我的应用程序如何访问在Weblogic管理控制台中配置的密钥库? [英] How can my application access the keystore configured in Weblogic admin console?
问题描述
我想访问Web应用程序中Weblogic的自定义"密钥库配置中配置的身份"密钥库(JKS).如何在不依赖以下环境属性的情况下使weblogic公开此信息:-Djavax.net.ssl.Keystore,-Djavax.net.ssl.KeystorePassword.
I would like to access the Identity keystores (JKS) configured in Weblogic's Custom keystore configuration in my web application. How can I get weblogic to expose this without relying on the following environment properties: -Djavax.net.ssl.Keystore, -Djavax.net.ssl.KeystorePassword.
推荐答案
您可以使用以下代码作为起点.
You can use following code as a starting point.
一些注意事项:
- 执行代码的用户必须属于一个名为
OracleSystemGroup
的组
- 密钥库是从文件系统加载的,EJB规范不建议这样做.但是我认为可以安全地进行文件读取.
- 密钥库密码包含在
java.lang.String
中,不建议这样做.
- User executing the code needs to belong to a group called
OracleSystemGroup
- Keystore is loaded from file system which is not recommended by EJB specification. But I think that file reading can be safely done.
- Keystore passphrase is contained in
java.lang.String
, which is not recommended.
由于这些缺点,我正在研究一种更好的方法.我一直在尝试找到一种WebLogic服务,该服务将提供用于访问身份存储中的证书和密钥的服务.似乎没有一个.
Because of these cons I am investigating a better approach. I have been trying to find a WebLogic service which would provide services to access certificates and keys in identity store. It seems that there is not one.
InitialContext ic = new InitialContext();
MBeanServer server = (MBeanServer) ic.lookup("java:comp/env/jmx/runtime");
// Get access to server configuration
ObjectName runtime = new ObjectName("com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean");
ObjectName serverConfig = (ObjectName) server.getAttribute(runtime, "ServerConfiguration");
/* Load identity store location and passphrase.
* If e.g. Demo identity has been configured (in WL console) instead of
* custom identity then the following does not work.
*/
// Passphrase as clear text
Object keyStorePassPhrase = server.getAttribute(serverConfig, "CustomIdentityKeyStorePassPhrase");
Object keyStoreFileName = server.getAttribute(serverConfig, "CustomIdentityKeyStoreFileName");
// Load keystore
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(keyStoreFileName.toString()),
keyStorePassPhrase.toCharArray());
这篇关于我的应用程序如何访问在Weblogic管理控制台中配置的密钥库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!