ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-339) OCSP support
Date Thu, 16 Feb 2012 00:52:59 GMT

    [ https://issues.apache.org/jira/browse/WSS-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209029#comment-13209029
] 

Freeman Fang commented on WSS-339:
----------------------------------

Hi Colm,

Thanks for your reply.
But this issue is different with the case tracked by WSS-338. 
As this isn't controlled by a system property, it's Security property, so we have to specify
ocsp.enable property in $JAVA_HOME/jre/lib/security/java.security which will affect whole
JDK or left end user to use Security.setProperty("ocsp.enable", "true") programmatically.

Specify it in $JAVA_HOME/jre/lib/security/java.security isn't acceptable normally as it will
affect whole JDK, we can easily run into the problem that one JVM process wanna ocsp.enable=true
but the other doesn't.

Also only let end user programmatically use Security.setProperty isn't acceptable too as we
do need provide a configurable way to specify ocsp.enable, that why I introduce  enableOCSP
property for WSHanlder here, so end user can control everything they want just through wss4j
typical configuration way.

WDYT?

Best Regards
Freeman 
                
> OCSP support
> ------------
>
>                 Key: WSS-339
>                 URL: https://issues.apache.org/jira/browse/WSS-339
>             Project: WSS4J
>          Issue Type: Improvement
>            Reporter: Freeman Fang
>            Assignee: Colm O hEigeartaigh
>         Attachments: WSS-339.patch
>
>
> currently WSS4J already support CRL for revocation check, it would be better that we
can also support OCSP through WSS4J configuration.
> Though we can set ocsp.enable property in $JAVA_HOME/jre/lib/security/java.security to
enable OCSP but it's effect JVM wide, I'd like to introduce a property in WSHandlerConstants
like enableOCSP which can trigger code like
> Security.setProperty("ocsp.enable", enableOCSP);
> This should be similar with the property enableRevocation,  the logic is
> if (enableRevocation && enableOCSP) {
>     //use OCSP to do revocation check.
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message