Re: Customizing SSL with jdbc

Kris Jurka wrote:
>
> On Thu, 16 Sep 2004, Oliver Jowett wrote:
>
>
>>I'm not sure how that extra level of indirection gives you anything.
>>Haven't you just gone from "how do I configure my new SSLSocketFactory
>>instance without context?" to "how do I configure my new
>>SSLSocketFactoryFactory instance without context?" ?
>
>
> The class itself is the context. That is, if you need to say have a number
> of keystore locations each one gets its own wrapper factory class.

I still don't see why this requires an extra interface; you can do this
using only SSLSocketFactory itself.

> Its
> definitely ugly,

Hideously ugly, in fact..

> but so is programmatically setting things on the
> org.postgresql.Driver class. That approach also requires you getting in
> there to touch the Driver class before a connection is established, which
> is unclear to me how to accomplish in an application server environment
> where a pool is setup for you.

You'd do it on the DataSource as part of configuring the appserver's
pool. I wonder how we can do this generically though -- I will need to
dig through the javabean spec for details of what sort of accessors you
can use for setting something like a SSLSocketFactory subclass. Ideally
the appserver should let the administrator instantiate a
(javabean-accessor-implementing) SSLSocketFactory subclass by class name
(& presumably classpath), configure it, then set it onto the
DataSource.. and the whole lot gets serialized into JNDI, etc.

(note that in this scenario the appserver doesn't need to know anything
postgresql-driver-specific)

-O