://dev.eclipse.org/mailman/listinfo/higgins-dev > > _______________________________________________ > higgins-dev mailing list > higgins-dev@xxxxxxxxxxx > https://dev.eclipse.org/mailman/listinfo/higgins-dev > _______________________________________________ > higgins-dev mailing list > higgins-dev@xxxxxxxxxxx > https://dev.eclipse.org/mailman/listinfo/higgins-dev _______________________________________________ higgins-dev mailing list higgins-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins-dev |