|<< Back to previous view|
[GLASSFISH-17179] Security configuration files are not copied when embedded container is started using EJBContainer#createEJBContainer Created: 10/Aug/11 Updated: 01/Dec/11
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
JDK 6u26, Windows 7 Professional 64-bit, glassfish-embedded-all 3.1.1 Maven artifact
|Tags:||3_1_2-exclude ejb embedded|
|Participants:||atomicknight, Bhavanishankar, Cheng Fang, Nithya Ramakrishnan and sakshi.jain|
When the embedded container is started using javax.ejb.embeddable.EJBContainer#createEJBContainer, security files like the keystores (e.g. cacerts.jks) are not being copied. This appears to be a regression from 3.1, as these files are copied correctly by the 3.1 version of the glassfish-embedded-all artifact.
The problem seems to be caused by revision 47307, which introduced the use of com.sun.enterprise.security.EmbeddedSecurity when determining whether to copy the files. The root cause of the problem is that the org.glassfish.server.ServerEnvironmentImpl that is constructed and checked by com.sun.enterprise.security.embedded.EmbeddedSecurityUtil has a RuntimeType of "DAS" rather than "EMBEDDED."
In my particular case, there is an additional CA certificate that needs to be added to the CA certificate keystore. Attempting to override the javax.net.ssl.trustStore property from outside the container (whether setting it as a JVM property or passing it as an entry in the Properties object passed to createEJBContainer) doesn't work because the property is being set programmatically from within the embedded container runtime.
I'm starting the container with the following properties set:
My modified version of cacerts.jks lives in /path/to/install/root/domains/domain1/config/. However, the version of cacerts.jks actually being used (i.e. in the temporary folder) is the version included with the glassfish-embedded-all artifact.
|Comment by Cheng Fang [ 10/Aug/11 08:41 PM ]|
assign to security team to check why EmbeddedSecurityUtil has a RuntimeType of "DAS" rather than "EMBEDDED."
|Comment by Nithya Ramakrishnan [ 24/Aug/11 12:45 PM ]|
This seems to happen because type argument is not being passed as an argument when the Embedded EJB container is created. In ServerEnvironmentImpl, the serverType seems to default to DAS, since the typeString argument is null. Transferring this issue to the Embedded team for fixing this.
|Comment by Bhavanishankar [ 14/Nov/11 08:12 AM ]|
It is the correct behaviour of embedded GlassFish to return the serverType as DAS. Internal code should never depend on whether the server is running in EMBEDDED mode or standalone mode.
|Comment by Bhavanishankar [ 01/Dec/11 05:43 AM ]|