geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder" <ammul...@alumni.princeton.edu>
Subject Re: 1.1 keystore portlet bugs & patches
Date Wed, 26 Jul 2006 19:55:31 GMT
On 7/26/06, Joe Bohn <joe.bohn@earthlink.net> wrote:
>
> I think I understand your goals here Vamsi.  However, I'm not sure that
> the portlet (as it currently stands) is a net positive or negative for
> Geronimo, even with your changes.  It's not a matter of "stress" tests.
>     It looks like basic function tests (unit tests) aren't working with
> this portlet.  I don't fully understand the function of this portlet and
> perhaps that is clouding my judgment.
>
> Here's a list of the problems that I'm seeing (not necessarily complete):
> 1)  You can hose the jetty server with one simple mouse click on the
> available lock icon.  Even if we provided a warning prior to taking any
> action, it is still not a safe situation.  There was a comment on the
> dev list just before 1.1 went out that this could be fixed by setting
> load="false" on the SSLConnector and making the keystore available after
> server restart ... then restarting with the SSLConnector loaded again.
> However, even after doing this the next restart of the server still
> fails with the same error even though the console shows the keystore as
> available.  I think this is a critical problem (see earlier post for one
> proposal on how to fix this by requiring the password).
>
> 2) Serialization failures terminating tomcat after attempting to lock a
> keystore so that it is unavailable.
>
> 2) The first panel indicates that the initial state of the keystores is
> locked and unavailable.  However, it appears this is in error as the
> default keystore is locked to edit but available.  This might just be
> semantics but it sounds like the capability doesn't match the description.

This is not my experience.  On a default install, if I look at that
portlet, I see:

Editable=(locked icon)
Available=(unlocked icon) 1 key available

Indicating that the keystore is available to be used by clients, but
requires a password in order to edit.  If that's not what you see can
you try again from a fresh install of Geronimo?

> 3) Unlocking for edit state or making the keystore available after it's
> been locked seems to always result in serialization errors.

This is the same as the first #2 above, and as I said, there's an easy
workaround for the Serialization errors.

> 4) The keystore itself is not selectable when edit is "locked". I assume
> this is by design.  If you attempt to unlock the keystore for edit and
> provide no password (or a bogus password), then in addition to the
> exception being tossed for the bad password I would expect the keystore
> to remain locked. However, the edit icon will show unlocked and you can
> get to the edit fields of the keystore.

It would be good to chage it to detect bad passwords and handle by not
claiming that the keystore is unlocked.  That's also important for
when you "make it available" not just when you "make it editable".

To add to your list: we currently act like you can unlock specific
keys in the keystore when you make the keystore available.  However, I
think most consumers expect to get the one and only private key in the
keystore.  It would be great to test with a keystore with two private
keys and see if we can really allow you to select one or the other and
have the HTTPS connectors use it accordingly.

Finally, based on your questions below, you should do a bit more
research on key/certificate plumbing.  A certificate is different from
a CA signing request and a CA signing response.  It is appropriate to
generate or upload a certificate but paste out a CA request and paste
in a CA response.  The procedure is more or less to create or install
an unsigned cert, then ask a CA to sign it, then update the cert to
include the signature information.

