Trouble With EncryptKeystorePasswordInTomcatConnector Wiki
oliverhrdz Nov 10, 2006 6:12 PMI've tried this in both 4.0.4 and the just released 4.0.5, since this Wiki states the functionality to encrypt the keystore password in the Tomcat connector config has been "available since a long long time". It references JBAS-3369 as the task that enabled this feature.
I created an sslsecurity-service.xml file in my /deploy directory, and am certain it is configured correctly because I setup my JMS UIL2 to use it, and it starts up fine.
sslsecurity-service.xml:
<?xml version="1.0" encoding="UTF-8"?> <server> <!-- Configures the keystore/truststore for SSL on the security domain --> <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=PBESecurityDomain"> <constructor> <arg type="java.lang.String" value="SSL"/> </constructor> <!-- The location of the keystore resource: loads from the classloaders conf/ is the first classloader --> <attribute name="KeyStoreURL">resource:jbkeystore.ks</attribute> <attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/jbkeystore.pw</attribute> <attribute name="KeyStoreType">JCEKS</attribute> <attribute name="Salt">feefifofum</attribute> <attribute name="IterationCount">13</attribute> </mbean> </server>
section in ssl-uil2-service.xml referencing security domain:
<!-- SSL Socket Factories --> <attribute name="ClientSocketFactory">org.jboss.security.ssl.ClientSocketFactory</attribute> <attribute name="ServerSocketFactory">org.jboss.security.ssl.DomainServerSocketFactory</attribute> <!-- Security domain - see below --> <attribute name="SecurityDomain">java:/jaas/SSL</attribute>
I did comment out the original security domain config in this file so that the new one would be used instead.
server.log:
2006-11-10 16:51:21,773 INFO [org.apache.catalina.startup.Embedded] (main) Catalina naming disabled 2006-11-10 16:51:21,923 INFO [org.apache.catalina.startup.ClusterRuleSetFactory] (main) Unable to find a cluster rule set in the classpath. Will load the default rule set. 2006-11-10 16:51:21,923 INFO [org.apache.catalina.startup.ClusterRuleSetFactory] (main) Unable to find a cluster rule set in the classpath. Will load the default rule set. 2006-11-10 16:51:22,604 ERROR [org.apache.catalina.startup.Catalina] (main) Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.IllegalArgumentException: Failed to set security domain at org.apache.catalina.connector.Connector.initialize(Connector.java:1018) at org.jboss.web.tomcat.tc5.StandardService.initialize(StandardService.java:688) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791) at org.apache.catalina.startup.Catalina.load(Catalina.java:503) at org.apache.catalina.startup.Catalina.start(Catalina.java:543) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.commons.modeler.BaseModelMBean.invoke(BaseModelMBean.java:503) at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.web.tomcat.tc5.Tomcat5.startService(Tomcat5.java:446) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245) at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) at $Proxy0.start(Unknown Source) at org.jboss.system.ServiceController.start(ServiceController.java:417) at org.jboss.system.ServiceController.start(ServiceController.java:435) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy4.start(Unknown Source) at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy6.deploy(Unknown Source) at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:421) at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:634) at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263) at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:336) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245) at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) at $Proxy0.start(Unknown Source) at org.jboss.system.ServiceController.start(ServiceController.java:417) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy4.start(Unknown Source) at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy5.deploy(Unknown Source) at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482) at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362) at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:490) at java.lang.Thread.run(Thread.java:595) 2006-11-10 16:51:22,794 INFO [org.apache.catalina.startup.Catalina] (main) Initialization processed in 871 ms 2006-11-10 16:51:22,794 INFO [org.jboss.web.tomcat.tc5.StandardService] (main) Starting service jboss.web 2006-11-10 16:51:22,804 INFO [org.apache.catalina.core.StandardEngine] (main) Starting Servlet Engine: Apache Tomcat/5.5.20 2006-11-10 16:51:22,864 INFO [org.apache.catalina.core.StandardHost] (main) XML validation disabled 2006-11-10 16:51:23,946 INFO [org.apache.catalina.startup.Catalina] (main) Server startup in 1152 ms 2006-11-10 16:51:24,797 INFO [org.jboss.web.tomcat.tc5.TomcatDeployer] (main) deploy, ctxPath=/invoker, warUrl=.../deploy/http-invoker.sar/invoker.war/ 2006-11-10 16:51:25,448 INFO [org.apache.catalina.loader.WebappLoader] (main) Dual registration of jndi stream handler: factory already defined 2006-11-10 16:51:27,571 INFO [org.jboss.web.tomcat.tc5.TomcatDeployer] (main) deploy, ctxPath=/, warUrl=.../deploy/jbossweb-tomcat55.sar/ROOT.war/ 2006-11-10 16:51:28,032 INFO [org.jboss.resource.deployment.RARDeployment] (main) Required license terms exist, view META-INF/ra.xml in .../deploy/jboss-local-jdbc.rar 2006-11-10 16:51:32,348 INFO [org.jboss.resource.adapter.jdbc.remote.WrapperDataSourceService] (main) Bound ConnectionManager 'jboss.jca:service=DataSourceBinding,name=OracleDS' to JNDI name 'java:OracleDS' 2006-11-10 16:51:33,640 INFO [STDOUT] (main) com.sun.net.ssl.internal.ssl.SSLSessionContextImpl@13a8eb1 2006-11-10 16:51:33,850 INFO [org.jboss.mq.il.uil2.UILServerILService] (main) JBossMQ UIL service available at : /0.0.0.0:9000 2006-11-10 16:51:34,010 INFO [org.jboss.mq.server.jmx.Queue.DLQ] (main) Bound to JNDI name: queue/DLQ 2006-11-10 16:51:34,101 INFO [org.jboss.web.tomcat.tc5.TomcatDeployer] (main) deploy, ctxPath=/jmx-console, warUrl=.../deploy/jmx-console.war/ 2006-11-10 16:51:35,583 INFO [org.jboss.web.tomcat.tc5.TomcatDeployer] (main) deploy, ctxPath=/utilservlets, warUrl=.../tmp/deploy/tmp30167utilservlets-exp.war/ 2006-11-10 16:51:36,113 ERROR [org.apache.coyote.http11.Http11BaseProtocol] (main) Error starting endpoint java.io.IOException: securityDomain is null.Set it as an attribute in the connector setting at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:98) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:294) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312) at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75) at org.apache.catalina.connector.Connector.start(Connector.java:1089) at org.jboss.web.tomcat.tc5.Tomcat5.startConnectors(Tomcat5.java:590) at org.jboss.web.tomcat.tc5.Tomcat5.handleNotification(Tomcat5.java:627) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153) at $Proxy18.handleNotification(Unknown Source) at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127) at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108) at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:908) at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497) at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362) at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:490) at java.lang.Thread.run(Thread.java:595) 2006-11-10 16:51:36,153 WARN [org.jboss.web.tomcat.tc5.Tomcat5] (main) Failed to startConnectors LifecycleException: service.getName(): "jboss.web"; Protocol handler start failed: java.io.IOException: securityDomain is null.Set it as an attribute in the connector setting at org.apache.catalina.connector.Connector.start(Connector.java:1096) at org.jboss.web.tomcat.tc5.Tomcat5.startConnectors(Tomcat5.java:590) at org.jboss.web.tomcat.tc5.Tomcat5.handleNotification(Tomcat5.java:627) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153) at $Proxy18.handleNotification(Unknown Source) at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127) at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108) at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:908) at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497) at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362) at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:490) at java.lang.Thread.run(Thread.java:595) 2006-11-10 16:51:36,153 INFO [org.jboss.system.server.Server] (main) JBoss (MX MicroKernel) [4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)] Started in 33s:698ms
TIA for any help!