TomEE 1.6.0.2无法启动安全性

时间:2014-07-01 08:38:07

标签: security java-ee ssl tomee apr

我不喜欢TomEE + 1.6.0.2,而是使用-security命令行选项启动。作为一个完整性检查,我已经下载了一个干净的版本,它在引导过程的早期也失败了,具有以下内容:

INFO: Creating SecurityService(id=Tomcat Security Service)
java.lang.ClassCircularityError: javax/security/jacc/PolicyContext
at org.apache.openejb.core.security.jacc.BasicJaccProvider.implies(BasicJaccProvider.java:75)
at org.apache.openejb.core.security.JaccProvider$Policy.implies(JaccProvider.java:126)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:272)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:435)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Thread.setContextClassLoader(Thread.java:1467)
at org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:87)
at org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:98)
at org.apache.openejb.util.JuliLogStream.isFatalEnabled(JuliLogStream.java:37)
at org.apache.openejb.util.Logger.isFatalEnabled(Logger.java:380)
at org.apache.openejb.util.Logger.fatal(Logger.java:530)
at org.apache.openejb.OpenEJB$Instance.<init>(OpenEJB.java:156)
at org.apache.openejb.OpenEJB.init(OpenEJB.java:298)
at org.apache.tomee.catalina.TomcatLoader.initialize(TomcatLoader.java:253)
at org.apache.tomee.catalina.ServerListener.install(ServerListener.java:168)
at org.apache.tomee.catalina.ServerListener.lifecycleEvent(ServerListener.java:55)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:110)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)

是否存在配置问题?有什么问题?

对于上下文,我正在尝试以安全模式运行,因为我需要在APR TLS 1.2连接器上检索客户端证书,看起来除非您在启用SecurityManager的情况下运行,否则不会提供证书。现在getAttribute(“javax.servlet.request.X509Certificate”)返回null(是的,我肯定在server.xml中有clientAuth =“required”)。

供参考,这是server.xml的连接器:

<Connector port="4449" protocol="org.apache.coyote.http11.Http11AprProtocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="true" sslProtocol="TLSv1.2"
           SSLCertificateFile="/etc/unipagos/certs/pay.crt"
           SSLCertificateKeyFile="/etc/unipagos/certs/pay.key"
           SSLVerifyClient="required"
           SSLHonorCipherOrder="true"
           ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"/>

如果您知道如何在不启用SecurityManager的情况下获取有效的客户端证书,请告知我们。此问题实际上阻止了生产版本。

0 个答案:

没有答案
相关问题
最新问题