Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-14324

We need to be able to run Jetty.xml from a Project directory

    XMLWordPrintable

    Details

    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      1
    • Sprint:
      2020.04 - IDM
    • Support Ticket IDs:
    • Zendesk ID:
      45810

      Description

      Customer has harden their servers using HSM.  Customer wants to run his entire project in a separate directory and remove any conf information from the openidm default install path.  Customer wants to have

       

      ├── openidm/
      │ ├── bin
      │ ├── bundle
      │ ├── cli.sh

        ── script
        ── connectors
        ── legal-notices
        ── lib
        ── resolver
        ── getting-started.sh
        ── startup.sh
      └── shutdown.sh

      └── cams/

       

      Directory structure, with conf existing only in the cams directory.  The problem here is that due to how we call the keystore location, we need to have a conf directory underneath openidm (default path to conf/jetty.xml).  Per conversation with Dev:

       
      The jetty.xml reads the keystore settings from the Param class in IDM. It automatically sets the keystore type and other keystore settings. I think we did some trickery with the keystore location for jetty since jetty complains if you provide it a location that is not a file.Yeah the trickery is this

          /**
           * Gets the keystore location.
           * @return the keystore location, as absolute path, or if the path is NONE, return the jetty.xml file location.
           */
          public static String getKeystoreLocation() {
              final String path = getProperty(KEYSTORE_LOCATION);
              if (path != null && NONE.equalsIgnoreCase(path)) {
                  return IdentityServer.getFileForInstallPath(JETTY_CONF_LOCATION).getAbsolutePath();
              }
              return getPathProperty(KEYSTORE_LOCATION);
          }
      

      So if it is PKCS11 (NONE.equalsIgnoreCase(path)) we set the jetty file location to the install_path/conf/jetty.xml. This is probably why you are seeing the failure. If they moved the jetty.xml file outside of the install path then that would fail to resolve to an actual file and jetty will complain.I think we should have used getFileForProjectPath() instead of getFileForInstallPath
       

      Workaround(customer testing this):
      You can easily fix/test this though. Open the jetty.xml and for these 2 entries change the keystorePath and trustStore path to any file that exists on the file system

       

      For example {{<Set name="keyStorePath">my_file_that_exists</Set> }} something like that. Just remember the file has to exist Jetty won't use it for pkcs11, but it has to exist

       

        Attachments

          Activity

            People

            Assignee:
            ramya.srinivassan Ramya Srinivassan
            Reporter:
            jesse.ontiveros Jesse Ontiveros
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: