0 Replies Latest reply on Oct 28, 2012 11:12 AM by bruce dyer

    JBoss4 to JBoss7 migration.  JSSE Security domain is not valid. SSL+Cert

    bruce dyer Newbie

      I'm migrating existing webapps from JBoss4 to JBoss7. 

      jboss-as-7.1.1.Final

      jdk1.6.0_31

      x64

       

      In standalone.xml

       

      I have configured the https connector in the subsystem:    urn:jboss:domain:web:1.1

           <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">

                  <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

                  <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

                      <ssl name="myapp-cert" key-alias="myalias" password="-----" certificate-key-file="${jboss.server.base.dir}/ssl/cert/trust.jks"   

                         protocol="TLSv1" verify-client="true" ca-certificate-file="${jboss.server.base.dir}/ssl/cert/trust.jks"/>

                  </connector>

                  <virtual-server name="default-host" enable-welcome-root="true">

                      <alias name="localhost"/>

                  </virtual-server>

              </subsystem>

       

      I have configured security-domains in the subsystem:  urn:jboss:domain:security:1.1

            <security-domain name="admin-app" cache-type="default">

                          <authentication>

                              <login-module code="us.gov.dod.don.navy.n093.security.CustomCertLoginModule" flag="required">

                                  <module-option name="securityDomain" value="java:/jaas/myapp-cert"/>

                                  <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>

                                  <module-option name="dsJndiName" value="java:/abc"/>

                                  <module-option name="rolesQuery" value="SELECT distinct cr.role_name  = .....?"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      I have a configured the datasource       

           <datasource jndi-name="java:/abc" pool-name="DS2" enabled="true" use-java-context="true">

                          <connection-url>jdbc:oracle:thin:@localhost:1521:aaa</connection-url>

                          <driver>oracle</driver>

                          <security>

                              <user-name>-----</user-name>

                              <password>-------</password>

                          </security>

                      </datasource>

       

      The login-module code CustomCertLoginModule custom login class extends DatabaseCertLoginModule.

      As soon as the customCertLoginModule executes super.initialize(), it throws an error of  " The JSSE security domain myapp-cert is not valid. All authentication using this login module will fail!"

      What other configuration is necessary in the standalone.xml file?