[jboss-user] [Security & JAAS/JBoss] - Re: Encrypt KeyStore-Password in a Tomcat-Connetctor for 4.2

Andre, I confirmed that it is broken in JBoss5.0.1, I am not sure since when it is broken but it was working on JBoss4.2.1. I also confirmed that it is fixed in JBoss5.1.0 I checked the source code for following classes under jbosswe.jar and jbossweb-service.jar 1.org.jboss.net.ssl.JBossImplementation.java 2.org.jboss.net.ssl.JBossSocketFactory.java 3.org.apache.tomcat.util.net.jsse.JSSESocketFactory JBossSocketFactory overrides following methods from tomcat's JSSESocketFactory protected TrustManager[] getTrustManagers(String keystoreType, String algorithm) | protected KeyManager[] getKeyManagers(String keystoreType, String algorithm, | String keyAlias) | But in tomcat JSSESocketFactory under JBoss5.0.1, method signatures are changed by adding additional String parameter String keystoreProvider. So methods are changed to following in tomcat JSSESocketFactory protected TrustManager[] getTrustManagers(String keystoreType, | String keystoreProvider, String algorithm) | protected KeyManager[] getKeyManagers(String keystoreType, | String keystoreProvider, | String algorithm, | String keyAlias) | So JBossSocketFactory was not overriding these methods anymore and despite providing SSLImplementation="org.jboss.net.ssl.JBossImplementation" these two methods from JSSESocketFactory were invoked in place of JBossSocketFactory. This is fixed in JBoss5.1.0 View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4234480#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...