Hi,
I would like to know if there´s a way for authorizing processes using digital signature (i.e. using self signed certificates (.pfx files)).
Thankyou in advance
Regards.
Luis
Interesting idea and definitely worth pursuing in the ideas section/on atlasian.
As far as I’m aware it is not possible today to auth processes themselves, but it might (note I say might) be possible to do this on the java connectors which can then be applied to processes…
My thinking is as follows but NOT tested…
- Apply certificate to Tomcat
- Export Java Connector (abc) to abc.zip
- Unzip the file and open classpath
- digitally sign the abc.jar
- Zip the whole directory giving you a new abc.zip
- Import into the certified Tomcat
Apply the new signed connector to the process pool - as the very first on enter connector. This would stop the process if not authorized at the first point of call and before anything else happens.
Not perfect but as an idea it may be possible and I might look to try this later. If you get to try it before I do your feedback would be invaluable.
regards
Seán
Seán,
Thankyou, im going to try your idea by the weekend. I’ll let you know how’s it going.
Regards
Luis
Hi Luis,
I came across this article and company re Java security during the weekend…
If you need it that is…
Disclosure: I don’t deal with either of these companies and have no interest in advertising them. This is for information specific to Java security only.
regards
Seán
PS: maybe Bonita could have a look at this also and provide fully integrated secured versions of Bonita?