1 Reply Latest reply on Nov 14, 2006 10:13 AM by oliverhrdz

Trouble With EncryptKeystorePasswordInTomcatConnector Wiki

oliverhrdz Nov 10, 2006 6:12 PM

I've tried this in both 4.0.4 and the just released 4.0.5, since this Wiki states the functionality to encrypt the keystore password in the Tomcat connector config has been "available since a long long time". It references JBAS-3369 as the task that enabled this feature.

I created an sslsecurity-service.xml file in my /deploy directory, and am certain it is configured correctly because I setup my JMS UIL2 to use it, and it starts up fine.

sslsecurity-service.xml:

<?xml version="1.0" encoding="UTF-8"?>

<server>

 <!-- Configures the keystore/truststore for SSL on the security domain -->
 <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
 name="jboss.security:service=PBESecurityDomain">
 <constructor>
 <arg type="java.lang.String" value="SSL"/>
 </constructor>
 <!-- The location of the keystore
 resource: loads from the classloaders conf/ is the first classloader -->
 <attribute name="KeyStoreURL">resource:jbkeystore.ks</attribute>
 <attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/jbkeystore.pw</attribute>
 <attribute name="KeyStoreType">JCEKS</attribute>
 <attribute name="Salt">feefifofum</attribute>
 <attribute name="IterationCount">13</attribute>
 </mbean>

</server>

section in ssl-uil2-service.xml referencing security domain:

 <!-- SSL Socket Factories -->
 <attribute name="ClientSocketFactory">org.jboss.security.ssl.ClientSocketFactory</attribute>
 <attribute name="ServerSocketFactory">org.jboss.security.ssl.DomainServerSocketFactory</attribute>

 <!-- Security domain - see below -->
 <attribute name="SecurityDomain">java:/jaas/SSL</attribute>

I did comment out the original security domain config in this file so that the new one would be used instead.

server.log:

