-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Harit,
On 6/9/15 5:08 PM, Harit Himanshu wrote:
> This is interesting, one of our project I work with has this
> keystore inside jar file, just curious how that works
Conceptually, it's quite simple: just use the ClassLoader to grab the
file from the CL's class path.
In reality, the <Connector> was written to load directly off the
filesystem instead of using URLs or whatever.
It should be a somewhat easy fix -- at least for keystore/truststore
- -- but the BZ enhancement has quite a wide scope, saying that
"configuration resources" should be loadable via "resources" instead
of directly off the filesystem. That's a much wider net to cast, and
likely why it hasn't been addressed, yet.
If all you need is the keystore (and maybe truststore), then a patch
would be fairly trivial to write. I'm not sure if the full "resources"
are available to the Connector during configuration, but the container
ClassLoader certainly is available...
- -chris
> On Tue, Jun 9, 2015 at 12:44 PM, Mark Thomas <ma...@apache.org>
> wrote:
>
>> On 09/06/2015 20:18, Harit Himanshu wrote:
>>> Hello there
>>>
>>> My tomcat dependency is
>>>
>>> <dependency> <groupId>org.apache.tomcat.embed</groupId>
>>> <artifactId>tomcat-embed-core</artifactId>
>>> <version>7.0.57</version> </dependency>
>>>
>>> In my code, I set the connector properties as
>>>
>>> LOGGER.debug("ksPath=>" + ksPath);
>>> httpsConnector.setAttribute("keystoreFile",ksPath);
>>> httpsConnector.setAttribute("keystorePass", keyStorePass);
>>> httpsConnector.setAttribute("clientAuth", "false");
>>> httpsConnector.setAttribute("sslProtocol", "TLS");
>>> httpsConnector.setAttribute("sslEnabledProtocols",
>>> tlsProtocols); httpsConnector.setAttribute("SSLEnabled",
>>> true); Connector defaultConnector = tomcat.getConnector();
>>> defaultConnector.setRedirectPort(port);
>>>
>>> When I server deployed, I see
>>>
>>>
>> ksPath=>jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!
/my.keystore
>>>
>>>
>>
and then failure as
>>>
>>> SEVERE: Failed to load keystore type JKS with path
>>>
>> /shn/lp/jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!
/my.keystore
>>>
>>
due to
>> /shn/lp/jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!
/my.keystore
>>>
>>
(No such file or directory)
>>> java.io.FileNotFoundException:
>>>
>> /shn/lp/jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!
/my.keystore
>>>
>>
(No such file or directory)
>>> at java.io.FileInputStream.open(Native Method) at
>>> java.io.FileInputStream.<init>(FileInputStream.java:146) at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket
Factory.java:413)
>>>
>>
at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc
ketFactory.java:319)
>>>
>>
at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSE
SocketFactory.java:577)
>>>
>>
at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSE
SocketFactory.java:517)
>>>
>>
at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFact
ory.java:462)
>>>
>>
at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESo
cketFactory.java:209)
>>>
>>>
>>>
>>
Now, Observed that there are differences in ksPath and path tomcat looks
>>> for
>>>
>>>
>> ksPath=>jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!
/my.keystore
>>>
>>>
>>
and
>>>
>>> java.io.FileNotFoundException:
>>>
>> /shn/lp/jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!
/my.keystore
>>>
>>
(No such file or directory)
>>>
>>>
>>> the tomcat path looks inside /shn/lp (which is current
>>> directory)
>>>
>>> I also see that the keystone file is in fact present
>>>
>>> jar -tvf /shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar |
>>> grep
>> my.keystore
>>> 4704 Tue Jun 09 09:29:26 PDT 2015 my.keystore
>>>
>>> What is the issue and how do I resolve it?
>>
>> keystore files have to be on the file system. Embedding them in a
>> JAR is not currently supported.
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=56777
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVd41PAAoJEBzwKT+lPKRYXjwP/1yVlWYLXgSVrIxyPGLCz08a
Ujvl4A/n2oN+4TyXRUoK9eQKbhPsJuZzckNv2VuzMJXviVvlknJx/Qvy8DDUjLNQ
ron9zWeGUT32meiuXdWzjk0A8nwHh1XC/1mlnaocifh71gw5VbkpSGv/TxFXAigo
aKVw/PaioPngDqQ2r2o4l74k2zWXHAFDLla8mu1WuiFGdop1x9oQi5L+PGz3HrNA
LC64yU3R73v7iLrDUoKtOH72PRJd0uGKviRZ9fIKzZ8pc1VYQfPHvFfD1Kj3iqmQ
s3yvlEVIph/3bX1viXgIlqP1z6DZ4ERVnKGklhktbtuvpx/w0Q8w39SUwl7lT21w
SywhI8JNrY5kFQty/svYbISfHmCbSYBdcTZgYZIQegttkCalxVheMhtumsZLzalh
KMx5SFpLhvBtuxYuBm25dnQ70ZTfjq8iTRgkV1HxU6uJ+3gzCSMzh2EGEum2oYEs
qGlZR9W3H1nsn4b9n/EmNRuQC/uNlpqOkM1ERzPfEuTZtuumLoAojiMy/D7dzLNi
+9FhItaJpUwoSMBSsZ4sXGItH+GWLtkQaXIE0XA1NaCn+5ZtNmqgWsHGg/dfCzYe
6Ja9U7z21R+nIALcCDczUWbSZZvy2IyFu1QB5Z1BEY9+wVvOyQlEwLo3XiHDG/A/
t4WA/ZlXC13JbkcwXk6A
=9Zcq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
