
# Build componentJarOne.jar
# ...
# Generate a new signing key.
keytool -genkey -keystore my.keystore -alias componentSignerOne
# Sign the component jar.
jarsigner -keystore my.keystore componentJarOne.jar componentSignerOne
# Build a deployable unit
# ...
For further details on the use of keytool and jarsigner, see Sun’s tool documentation at
http://java.sun.com/j2se/1.4.1/docs/tooldocs/tools.html
.
When deployed, the extracted component will reside somewhere in
$RHINO_WORK_DIR/deployments
. Grant permissions in
the Rhino security policy based on this codeBase and a signedBy rule that refers to the signer for the component jar:
keystore "my.keystore";
grant codeBase "@RHINO_WORK_DIR@/deployments/-"
signedBy "componentSignerOne"
{
permission ..... ;
};
15.5 Key Stores
The Resource Adaptor deployable units installed with Rhino contain component jars which have already been signed. The
public keys of the signers are provided in a keystore located at
$RHINO_HOME/rhino-public.keystore
,
$RHINO_HOME/rhino-private.keystore
; the keystore and the keys have a default
passphrase of “changeit”. The default
rhino.policy
file grants necessary permissions to the resource adaptors for basic
operation.
To export the public key certificate out from the
rhino-private.keystore
execute the following command:
keytool -export -storepass insecurity \\
-keystore rhino-private.keystore \\
-alias componentOneSigner \\
| keytool -import \\
-storepass changeit \\
-keystore rhino-public.keystore \\
-alias componentOneSigner \\
-noprompt
It may be necessary to grant additional security permissions to the resource adaptors, depending on the environment they are
deployed in. The most likely additional permission needed will be ‘
java.net.SocketPermission
’, to connect and accept
connections from hosts other than localhost.
Table 15.1 shows the signer aliases used to sign each resource adaptor:
15.6 Transport Layer Security
Network components communicate securely using a secure socket factory.
Open Cloud Rhino 1.4.3 Administration Manual v1.1 91
Komentáře k této Příručce