Hi, just want to confirm that we found a new JDK version installed from
auto update. Which brings us most likely closer to a solution.
thanks,
stefan
On 5/26/16 23:16, Christian Mueller wrote:
Hi
@Andrea, this is not a wild guess and could be the reason for this
problem. Concerning security, OpenJDK makes live easier because it is
unrestricted out of the box whilst Oralce JDK is not.
Cheers
Christian
On Thu, May 26, 2016 at 8:46 PM, Andrea Aime
<[email protected] <mailto:[email protected]>>
wrote:
Hi,
I'm making a wild guess and I might be way off the mark, so sorry
in advance if it does not help but...
could it be that you once installed the unrestricted policy jars
for strong encryption, and then
a JDK upgrade happened, it wiped out those jars (they are in the
JDK itself), and now you cannot perform the same
type of encryption anymore?
Cheers
Andrea
On Thu, May 26, 2016 at 7:33 PM, Stefan Steiniger
<[email protected] <mailto:[email protected]>> wrote:
Hi,
thanks for the idea. I meant: deleting the default password
file as the instructions suggest. The problem seems also that
we would have to get GeoServer running at least once, but we
haven't achieved this.
Apart from that we did no new installation, everything is as
it was before. But it seems like the problem is related to a
security feature according to a new extended log output (see
below) - my colleague is looking into that now (as I am giving
a course all day).
stefan
===============
/26 May 12:27:00 INFO [geoserver.wps] - Found 29 bindable
processes in Vector processes
26 May 12:27:00 INFO [geoserver.wps] - Blacklisting process
geonode:BatchDownload as the input LAYERS of type class
org.geonode.process.batchdownload.LayerReference cannot be handled
26 May 12:27:00 INFO [geoserver.wps] - Blacklisting process
geonode:BatchDownload as the input map of type class
org.geonode.process.batchdownload.MapMetadata cannot be handled
26 May 12:27:00 INFO [geoserver.wps] - Blacklisting process
geonode:BatchDownload as the output ZippedFile of type
interface org.geonode.process.storage.Resource cannot be handled
26 May 12:27:00 INFO [geoserver.wps] - Found 0 bindable
processes in Batch Downloader
26 May 12:27:00 INFO [geoserver.wps] - Found 4 bindable
processes in GeoServer specific processes
26 May 12:27:00 INFO [geoserver.wps] - Found 89 bindable
processes in Deprecated processes
May 26, 2016 12:27:00 PM
org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to
listener instance of class
org.geoserver.platform.GeoServerContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error
occured reading security configuration; nested exception is
java.lang.RuntimeException:
org.jasypt.exceptions.EncryptionOperationNotPossibleException
at
org.geoserver.security.GeoServerSecurityManager.onApplicationEvent(GeoServerSecurityManager.java:346)
at
org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
at
org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:327)
at
org.geoserver.platform.GeoServerContextLoaderListener.contextInitialized(GeoServerContextLoaderListener.java:25)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4779)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5273)
at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:895)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:871)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:649)
at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1581)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:701)
Caused by: java.lang.RuntimeException:
org.jasypt.exceptions.EncryptionOperationNotPossibleException
at
org.geoserver.security.GeoServerSecurityManager.getMasterPassword(GeoServerSecurityManager.java:1631)
at
org.geoserver.security.KeyStoreProviderImpl.assertActivatedKeyStore(KeyStoreProviderImpl.java:236)
at
org.geoserver.security.KeyStoreProviderImpl.reloadKeyStore(KeyStoreProviderImpl.java:103)
at
org.geoserver.security.concurrent.LockingKeyStoreProvider.reloadKeyStore(LockingKeyStoreProvider.java:79)
at
org.geoserver.security.GeoServerSecurityManager.init(GeoServerSecurityManager.java:429)
at
org.geoserver.security.GeoServerSecurityManager.init(GeoServerSecurityManager.java:420)
at
org.geoserver.security.GeoServerSecurityManager.onApplicationEvent(GeoServerSecurityManager.java:339)
... 17 more
Caused by:
org.jasypt.exceptions.EncryptionOperationNotPossibleException
at
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:918)
at
org.geoserver.security.password.URLMasterPasswordProvider.decode(URLMasterPasswordProvider.java:130)
at
org.geoserver.security.password.URLMasterPasswordProvider.doGetMasterPassword(URLMasterPasswordProvider.java:76)
at
org.geoserver.security.MasterPasswordProvider.getMasterPassword(MasterPasswordProvider.java:34)
at
org.geoserver.security.GeoServerSecurityManager.getMasterPassword(GeoServerSecurityManager.java:1629)
... 23 more
May 26, 2016 12:27:00 PM
org.apache.catalina.core.StandardContext startInternal
SEVERE: Error listenerStart
May 26, 2016 12:27:00 PM
org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/geoserver] startup failed due to previous errors
May 26, 2016 12:27:00 PM
org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
26 May 12:27:00 WARN [support.DisposableBeanAdapter] -
Invocation of destroy method failed on bean with name
'printingWrapper': java.lang.NullPointerException
26 May 12:27:00 INFO [georss.GeoRSSPoller] - destroy() invoked
26 May 12:27:00 INFO [geowebcache.GeoWebCacheDispatcher] -
GeoWebCacheDispatcher.destroy() was invoked, shutting down.
