geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GERONIMO-6310) Server can not shutdown or deploy when enable configured encryption and JMX security at the same time
Date Tue, 27 Mar 2012 14:44:26 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-6310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239521#comment-13239521
] 

Ivan commented on GERONIMO-6310:
--------------------------------

Thanks for providing a patch, Saphen. 
I am thinking that we should not introduce the new dependency, also it is better to remove
the GBeanLifecycle things in the new class, also, need to update the existing class in geronimo-system
to use the new added class.
                
> Server can not shutdown or deploy when enable configured encryption and JMX security
at the same time
> -----------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-6310
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-6310
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: crypto
>    Affects Versions: 2.1.7, 2.1.8, 3.0-M1, 3.0-beta-1
>         Environment: java version "1.6.0"
> Java(TM) SE Runtime Environment (build pwi3260sr10-20111208_01(SR10))
> IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows 7 x86-32 jvmwi3260sr10-201112
> 07_96808 (JIT enabled, AOT enabled)
> J9VM - 20111207_096808
> JIT  - r9_20111107_21307ifx1
> GC   - 20110519_AA)
> JCL  - 20111104_02
>            Reporter: Saphen Qiu
>            Assignee: Saphen Qiu
>              Labels: ConfiguredEncryption,configured,password,gbean,rmi-naming, unlockKeystore,shutdown
>             Fix For: 2.1.8
>
>         Attachments: ConfiguredEncryptionANDsecure.patch
>
>
> 1.Enable configured encryption and JMX security in config.xml
> 2.Start server
> 3.Execute "deploy.bat --secure unlockKeystore geronimo-default" or "geronimo.bat stop
--secure" and they fail
> 2012-03-26 13:30:03,344 ERROR [EditKeystoreHandler] Unable to unlock keystore geronimo-default
for editing.
> org.apache.geronimo.management.geronimo.KeystoreException: Unable to open keystore with
provided password
> 	at org.apache.geronimo.security.keystore.FileKeystoreInstance.loadKeystoreData(FileKeystoreInstance.java:664)
> 	at org.apache.geronimo.security.keystore.FileKeystoreInstance.ensureLoaded(FileKeystoreInstance.java:706)
> 	at org.apache.geronimo.security.keystore.FileKeystoreInstance.listTrustCertificates(FileKeystoreInstance.java:270)
> 	at org.apache.geronimo.console.keystores.BaseKeystoreHandler$KeystoreData.unlockEdit(BaseKeystoreHandler.java:252)
> 	at org.apache.geronimo.console.keystores.EditKeystoreHandler.actionAfterView(EditKeystoreHandler.java:69)
> 	at org.apache.geronimo.console.MultiPagePortlet.processAction(MultiPagePortlet.java:114)
> 	at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:218)
> 	at org.apache.pluto.core.PortletServlet.doPost(PortletServlet.java:145)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
> 	at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551)
> 	at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488)
> 	at org.apache.pluto.core.DefaultPortletInvokerService.invoke(DefaultPortletInvokerService.java:167)
> 	at org.apache.pluto.core.DefaultPortletInvokerService.action(DefaultPortletInvokerService.java:85)
> 	at org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:219)
> 	at org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:121)
> 	at org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:167)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at org.apache.geronimo.console.filter.PlutoURLRebuildFilter.doFilter(PlutoURLRebuildFilter.java:48)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at org.apache.geronimo.console.filter.XSSXSRFFilter.doFilter(XSSXSRFFilter.java:130)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> 	at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:56)
> 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
> 	at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:406)
> 	at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:47)
> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> 	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:589)
> 	at org.apache.geronimo.tomcat.valve.ThreadCleanerValve.invoke(ThreadCleanerValve.java:40)
> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291)
> 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
> 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
> 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> 	at java.lang.Thread.run(Thread.java:662)
> Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
> 	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> 	at java.security.KeyStore.load(KeyStore.java:1185)
> 	at org.apache.geronimo.security.keystore.FileKeystoreInstance.loadKeystoreData(FileKeystoreInstance.java:645)
> 	... 45 more
> Caused by: java.security.UnrecoverableKeyException: Password verification failed
> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
> 	... 48 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message