Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@geronimo.apache.org
Date: Tue, 27 Mar 2012 14:38:26 +0000 (UTC)
From: "Forrest Xia (Commented) (JIRA)" <jira@apache.org>
To: dev@geronimo.apache.org
Message-ID: 
 <672071852.23480.1332859106142.JavaMail.tomcat@hel.zones.apache.org>
In-Reply-To: 
 <1263034823.22871.1332849027344.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Commented] (GERONIMO-6310) Server can not shutdown or
 deploy when enable configured encryption and JMX security at the same time
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/GERONIMO-6310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239507#comment-13239507 ] 

Forrest Xia commented on GERONIMO-6310:
---------------------------------------

Saphen, thank you for providing this patch, I've committed it into 2.1 branch. Before we apply it to other branches and trunk, can we have a better solution for password encryption methods in Geronimo?

After that, some document could help our users know how to use this feature.

Thanks again!
                
> Server can not shutdown or deploy when enable configured encryption and JMX security at the same time
> -----------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-6310
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-6310
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: crypto
>    Affects Versions: 2.1.7, 2.1.8, 3.0-M1, 3.0-beta-1
>         Environment: java version "1.6.0"
> Java(TM) SE Runtime Environment (build pwi3260sr10-20111208_01(SR10))
> IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows 7 x86-32 jvmwi3260sr10-201112
> 07_96808 (JIT enabled, AOT enabled)
> J9VM - 20111207_096808
> JIT  - r9_20111107_21307ifx1
> GC   - 20110519_AA)
> JCL  - 20111104_02
>            Reporter: Saphen Qiu
>            Assignee: Saphen Qiu
>              Labels: ConfiguredEncryption,configured,password,gbean,rmi-naming, unlockKeystore,shutdown
>             Fix For: 2.1.8
>
>         Attachments: ConfiguredEncryptionANDsecure.patch
>
>
> 1.Enable configured encryption and JMX security in config.xml
> 2.Start server
> 3.Execute "deploy.bat --secure unlockKeystore geronimo-default" or "geronimo.bat stop --secure" and they fail
> 2012-03-26 13:30:03,344 ERROR [EditKeystoreHandler] Unable to unlock keystore geronimo-default for editing.
> org.apache.geronimo.management.geronimo.KeystoreException: Unable to open keystore with provided password
> 	at org.apache.geronimo.security.keystore.FileKeystoreInstance.loadKeystoreData(FileKeystoreInstance.java:664)
> 	at org.apache.geronimo.security.keystore.FileKeystoreInstance.ensureLoaded(FileKeystoreInstance.java:706)
> 	at org.apache.geronimo.security.keystore.FileKeystoreInstance.listTrustCertificates(FileKeystoreInstance.java:270)
> 	at org.apache.geronimo.console.keystores.BaseKeystoreHandler$KeystoreData.unlockEdit(BaseKeystoreHandler.java:252)
> 	at org.apache.geronimo.console.keystores.EditKeystoreHandler.actionAfterView(EditKeystoreHandler.java:69)
> 	at org.apache.geronimo.console.MultiPagePortlet.processAction(MultiPagePortlet.java:114)
> 	at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:218)
> 	at org.apache.pluto.core.PortletServlet.doPost(PortletServlet.java:145)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
> 	at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551)
> 	at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488)
> 	at org.apache.pluto.core.DefaultPortletInvokerService.invoke(DefaultPortletInvokerService.java:167)
> 	at org.apache.pluto.core.DefaultPortletInvokerService.action(DefaultPortletInvokerService.java:85)
> 	at org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:219)
> 	at org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:121)
> 	at org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:167)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at org.apache.geronimo.console.filter.PlutoURLRebuildFilter.doFilter(PlutoURLRebuildFilter.java:48)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at org.apache.geronimo.console.filter.XSSXSRFFilter.doFilter(XSSXSRFFilter.java:130)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> 	at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:56)
> 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
> 	at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:406)
> 	at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:47)
> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> 	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:589)
> 	at org.apache.geronimo.tomcat.valve.ThreadCleanerValve.invoke(ThreadCleanerValve.java:40)
> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291)
> 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
> 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
> 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> 	at java.lang.Thread.run(Thread.java:662)
> Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
> 	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> 	at java.security.KeyStore.load(KeyStore.java:1185)
> 	at org.apache.geronimo.security.keystore.FileKeystoreInstance.loadKeystoreData(FileKeystoreInstance.java:645)
> 	... 45 more
> Caused by: java.security.UnrecoverableKeyException: Password verification failed
> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
> 	... 48 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira