Mark Fraser

The problem turned out to be they didn't copy the upgraded signed security policy jar files from the old server.

Our host recently performed a server migration (mirror of the old environment) but now I can't load the keystore, even though the SSL setup still works.

My problem is when I try to load the keystore to access the private key I get a null pointer exception. The keystore documentation doesn't mention a null pointer exception but I've seen this error before when I tried using the wrong password. If the environment is a mirror of the old environment then the password, etc. should all be the same. Can anyone suggest what may have happened?

In the code below, the "KeyStore loaded" string doesn't get logged.

if (Security.getProvider("BC") == null) {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}

// Read the Private Key
KeyStore ks = KeyStore.getInstance("PKCS12", "BC");
logger.info("KeyStore: " + ks);
FileInputStream fis = new FileInputStream(certificatePath);
logger.info("FileInputStream: " + fis);
ks.load(fis, privateKeyPassword.toCharArray());
logger.info("KeyStore loaded");

The problem was with the password I entered into OpenSSL. I suspect it has to do with my pasting it into the command prompt rather than typing it. Strange but true.

Here's the OpenSSL command I used to create the PKCS12 file:

openssl pkcs12 -export -in C:\ssl\nutrasunfoods_com.crt -inkey C:\ssl\PrivateKey.txt -out C:\ssl\bundle.p12

Here's the exception:
Message: class java.lang.NullPointerException: cause:null, message:null, action:com.nutrasun.servlet.store.cart.ActionCartCalcShipping@1da87db
Stack Trace: com.patersonglobalfoods.servlet.BaseFrontController.processRequest(BaseFrontController.java:48)
com.patersonglobalfoods.servlet.BaseFrontController.doPost(BaseFrontController.java:33)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
com.patersonglobalfoods.filter.MaintenanceModeFilter.doFilter(MaintenanceModeFilter.java:63)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
java.lang.Thread.run(Thread.java:595)

This shouldn't be this difficult. I'm getting a NullPointerException in the line where I try to load the keystore:

if (Security.getProvider("BC") == null)
{
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}

KeyStore ks = KeyStore.getInstance("PKCS12", "BC");
ks.load(new FileInputStream(certificatePath), privateKeyPassword.toCharArray());

certificatePath is a PKCS12 encoded file with the public certificate and the private key.
privateKeyPassword is the password entered into OpenSSL while generating the PKCS12 file.

Can anyone suggest why I'm getting the exception?

Thanks for the suggestions. I fixed the problem by deleting some tldCache.ser files under the work folder.

I'm running Tomcat 5.5 with several virtual hosts. I am now mysteriously getting startup errors on four of the domains. The error, as reported by log4j, is as follows:
ERROR Thread-1 org.apache.catalina.core.StandardContext - Error reading tld listeners java.io.EOFException
java.io.EOFException
at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2228)
at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2694)
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:761)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
at org.apache.catalina.startup.TldConfig.processCache(TldConfig.java:388)
at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:289)
at org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4307)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4144)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

I have verified the tld files for JSTL. I have even tested with an empty web.xml file and removed all TLD and jar files (as simple as it gets), yet the error persists. The affected domains still function but I want to eliminate the errors. Can anyone suggest what to do next?

I found my own answer. Sorry for the distraction.
Here's what I had to do:
<!-- Home Servlet -->
<servlet>
<servlet-name>HomeServlet</servlet-name>
<servlet-class>com.companyname.inet.servlet.home.HomeServlet</servlet-class>
<init-param>
<param-name>jspRoot</param-name>
<param-value>/WEB-INF/jsp/home/</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>HomeServlet</servlet-name>
<url-pattern>/index.jsp</url-pattern>
</servlet-mapping>
<!-- /Home Servlet -->

<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

The welcome-file-list entry isn't necessary since it's the defined default in the Tomcat /conf/web.xml, but it illustrates the solution better.
I hope this helps someone else.

I'm mapping a servlet to the root of the server. The servlet runs fine but the linked CSS, scripts and images are returned containing the HTML of the page that linked to them instead. I've done many servlets but have seen nothing like this. Is this a specific problem with mapping to the root?

Here's my mapping:
<!-- Home Servlet -->
<servlet>
<servlet-name>HomeServlet</servlet-name>
<servlet-class>com.companyname.inet.servlet.home.HomeServlet</servlet-class>
<init-param>
<param-name>jspRoot</param-name>
<param-value>/WEB-INF/jsp/home/</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>HomeServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- /Home Servlet -->

Thanks for any help you can provide.

I'm using Tomcat 5.5 and form-based authentication. I've used authentication many times but this is weird. The problem is that I am able to login but access to the secured resource is denied (code 403). I know I'm logged in because I don't get the form-error-page, but I'm not in the required role. Making a call to request.getUserPrincipal() returns null, and therefore calls to request.isUserInRole("cmsEditor") always returns false. I have other hosts on the same server using the same authentication method and database so there's something about this instance that's causing the problem. The Host element in the server.xml file is the same as the other hosts. The context files and configuration are also the same as the other hosts so I'm completely lost in figuring this out. I also had no luck getting crossContext to work yesterday so I wonder if there isn't a correlation.

server.xml entry:
<Host appBase="${catalina.home}\sites\TEST" name="test"
autoDeploy="true" unpackWARs="true"
xmlNamespaceAware="false" xmlValidation="false">
</Host>

ROOT.xml:
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="" reloadable="true">
</Context>

web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/_auth/AuthForm.jsp</form-login-page>
<form-error-page>/_auth/AuthError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Website content editor</description>
<role-name>cmsEditor</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>CMS</web-resource-name>
<url-pattern>/cms/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>cmsEditor</role-name>
</auth-constraint>
</security-constraint>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<error-page>
<error-code>403</error-code>
<location>/error/403.jsp</location>
</error-page>
</web-app>