【发布时间】:2015-06-09 17:39:47
【问题描述】:
我将Connector 属性设置为
LOGGER.debug("ksPath=>" + ksPath);
httpsConnector.setAttribute("keystoreFile",ksPath);
httpsConnector.setAttribute("keystorePass", keyStorePass);
httpsConnector.setAttribute("clientAuth", "false");
httpsConnector.setAttribute("sslProtocol", "TLS");
httpsConnector.setAttribute("sslEnabledProtocols", tlsProtocols);
httpsConnector.setAttribute("SSLEnabled", true);
Connector defaultConnector = tomcat.getConnector();
defaultConnector.setRedirectPort(port);
我在日志中看到的内容(运行时)
ksPath=>jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!/my.keystore
但是,部署失败,我看到日志为
SEVERE: Failed to load keystore type JKS with path /shn/lp/jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!/my.keystore due to /shn/lp/jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!/my.keystore (No such file or directory)
java.io.FileNotFoundException: /shn/lp/jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!/my.keystore (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:146)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:413)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:319)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:577)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:517)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:462)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:209)
观察
jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!/my.keystore
不同于
/shn/lp/jar:file:/shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar!my.keystore
后者以 /shn/lp/
开头但是要断言,我看到该文件实际上存在于 jar 中
jar -tvf /shn/lp/main-1.0-SNAPSHOT-jar-with-dependencies.jar | grep my.keystore
4704 Tue Jun 09 09:29:26 PDT 2015 my.keystore
这是怎么回事?
我该如何解决这个问题?
【问题讨论】:
-
FileInputStream不支持像jar:path!entry或file:path或http:site/resource这样的方案,仅支持文件系统中的实际文件路径名,无论是绝对的还是相对的。您的选择是 (1) 修改开源 Tomcat 以使用可以从 jar 条目读取的输入流,或者 (2) 将您的密钥库“文件”放入实际文件中。根据您的系统,您可以将文件放入不在“磁盘”上的“RAM”文件系统或“临时”文件系统(今天“磁盘”并不总是磁盘)。
标签: java tomcat ssl https keystore