3

我想访问在我的 Web 应用程序的 Weblogic 的自定义密钥库配置中配置的身份密钥库 (JKS)。如何在不依赖以下环境属性的情况下让 weblogic 公开它:-Djavax.net.ssl.Keystore、-Djavax.net.ssl.KeystorePassword。

4

1 回答 1

2

You can use following code as a starting point.

A couple of notes:

  • User executing the code needs to belong to a group called OracleSystemGroup
  • Keystore is loaded from file system which is not recommended by EJB specification. But I think that file reading can be safely done.
  • Keystore passphrase is contained in java.lang.String, which is not recommended.

Because of these cons I am investigating a better approach. I have been trying to find a WebLogic service which would provide services to access certificates and keys in identity store. It seems that there is not one.

InitialContext ic = new InitialContext();
MBeanServer server = (MBeanServer) ic.lookup("java:comp/env/jmx/runtime");

// Get access to server configuration
ObjectName runtime = new ObjectName("com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean");
ObjectName serverConfig = (ObjectName) server.getAttribute(runtime, "ServerConfiguration");

/* Load identity store location and passphrase.
 * If e.g. Demo identity has been configured (in WL console) instead of
 * custom identity then the following does not work.
 */

// Passphrase as clear text
Object keyStorePassPhrase = server.getAttribute(serverConfig, "CustomIdentityKeyStorePassPhrase");
Object keyStoreFileName = server.getAttribute(serverConfig, "CustomIdentityKeyStoreFileName");

// Load keystore
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(keyStoreFileName.toString()),
        keyStorePassPhrase.toCharArray());
于 2013-06-05T09:50:30.910 回答