geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan <>
Subject Re: Keystore files filter problem under var/security/keystores
Date Thu, 13 Oct 2011 02:02:37 GMT
Add a filter option should be fine, and it should be also allowed no suffix,
IIRC Geronimo's own store files are of no suffix.
While I am thinking why those other files are there, does those csr files
are generated by the console and store there by default ? If does, we may
just need to update those logic. Also, it looks to me that the user will not
create an empty file there manually, that action makes no sense.

2011/10/13 Forrest Xia <>

> Make a doc, and tell user not putting non-keystore files in that folder,
> might be an option :)
> Forrest
> On Wed, Oct 12, 2011 at 6:16 PM, viola lu <> wrote:
>> Hi, Dev:
>>  Currently in geronimo 2.1.*, if i run keytool in jdk to generate csr or
>> other non-keystore files under var/security/keystores, geronimo server will
>> persist them in j2ee-security module when i access keystore porlet in admin
>> console, which scans all files under this folder and instance
>> FileKeystoreInstance GBean no matter what type of file.
>> If so, even user create an empty file of any type, it will be written to
>> config.xml. We have to filter files, only keystore files should be under
>> that folder.
>> I plan to filter files under var/security/keystore through file name
>> postfix, for example: *, *.jks, *.pcks, but is there other way to valid
>> content of keystore? From keystore api in jdk, it must provide a password
>> before load and access it, which we don't know except the user who generate
>> it.
>> Any suggestion?
>> --
>> viola
>> Apache Geronimo


View raw message