[jira] [Commented] (GERONIMO-6310) Server can not shutdown or deploy when enable configured encryption and JMX security at the same time

Tue, 27 Mar 2012 07:44:52 -0700 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-6310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239521#comment-13239521
 ] 

Ivan commented on GERONIMO-6310:
--------------------------------

Thanks for providing a patch, Saphen. 
I am thinking that we should not introduce the new dependency, also it is 
better to remove the GBeanLifecycle things in the new class, also, need to 
update the existing class in geronimo-system to use the new added class.
                
> Server can not shutdown or deploy when enable configured encryption and JMX 
> security at the same time
> -----------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-6310
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-6310
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: crypto
>    Affects Versions: 2.1.7, 2.1.8, 3.0-M1, 3.0-beta-1
>         Environment: java version "1.6.0"
> Java(TM) SE Runtime Environment (build pwi3260sr10-20111208_01(SR10))
> IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows 7 x86-32 
> jvmwi3260sr10-201112
> 07_96808 (JIT enabled, AOT enabled)
> J9VM - 20111207_096808
> JIT  - r9_20111107_21307ifx1
> GC   - 20110519_AA)
> JCL  - 20111104_02
>            Reporter: Saphen Qiu
>            Assignee: Saphen Qiu
>              Labels: 
> ConfiguredEncryption,configured,password,gbean,rmi-naming, 
> unlockKeystore,shutdown
>             Fix For: 2.1.8
>
>         Attachments: ConfiguredEncryptionANDsecure.patch
>
>
> 1.Enable configured encryption and JMX security in config.xml
> 2.Start server
> 3.Execute "deploy.bat --secure unlockKeystore geronimo-default" or 
> "geronimo.bat stop --secure" and they fail
> 2012-03-26 13:30:03,344 ERROR [EditKeystoreHandler] Unable to unlock keystore 
> geronimo-default for editing.
> org.apache.geronimo.management.geronimo.KeystoreException: Unable to open 
> keystore with provided password
>       at 
> org.apache.geronimo.security.keystore.FileKeystoreInstance.loadKeystoreData(FileKeystoreInstance.java:664)
>       at 
> org.apache.geronimo.security.keystore.FileKeystoreInstance.ensureLoaded(FileKeystoreInstance.java:706)
>       at 
> org.apache.geronimo.security.keystore.FileKeystoreInstance.listTrustCertificates(FileKeystoreInstance.java:270)
>       at 
> org.apache.geronimo.console.keystores.BaseKeystoreHandler$KeystoreData.unlockEdit(BaseKeystoreHandler.java:252)
>       at 
> org.apache.geronimo.console.keystores.EditKeystoreHandler.actionAfterView(EditKeystoreHandler.java:69)
>       at 
> org.apache.geronimo.console.MultiPagePortlet.processAction(MultiPagePortlet.java:114)
>       at 
> org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:218)
>       at org.apache.pluto.core.PortletServlet.doPost(PortletServlet.java:145)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
>       at 
> org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551)
>       at 
> org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488)
>       at 
> org.apache.pluto.core.DefaultPortletInvokerService.invoke(DefaultPortletInvokerService.java:167)
>       at 
> org.apache.pluto.core.DefaultPortletInvokerService.action(DefaultPortletInvokerService.java:85)
>       at 
> org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:219)
>       at 
> org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:121)
>       at 
> org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:167)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> org.apache.geronimo.console.filter.PlutoURLRebuildFilter.doFilter(PlutoURLRebuildFilter.java:48)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> org.apache.geronimo.console.filter.XSSXSRFFilter.doFilter(XSSXSRFFilter.java:130)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>       at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>       at 
> org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:56)
>       at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
>       at 
> org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:406)
>       at 
> org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:47)
>       at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>       at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>       at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>       at 
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:589)
>       at 
> org.apache.geronimo.tomcat.valve.ThreadCleanerValve.invoke(ThreadCleanerValve.java:40)
>       at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291)
>       at 
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
>       at 
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
>       at 
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>       at java.lang.Thread.run(Thread.java:662)
> Caused by: java.io.IOException: Keystore was tampered with, or password was 
> incorrect
>       at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
>       at 
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
>       at java.security.KeyStore.load(KeyStore.java:1185)
>       at 
> org.apache.geronimo.security.keystore.FileKeystoreInstance.loadKeystoreData(FileKeystoreInstance.java:645)
>       ... 45 more
> Caused by: java.security.UnrecoverableKeyException: Password verification 
> failed
>       at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
>       ... 48 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to