[jboss-user] [Security & JAAS/JBoss] - Re: Cannot authenticate using LdapExtLoginModule against AD

[zzzz8]

I found the problem - and it took quite a while to solve because the exception stack traces weren't very helpful...

It seems if one uses a JBoss URL or directory property in properties service (in this case, to specify the trust store) - and if the property contains spaces (e.g. C:\Program Files\JBoss4.0.5.GA), then the directory location will NOT be resolved correctly.  I tested this on my Windows machine (Windows XP) and confirmed this problem.

For example, in my properties-service.xml file, the following doesn't work because the resolved path is c:\program files\jboss-4.0.5.GA\server\default\deploy\conf:

<attribute name="Properties">
  |           javax.net.ssl.trustStore=${jboss.server.home.dir}/conf/my.truststore
  |           javax.net.ssl.trustStorePassword=mytruststorepassword
  |           javax.net.ssl.keyStore=.${jboss.server.home.dir}/conf/my.keystore
  |           javax.net.ssl.keyStorePassword=mykeystorepassword
  | </attribute>

So one has to use a relative path in this case (which doesn't contain any spaces):

<attribute name="Properties">
  |           javax.net.ssl.trustStore=../server/default/conf/my.truststore
  |           javax.net.ssl.trustStorePassword=mytruststorepassword
  |           javax.net.ssl.keyStore=../server/default/conf/my.keystore
  |           javax.net.ssl.keyStorePassword=mykeystorepassword
  | </attribute>

It would be nice if this was documented somewhere...  I'm not sure if it's a JBoss' issue or a Sun SSL issue of how it handles spaces in directories (most likely Sun since I've used JBoss' properties elsewhere with no problems).

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3987114#3987114

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3987114