Search code examples
jettyjetty-9

Jetty not accepting command line substitutions for XML file property definitions

I am having an issue with my jetty-ssl-context.xml configuration. When I setup my configuration with the proper paths to the keystore and passwords (shown below), Jetty starts up fine and all is well. But when I remove the default values, as I would like, and pass them in on the command line:

java -jar ../start.jar -Djetty.sslContext.keyStorePath=etc/myKeySore.jks -Djetty.sslContext.keyStorePassword="banana" -Djetty.sslContext.trustStorePath=etc/myTrust.jks -Djetty.sslContext.trustStorePassword="Changeme"

I get the Exception: java.io.IOException: Keystore was tamered with, or password was incorrect.

jetty-ssl-context.xml:

<!-- SSL ContextFactory Configuration -->
<Configure id="sslContextFactory class="org.eclipse.jetty.util.ssl.SslContextFactory">
  <Set name="KeyStorePath">
    <Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/myKeystore"/>
  </Set>
  <Set name="KeyStorePassword">
    <Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="banana"/>
  </Set>
  <Set name="KeyStoreType">
    <Property name="jetty.sslContext.keyStoreType" default="JKS"/>
  </Set>
  <Set name="KeyManagerPassword">
    <Property name="jetty.sslContext.keyManagerPassword" deprecated="jetty.keymanager.password" default="banana"/>
  </Set>

  <Set name="TrustStorePath">
    <Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/myTrust.jks"/>
  </Set>
  <Set name="TrustStoreType">
    <Property name="jetty.sslContext.trustStoreType" default="JKS"/>
  </Set>
  <Set name="TrustStorePassword">
    <Property name="jetty.sslContext.trustStorePassword" deprecated="jetty.truststore.password" default="Changeme"/>
  </Set>
  <Set name="TrustStoreProvider">
    <Property name="jetty.sslContext.trustStoreProvider"/>
  </Set>
Solution

  • Apparently Jetty 9 sees the quotes in "banana" and "Changeme" on the command line as part of the Password. This was not the case in Jetty 8. After removing the quotes to read:

    -Djetty.sslContext.keyStorePassword=banana and -Djetty.sslContext.trustStorePassword=Changeme

    it worked fine.