Thanks,
     Aaron

> These problems don't have anything to do with the patch ... but I think
> they are higher priority than the items that the patch does address.
>
> Again, many of these "problems" may be my mis-understanding.  However,
> I'm pretty sure that our users are not going to understand this any
> better than I did and potentially get themselves into trouble (esp. with
> Jetty).
>
> Vamsi,
> On your patch I don't see a lot changes from the initial behavior.  Can
> you explain how I can get to re-introduced function that had been
> missing (preferably with a comment to GERONIMO-2218)?
>
> I'm also confused because I see things that I think are the functions
> you list as missing even before I apply the patch.  For example, the
> JIRAs indicated that you could not import a CA reply.  But isn't this
> just the ability to import the certificate itself?  One difference
> between the behavior with your patch versus the front-door code is how
> the certificate is specified for import.  The front-door code imports by
> selecting a certificate file (both jetty and tomcat) but with the patch
> it is an input field that wants the certificate content. Can you help me
> understand how it is better to cut and paste the content of the file
> rather than just select the file or am I not comparing these correctly?
>
> Your patch also mentioned adding the capability to generate a
> certificate.  Perhaps this is the reason for the input text field rather
> than the file so that you can enter it free-form.  However, it seems we
> would still want to support the file import.  Also, I don't see where we
> would generate a certificate request with or without the patch.
>
> Joe
>
>
>
>
> Vamsavardhana Reddy wrote:
> > Hi Joe,
> >
> > I have not subject the new Keystore portlet to "stress test" (rather,
> > the server under stress due to the keystore portlet).  My first priority
> > was to get atleast the minimal functionality in place so that the
> > keystore portlet is useful in a "production environment".  In my
> > opinion, the idea of having the keystore portlet is to eliminate need
> > for tools like "keytool" and "ikeyman".  More functions are needed in
> > the portlet to get it on par with the tools mentioned above.  Once the
> > basic functionality is in place, I will look at scenarios where the
> > server is failing due to some side effects from the keystore portlet and
> > provide fixes.
> >
> > Regards,
> > Vamsi
> > On 7/26/06, *Joe Bohn* <joe.bohn@earthlink.net
> > <mailto:joe.bohn@earthlink.net>> wrote:
> >
> >
> >     I was looking to see what else we need to get fixed in 1.1.1 and noticed
> >     that there are several issues (in both 1.1 and 1.1.1) around the
> >     keystore portlet.   I know nothing about the keystore portlet and
> >     thought I'd check here (esp. with Aaron) before I started looking into
> >     the patches that Vamsi has provided.   It appears that this is a real
> >     problem spot (esp. given my initial experiment ... see below), so I'm
> >     hoping that the patch from Vamsi works wonders :-) .
> >
> >     It seems like there are a number of issues (1196, 1531, 1984, and 2218)
> >     which have all been grouped with one fix under 2218.  Some of these
> >     sound like enhancements to me but since they appear to be addressing
> >     function that was previously available in 1.0 but dropped from the
> >     updated keystore portlet I assume they could be considered bug fixes.
> >     Comments?
> >
> >     While just trying to get familiar with the keystore portlet as it
> >     currently stands (w/o the 2218 patch) I managed to get serialization
> >     errors that then reappeared each time I attempted to stop the server
> >     (even with no additional changes).  I also managed to get the jetty
> >     server into a state where it could not start with just two clicks of the
> >     mouse from the portlet (one on the "unlocked" icon under "Available"
> >     for
> >     the geronimo-default keystore and then a second click on then "locked"
> >     icon attempting to undo what I did with the first click).   The result
> >     was the following set of stack traces on server restart (kinda funny
> >     how
> >     it wants me to unlock the keystore using the console when the server
> >     itself won't even start).
> >
> >     Joe
> >
> >     Booting Geronimo Kernel (in Java 1.4.2_08)...
> >     Starting Geronimo Application Server v1.1.1-SNAPSHOT
> >     [*********>            ] 43%   8s Starting
> >     geronimo/jetty/1.1.1-SNA...10:27:12,640 WARN  [SslListener] EXCEPTION
> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
> >     'geronimo-default' is locked; please use the keystore page in the admin
> >     console to unlock it
> >              at
> >     org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServerFactory(FileKeystoreManager.java:300)
> >              at
> >     org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCGLIB$$4d9d2a71.invoke
> >     (<generated>)
> >              at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
> >              at
> >     org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke
> >     (GBeanOperation.java:122)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817)
> >              at
> >     org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> >              at
> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
> >              at
> >     org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> >              at
> >     org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB$$be50f1ec.createSSLServerFactory(<generated>)
> >              at
> >     org.apache.geronimo.jetty.connector.GeronimoSSLListener.createFactory(GeronimoSSLListener.java
> >     :41)
> >              at
> >     org.mortbay.http.SslListener.newServerSocket(SslListener.java:283)
> >              at
> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
> >              at
> >     org.apache.geronimo.jetty.connector.JettyConnector.doStart
> >     (JettyConnector.java:233)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java
> >     :267)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency$1.running
> >     (GBeanDependency.java:120)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300
> >     (BasicLifecycleMonitor.java:41)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:251)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart
> >     (GBeanInstanceState.java:292)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java
> >     :526)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173)
> >
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent
> >     (BasicLifecycleMonitor.java:251)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:292)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start
> >     (GBeanInstanceState.java:102)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive
> >     (GBeanInstance.java:540)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
> >              at
> >     org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans
> >     (ConfigurationUtil.java:374)
> >              at
> >     org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration
> >     (SimpleConfigurationManager.java:512)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke
> >     (<generated>)
> >              at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
> >              at
> >     org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke
> >     (GBeanOperation.java:122)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817)
> >              at
> >     org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> >              at
> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
> >              at
> >     org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> >              at
> >     org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration(<generated>)
> >              at
> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
> >              at
> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
> >              at org.apache.geronimo.system.main.Daemon.main(Daemon.java:377)
> >     10:27:12,750 ERROR [GBeanInstanceState] Error while starting; GBean is
> >     now in the FAILED state:
> >     abstractName="geronimo/jetty/1.1.1-SNAPSHOT/car?ServiceModule=ge
> >     ronimo/jetty/1.1.1-SNAPSHOT/car,j2eeType=GBean,name=JettySSLConnector"
> >     java.io.IOException: Could not create JsseListener:
> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
> >     'geronimo-default' is locked; please use
> >     the keystore page in the admin console to unlock it
> >              at
> >     org.mortbay.http.SslListener.newServerSocket (SslListener.java:314)
> >              at
> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
> >              at
> >     org.apache.geronimo.jetty.connector.JettyConnector.doStart(JettyConnector.java:233)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance
> >     (GBeanInstance.java:981)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:267)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java
> >     :102)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent
> >     (BasicLifecycleMonitor.java:173)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent
> >     (BasicLifecycleMonitor.java:251)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:292)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start
> >     (GBeanInstanceState.java:102)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:526)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java
> >     :111)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:173)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:41)
> >
> >              at
> >     org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:251)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart
> >     (GBeanInstanceState.java:292)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive
> >     (GBeanInstanceState.java:124)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java
> >     :379)
> >              at
> >     org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374)
> >              at
> >     org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java
> >     :187)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration
> >     (SimpleConfigurationManager.java:493)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
> >              at net.sf.cglib.reflect.FastMethod.invoke (FastMethod.java:53)
> >              at
> >     org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122)
> >
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817)
> >              at
> >     org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> >              at
> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke
> >     (RawOperationInvoker.java:35)
> >              at
> >     org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> >              at
> >     org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration
> >     (<generated>)
> >              at
> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
> >              at
> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
> >              at org.apache.geronimo.system.main.Daemon.main
> >     (Daemon.java:377)
> >     10:27:12,796 WARN  [SslListener] EXCEPTION
> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
> >     'geronimo-default' is locked; please use the keystore page in the admin
> >     console to unlock it
> >              at
> >     org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServerFactory(FileKeystoreManager.java:300)
> >              at
> >     org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCGLIB$$4d9d2a71.invoke
> >     (<generated>)
> >              at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
> >              at
> >     org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke
> >     (GBeanOperation.java:122)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817)
> >              at
> >     org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> >              at
> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
> >              at
> >     org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> >              at
> >     org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB$$be50f1ec.createSSLServerFactory(<generated>)
> >              at
> >     org.apache.geronimo.jetty.connector.GeronimoSSLListener.createFactory(GeronimoSSLListener.java
> >     :41)
> >              at
> >     org.mortbay.http.SslListener.newServerSocket(SslListener.java:283)
> >              at
> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
> >              at
> >     org.apache.geronimo.jetty.connector.JettyConnector.doStart
> >     (JettyConnector.java:233)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java
> >     :267)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java
> >     :124)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
> >              at
> >     org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374)
> >              at
> >     org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java
> >     :187)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration
> >     (SimpleConfigurationManager.java:493)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
> >              at net.sf.cglib.reflect.FastMethod.invoke (FastMethod.java:53)
> >              at
> >     org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122)
> >
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817)
> >              at
> >     org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> >              at
> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke
> >     (RawOperationInvoker.java:35)
> >              at
> >     org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> >              at
> >     org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration
> >     (<generated>)
> >              at
> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
> >              at
> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
> >              at org.apache.geronimo.system.main.Daemon.main
> >     (Daemon.java:377)
> >     10:27:12,906 ERROR [GBeanInstanceState] Error while starting; GBean is
> >     now in the FAILED state:
> >     abstractName="geronimo/jetty/1.1.1-SNAPSHOT/car?ServiceModule=ge
> >     ronimo/jetty/1.1.1-SNAPSHOT/car,j2eeType=GBean,name=JettySSLConnector"
> >     java.io.IOException: Could not create JsseListener:
> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
> >     'geronimo-default' is locked; please use
> >     the keystore page in the admin console to unlock it
> >              at
> >     org.mortbay.http.SslListener.newServerSocket(SslListener.java:314)
> >              at
> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
> >              at
> >     org.apache.geronimo.jetty.connector.JettyConnector.doStart
> >     (JettyConnector.java:233)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java
> >     :267)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java
> >     :124)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
> >              at
> >     org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374)
> >              at
> >     org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java
> >     :187)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration
> >     (SimpleConfigurationManager.java:493)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
> >              at net.sf.cglib.reflect.FastMethod.invoke (FastMethod.java:53)
> >              at
> >     org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122)
> >
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817)
> >              at
> >     org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> >              at
> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke
> >     (RawOperationInvoker.java:35)
> >              at
> >     org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> >              at
> >     org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration
> >     (<generated>)
> >              at
> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
> >              at
> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
> >              at org.apache.geronimo.system.main.Daemon.main
> >     (Daemon.java:377)
> >     [*********>            ] 43%   9s Startup failed
> >     org.apache.geronimo.kernel.config.LifecycleException: start of
> >     geronimo/jetty/1.1.1-SNAPSHOT/car failed
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration
> >     (SimpleConfigurationManager.java:529)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:493)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke
> >     (<generated>)
> >              at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
> >              at
> >     org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke
> >     (GBeanOperation.java:122)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817)
> >              at
> >     org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> >              at
> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
> >              at
> >     org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> >              at
> >     org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration(<generated>)
> >              at
> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
> >              at
> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
> >              at org.apache.geronimo.system.main.Daemon.main(Daemon.java:377)
> >     Caused by: org.apache.geronimo.kernel.config.InvalidConfigException:
> >     Unknown start exception
> >              at
> >     org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:440)
> >              at
> >     org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java
> >     :187)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)
> >              ... 13 more
> >     Caused by: org.apache.geronimo.gbean.InvalidConfigurationException :
> >     Configuration geronimo/jetty/1.1.1-SNAPSHOT/car failed to start due to
> >     the following reasons
> >     :
> >        The service
> >     ServiceModule=geronimo/jetty/1.1.1-SNAPSHOT/car,j2eeType=GBean,name=JettySSLConnector
> >     did not start because the doStart method threw an exception.
> >
> >     java.io.IOException: Could not create JsseListener:
> >     org.apache.geronimo.management.geronimo.KeystoreIsLocked: Keystore
> >     'geronimo-default' is locked; please use
> >     the keystore page in the admin console to unlock it
> >              at
> >     org.mortbay.http.SslListener.newServerSocket(SslListener.java:314)
> >              at
> >     org.mortbay.util.ThreadedServer.open(ThreadedServer.java:477)
> >              at
> >     org.apache.geronimo.jetty.connector.JettyConnector.doStart
> >     (JettyConnector.java:233)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:981)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java
> >     :267)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java
> >     :124)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:540)
> >              at
> >     org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
> >              at
> >     org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:374)
> >              at
> >     org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java
> >     :187)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:512)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration
> >     (SimpleConfigurationManager.java:493)
> >              at
> >     org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
> >              at net.sf.cglib.reflect.FastMethod.invoke (FastMethod.java:53)
> >              at
> >     org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:122)
> >
> >              at
> >     org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:817)
> >              at
> >     org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> >              at
> >     org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke
> >     (RawOperationInvoker.java:35)
> >              at
> >     org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> >              at
> >     org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$cd144e8e.startConfiguration
> >     (<generated>)
> >              at
> >     org.apache.geronimo.system.main.Daemon.doStartup(Daemon.java:297)
> >              at
> >     org.apache.geronimo.system.main.Daemon.<init>(Daemon.java:74)
> >              at org.apache.geronimo.system.main.Daemon.main
> >     (Daemon.java:377)
> >
> >
> >              at
> >     org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:403)
> >              ... 15 more
> >     Server shutdown begun              tartup failed
> >     Server shutdown completed
> >
> >
> >
> >
>

Mime
View raw message