[jboss-user] [Security & JAAS/JBoss] - Re: Encrypt KeyStore-Password in a Tomcat-Connetctor for 4.2
yashendrac
do-not-reply at jboss.com
Mon Jun 1 09:59:36 EDT 2009
Andre,
I confirmed that it is broken in JBoss5.0.1, I am not sure since when it is broken but it was working on JBoss4.2.1. I also confirmed that it is fixed in JBoss5.1.0
I checked the source code for following classes under jbosswe.jar and jbossweb-service.jar
1.org.jboss.net.ssl.JBossImplementation.java
2.org.jboss.net.ssl.JBossSocketFactory.java
3.org.apache.tomcat.util.net.jsse.JSSESocketFactory
JBossSocketFactory overrides following methods from tomcat's
JSSESocketFactory
protected TrustManager[] getTrustManagers(String keystoreType, String algorithm)
| protected KeyManager[] getKeyManagers(String keystoreType, String algorithm,
| String keyAlias)
|
But in tomcat JSSESocketFactory under JBoss5.0.1, method signatures are changed by adding additional String parameter String keystoreProvider.
So methods are changed to following in tomcat JSSESocketFactory
protected TrustManager[] getTrustManagers(String keystoreType,
| String keystoreProvider, String algorithm)
| protected KeyManager[] getKeyManagers(String keystoreType,
| String keystoreProvider,
| String algorithm,
| String keyAlias)
|
So JBossSocketFactory was not overriding these methods anymore and despite providing SSLImplementation="org.jboss.net.ssl.JBossImplementation" these two methods from JSSESocketFactory were invoked in place of JBossSocketFactory.
This is fixed in JBoss5.1.0
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4234480#4234480
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4234480
More information about the jboss-user
mailing list