Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-5578

Add options to retrieve keys and certificates from JaasSecurityDomain

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • EAP_EWP 5.1.1
    • EAP_EWP 5.1.0
    • Security
    • None
    • Hide
      Exposing the keystore or truststore password in JaasSecurityDomain is insecure. Two options have been added to retrieve private keys and certificates directly from the JSD, so that they can be used by external components. These methods are <code>getKey</code> and <code>getCertificate</code>. The <code>getKey</code> method requires you to provide a security token.
      Show
      Exposing the keystore or truststore password in JaasSecurityDomain is insecure. Two options have been added to retrieve private keys and certificates directly from the JSD, so that they can be used by external components. These methods are <code>getKey</code> and <code>getCertificate</code>. The <code>getKey</code> method requires you to provide a security token.
    • Documented as Resolved Issue

    Description

      Since we don't want to expose the keystore/truststore password in JaasSecurityDomain we need to add options to retrieve private keys and certificates directly from the JSD so they can be used by external components.

      Attachments

        Issue Links

          clones

          Feature Request - Feature requests from customers and/or users JBPAPP-5848 Document - Add options to retrieve keys and certificates from JaasSecurityDomain

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users JBPAPP-5882 Document - Add options to retrieve keys and certificates from JaasSecurityDomain

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              mmoyses Marcus Moyses (Inactive)
              mmoyses Marcus Moyses (Inactive)
              Misty Stanley-Jones Misty Stanley-Jones (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: