[JBPAPP-5882] Document - Add options to retrieve keys and certificates from JaasSecurityDomain - JBoss Issue Tracker

XML

Word

Printable

Details

Type: Feature Request
Status: Closed (View Workflow)
Priority: Major
Resolution: Done
Affects Version/s: EAP_EWP 5.1.0
Fix Version/s: EAP_EWP 5.2.0
Component/s: Documentation, Security
Labels:
- JBoss_Security_UG

Affects:

Documentation (Ref Guide, User Guide, etc.)
Estimated Difficulty:
Medium
Release Notes Text:

Hide
Exposing the keystore or truststore password in JaasSecurityDomain is insecure. Two methods have been added to retrieve private keys and certificates directly from the JSD, so that they can be used by external components. These methods are <code>getKey</code> and <code>getCertificate</code>. The <code>getKey</code> method requires you to provide a security token.

Show
Exposing the keystore or truststore password in JaasSecurityDomain is insecure. Two methods have been added to retrieve private keys and certificates directly from the JSD, so that they can be used by external components. These methods are <code>getKey</code> and <code>getCertificate</code>. The <code>getKey</code> method requires you to provide a security token.
Release Notes Docs Status:
Documented as Resolved Issue
Docs QE Status:
ASSIGNED

Description

Since we don't want to expose the keystore/truststore password in JaasSecurityDomain we need to add options to retrieve private keys and certificates directly from the JSD so they can be used by external components.

Gliffy Diagrams

Attachments

Issue Links

cloned from

JBPAPP-5578 Add options to retrieve keys and certificates from JaasSecurityDomain

Closed

Activity

People

Assignee:

Eva Kopalova

Reporter:

Marcus Moyses

Writer:

Eva Kopalova

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

07/Feb/11 1:18 AM

Updated:

19/Sep/12 2:56 AM

Resolved:

02/Feb/12 4:42 AM