geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "xiezhi (JIRA)" <>
Subject [jira] [Commented] (GERONIMO-6440) unlock keystore action appears to be broken when running server against Oracle JDK 1.7
Date Fri, 08 Mar 2013 09:00:21 GMT


xiezhi commented on GERONIMO-6440:

The root cause is there is no action in Oracle JDK1.7 when ThreadGroupContext.getContext().getPropertyEditorFinder().find(targetType)
couldn't find a PropertyEditor.

In Oracle JDK1.6 the PropertyEditorManager uses three techniques for locating an editor for
a give type.
1. It provides a registerEditor method to allow an editor to be specifically registered for
a given type.
2. It tries to locate a suitable class by adding "Editor" to the full qualified classname
of the given type (e.g. "foo.bah.FozEditor").
3. It takes the simple classname (without the package name) adds "Editor" to it and looks
in a search-path of packages for a matching class
Obviously, it misses the last 2 techniques in 1.7.

So I think we should add the missed techniques in org.apache.geronimo.common.propertyeditor.findEditor(Class).
> unlock keystore action appears to be broken when running server against Oracle JDK 1.7
> --------------------------------------------------------------------------------------
>                 Key: GERONIMO-6440
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: JVM-compatibility
>    Affects Versions: 3.0-beta-1
>            Reporter: xiezhi
>            Priority: Blocker
> To reproduce the issue, you can follow the steps below.
> 1.Start geronimo 3.0 server.
> 2.Use keytool command to create a keystore with a key. For example,
> keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 2048 -dname
",c=US" -validity 365 -storepass welcome1
> 3.Copy the keystore to <geronimo-home>\var\security\keystores
> 4.use deploy encrypt to encrypt the password "welcome",go the encrypt string:
> add the string into like this:
> test.jks = {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> testkey = {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> 5. restart the server.
> 6. use deploy unlock-keystore command to unlock test.jks. For example,
> deploy -u system -p manager unlock-keystore test.jks
> The result is the unlock action seems to success. But you can find an ERROR below in
admin console. It will generate a incomplete j2ee-security module in config.xml. When you
restart the server, you will fail on it.
> 2013-02-27 11:41:06,564 WARN  [FileKeystoreManager] keystoreType for new keystore "test.jks"
set to "jks" based on file extension.
> 2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format attribute of type; no editor found
> 2013-02-27 11:41:06,660 WARN  [BasicProxyManager] Could not load interface
> nce in provided ClassLoader for org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
> j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message