JBoss4 to JBoss7 migration. JSSE Security domain is not valid. SSL+Cert
bdyerjboss Oct 28, 2012 11:12 AMI'm migrating existing webapps from JBoss4 to JBoss7.
jboss-as-7.1.1.Final
jdk1.6.0_31
x64
In standalone.xml
I have configured the https connector in the subsystem: urn:jboss:domain:web:1.1
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="myapp-cert" key-alias="myalias" password="-----" certificate-key-file="${jboss.server.base.dir}/ssl/cert/trust.jks"
protocol="TLSv1" verify-client="true" ca-certificate-file="${jboss.server.base.dir}/ssl/cert/trust.jks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
</virtual-server>
</subsystem>
I have configured security-domains in the subsystem: urn:jboss:domain:security:1.1
<security-domain name="admin-app" cache-type="default">
<authentication>
<login-module code="us.gov.dod.don.navy.n093.security.CustomCertLoginModule" flag="required">
<module-option name="securityDomain" value="java:/jaas/myapp-cert"/>
<module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
<module-option name="dsJndiName" value="java:/abc"/>
<module-option name="rolesQuery" value="SELECT distinct cr.role_name = .....?"/>
</login-module>
</authentication>
</security-domain>
I have a configured the datasource
<datasource jndi-name="java:/abc" pool-name="DS2" enabled="true" use-java-context="true">
<connection-url>jdbc:oracle:thin:@localhost:1521:aaa</connection-url>
<driver>oracle</driver>
<security>
<user-name>-----</user-name>
<password>-------</password>
</security>
</datasource>
The login-module code CustomCertLoginModule custom login class extends DatabaseCertLoginModule.
As soon as the customCertLoginModule executes super.initialize(), it throws an error of " The JSSE security domain myapp-cert is not valid. All authentication using this login module will fail!"
What other configuration is necessary in the standalone.xml file?