Currently in geronimo 2.1.*, if i run keytool in jdk to generate csr or other non-keystore files under var/security/keystores, geronimo server will persist them in j2ee-security module when i access keystore porlet in admin console, which scans all files under this folder and instance FileKeystoreInstance GBean no matter what type of file.
If so, even user create an empty file of any type, it will be written to config.xml. We have to filter files, only keystore files should be under that folder.
I plan to filter files under var/security/keystore through file name postfix, for example: *, *.jks, *.pcks, but is there other way to valid content of keystore? From keystore api in jdk, it must provide a password before load and access it, which we don't know except the user who generate it.