Hi,
I'm experiencing a problem with creating an SSL Connector in Tomcat
7.0.26. We intend to use a database-based keystore, which means that we
are using a custom-made Provider which does not use the 'keystoreFile'
tag. To try to prevent Tomcat from trying to open a file we specify the
Connector in this way:
<Connector SSLEnabled="true" URIEncoding="UTF-8"
clientAuth="false"
keyAlias="TestCert" keystoreFile="" keystoreType="Custom"
port="443"
protocol="HTTP/1.1" scheme="https" secure="true"
sslProtocol="TLS"/>
This used to work in Tomcat 6.0.32, but when we upgraded to Tomcat 7.0,
this exception gets thrown in the error stream :
SEVERE: Failed to load keystore type Custom with path E:\Program
Files\Application\configuration\services\tomcat\ due to E:\Program
Files\Application\configuration\services\tomcat (Access is denied)
java.io.FileNotFoundException: E:\Program
Files\Application\configuration\services\tomcat (Access is denied)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(Unknown Source)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFac
tory.java:400)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocket
Factory.java:306)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESoc
ketFactory.java:565)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESoc
ketFactory.java:505)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory
.java:449)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke
tFactory.java:158)
at
org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:378)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:5
54)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:409)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11J
sseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:956)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.ja
va:559)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java
:815)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:594)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:619)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449)
Is this a bug in Tomcat 7.0 or is there an alternative method we're
supposed to use in order to prevent it from loading a keystoreFile from
the file system?
I took a look at the source through a debugger and found the area in
JSSESocketFactory where it reads this file, and it seems as though
specifying "" doesn't work correctly anymore because it tries to map a
relative path to catalina.base