2006-11-10 16:51:21,773 INFO [org.apache.catalina.startup.Embedded] (main) Catalina naming disabled
2006-11-10 16:51:21,923 INFO [org.apache.catalina.startup.ClusterRuleSetFactory] (main) Unable to find a cluster rule set in the classpath. Will load the default rule set.
2006-11-10 16:51:21,923 INFO [org.apache.catalina.startup.ClusterRuleSetFactory] (main) Unable to find a cluster rule set in the classpath. Will load the default rule set.
2006-11-10 16:51:22,604 ERROR [org.apache.catalina.startup.Catalina] (main) Catalina.start
LifecycleException: Protocol handler initialization failed: java.lang.IllegalArgumentException: Failed to set security domain
 at org.apache.catalina.connector.Connector.initialize(Connector.java:1018)
 at org.jboss.web.tomcat.tc5.StandardService.initialize(StandardService.java:688)
 at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791)
 at org.apache.catalina.startup.Catalina.load(Catalina.java:503)
 at org.apache.catalina.startup.Catalina.start(Catalina.java:543)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.apache.commons.modeler.BaseModelMBean.invoke(BaseModelMBean.java:503)
 at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.web.tomcat.tc5.Tomcat5.startService(Tomcat5.java:446)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
 at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
 at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
 at $Proxy0.start(Unknown Source)
 at org.jboss.system.ServiceController.start(ServiceController.java:417)
 at org.jboss.system.ServiceController.start(ServiceController.java:435)
 at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy4.start(Unknown Source)
 at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302)
 at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy6.deploy(Unknown Source)
 at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:421)
 at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:634)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:336)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
 at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
 at $Proxy0.start(Unknown Source)
 at org.jboss.system.ServiceController.start(ServiceController.java:417)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy4.start(Unknown Source)
 at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302)
 at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy5.deploy(Unknown Source)
 at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482)
 at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
 at org.jboss.Main.boot(Main.java:200)
 at org.jboss.Main$1.run(Main.java:490)
 at java.lang.Thread.run(Thread.java:595)
2006-11-10 16:51:22,794 INFO [org.apache.catalina.startup.Catalina] (main) Initialization processed in 871 ms
2006-11-10 16:51:22,794 INFO [org.jboss.web.tomcat.tc5.StandardService] (main) Starting service jboss.web
2006-11-10 16:51:22,804 INFO [org.apache.catalina.core.StandardEngine] (main) Starting Servlet Engine: Apache Tomcat/5.5.20
2006-11-10 16:51:22,864 INFO [org.apache.catalina.core.StandardHost] (main) XML validation disabled
2006-11-10 16:51:23,946 INFO [org.apache.catalina.startup.Catalina] (main) Server startup in 1152 ms
2006-11-10 16:51:24,797 INFO [org.jboss.web.tomcat.tc5.TomcatDeployer] (main) deploy, ctxPath=/invoker, warUrl=.../deploy/http-invoker.sar/invoker.war/
2006-11-10 16:51:25,448 INFO [org.apache.catalina.loader.WebappLoader] (main) Dual registration of jndi stream handler: factory already defined
2006-11-10 16:51:27,571 INFO [org.jboss.web.tomcat.tc5.TomcatDeployer] (main) deploy, ctxPath=/, warUrl=.../deploy/jbossweb-tomcat55.sar/ROOT.war/
2006-11-10 16:51:28,032 INFO [org.jboss.resource.deployment.RARDeployment] (main) Required license terms exist, view META-INF/ra.xml in .../deploy/jboss-local-jdbc.rar
2006-11-10 16:51:32,348 INFO [org.jboss.resource.adapter.jdbc.remote.WrapperDataSourceService] (main) Bound ConnectionManager 'jboss.jca:service=DataSourceBinding,name=OracleDS' to JNDI name 'java:OracleDS'
2006-11-10 16:51:33,640 INFO [STDOUT] (main) com.sun.net.ssl.internal.ssl.SSLSessionContextImpl@13a8eb1
2006-11-10 16:51:33,850 INFO [org.jboss.mq.il.uil2.UILServerILService] (main) JBossMQ UIL service available at : /0.0.0.0:9000
2006-11-10 16:51:34,010 INFO [org.jboss.mq.server.jmx.Queue.DLQ] (main) Bound to JNDI name: queue/DLQ
2006-11-10 16:51:34,101 INFO [org.jboss.web.tomcat.tc5.TomcatDeployer] (main) deploy, ctxPath=/jmx-console, warUrl=.../deploy/jmx-console.war/
2006-11-10 16:51:35,583 INFO [org.jboss.web.tomcat.tc5.TomcatDeployer] (main) deploy, ctxPath=/utilservlets, warUrl=.../tmp/deploy/tmp30167utilservlets-exp.war/
2006-11-10 16:51:36,113 ERROR [org.apache.coyote.http11.Http11BaseProtocol] (main) Error starting endpoint
java.io.IOException: securityDomain is null.Set it as an attribute in the connector setting
 at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125)
 at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:98)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:294)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)
 at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150)
 at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75)
 at org.apache.catalina.connector.Connector.start(Connector.java:1089)
 at org.jboss.web.tomcat.tc5.Tomcat5.startConnectors(Tomcat5.java:590)
 at org.jboss.web.tomcat.tc5.Tomcat5.handleNotification(Tomcat5.java:627)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)
 at $Proxy18.handleNotification(Unknown Source)
 at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)
 at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)
 at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:908)
 at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
 at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
 at org.jboss.Main.boot(Main.java:200)
 at org.jboss.Main$1.run(Main.java:490)
 at java.lang.Thread.run(Thread.java:595)
2006-11-10 16:51:36,153 WARN [org.jboss.web.tomcat.tc5.Tomcat5] (main) Failed to startConnectors
LifecycleException: service.getName(): "jboss.web"; Protocol handler start failed: java.io.IOException: securityDomain is null.Set it as an attribute in the connector setting
 at org.apache.catalina.connector.Connector.start(Connector.java:1096)
 at org.jboss.web.tomcat.tc5.Tomcat5.startConnectors(Tomcat5.java:590)
 at org.jboss.web.tomcat.tc5.Tomcat5.handleNotification(Tomcat5.java:627)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)
 at $Proxy18.handleNotification(Unknown Source)
 at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)
 at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)
 at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:908)
 at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
 at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
 at org.jboss.Main.boot(Main.java:200)
 at org.jboss.Main$1.run(Main.java:490)
 at java.lang.Thread.run(Thread.java:595)
2006-11-10 16:51:36,153 INFO [org.jboss.system.server.Server] (main) JBoss (MX MicroKernel) [4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)] Started in 33s:698ms

TIA for any help!

1. Re: Trouble With EncryptKeystorePasswordInTomcatConnector Wi

oliverhrdz Nov 14, 2006 10:13 AM (in response to oliverhrdz)

Has no one else tried to use this new capability? It was added per JBAS-3369, so my project surely can't be the only ones trying this.
Actions