26 May 12:27:00 INFO [diskquota.DiskQuotaMonitor] - Disk quota
monitor shutting down...
26 May 12:27:00 INFO [diskquota.DiskQuotaMonitor] - Shutting
down quota usage monitor...
26 May 12:27:00 INFO [diskquota.QuotaUpdatesMonitor] -
Shutting down quota usage monitor...
26 May 12:27:00 INFO [diskquota.DiskQuotaMonitor] - Shutting
down quota statistics gathering monitor...
26 May 12:27:00 INFO [diskquota.QueuedQuotaUpdatesConsumer] -
Shutting down quota update background task due to
InterruptedException
26 May 12:27:00 INFO [diskquota.QueuedUsageStatsConsumer] -
Shutting down quota update background task due to interrupted
exception
26 May 12:27:00 INFO [seed.SeederThreadPoolExecutor] -
Initiating shut down for running and pending seed tasks...
26 May 12:27:00 INFO [seed.SeederThreadPoolExecutor] - Seeder
thread pool executor shut down complete.
26 May 12:27:00 INFO [storage.DefaultStorageBroker] -
Destroying StorageBroker
26 May 12:27:00 WARN [support.DisposableBeanAdapter] -
Invocation of destroy method failed on bean with name
'geoServerLoader':
org.springframework.beans.factory.BeanCreationNotAllowedException:
Error creating bean with name 'GWCLifeCycleHandler': Singleton
bean creation not allowed while the singletons of this factory
are in destruction (Do not request a bean from a BeanFactory
in a destroy method implementation!)
May 26, 2016 12:27:02 PM
org.apache.catalina.loader.WebappClassLoader
checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal
with key of type [java.lang.ThreadLocal] (value
[java.lang.ThreadLocal@4668c5ea]) and a value of type
[org.geotools.referencing.operation.projection.TransverseMercator.Provider]
(value [PROJECTION["Transverse_Mercator"]]) but failed to
remove it when the web application was stopped. Threads are
going to be renewed over time to try and avoid a probable
memory leak.
May 26, 2016 12:27:02 PM
org.apache.catalina.loader.WebappClassLoader
checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal
with key of type
[org.apache.commons.lang.builder.HashCodeBuilder$1] (value
[org.apache.commons.lang.builder.HashCodeBuilder$1@20b9f0d0])
and a value of type [java.util.HashSet] (value [[]]) but
failed to remove it when the web application was stopped.
Threads are going to be renewed over time to try and avoid a
probable memory leak.
May 26, 2016 12:27:02 PM
org.apache.catalina.loader.WebappClassLoader
checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal
with key of type
[org.eclipse.emf.ecore.xml.type.util.XMLTypeUtil.CharArrayThreadLocal]
(value
[org.eclipse.emf.ecore.xml.type.util.XMLTypeUtil$CharArrayThreadLocal@53877bc7])
and a value of type [char[]] (value [[C@63cf70a8]) but failed
to remove it when the web application was stopped. Threads are
going to be renewed over time to try and avoid a probable
memory leak.
May 26, 2016 12:27:02 PM
org.apache.catalina.loader.WebappClassLoader
checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal
with key of type [java.lang.ThreadLocal] (value
[java.lang.ThreadLocal@47ed58c9]) and a value of type
[org.geotools.referencing.wkt.Formatter] (value []) but failed
to remove it when the web application was stopped. Threads are
going to be renewed over time to try and avoid a probable
memory leak.
May 26, 2016 12:27:02 PM
org.apache.catalina.loader.WebappClassLoader
checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal
with key of type [java.lang.ThreadLocal] (value
[java.lang.ThreadLocal@2f601903]) and a value of type
[org.springframework.security.core.context.SecurityContextImpl]
(value
[org.springframework.security.core.context.SecurityContextImpl@ffffffff:
Null authentication]) but failed to remove it when the web
application was stopped. Threads are going to be renewed over
time to try and avoid a probable memory leak.
May 26, 2016 12:27:02 PM
org.apache.catalina.loader.WebappClassLoader
checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal
with key of type [org.eclipse.emf.ecore.impl.EClassImpl$1]
(value [org.eclipse.emf.ecore.impl.EClassImpl$1@4e0a2c41]) and
a value of type [java.util.HashSet] (value [[]]) but failed to
remove it when the web application was stopped. Threads are
going to be renewed over time to try and avoid a probable
memory leak.
May 26, 2016 12:27:02 PM
org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory
/var/lib/tomcat7/webapps/ROOT
May 26, 2016 12:27:02 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
May 26, 2016 12:27:02 PM org.apache.catalina.startup.Catalina
start
INFO: Server startup in 20835 ms/
On 05/26/2016 08:22 AM, Christian Mueller wrote:
Hi
What do you mean with deleting the admin password ?
Obviously GeoServer cannot decode the password of your
datastore. I assume you did a fresh installation and the
GeoServer internal key material
has changed. Different GeoServer installations use different
key material.
Solution: find the xml config file for your datastore. Search
the XML element named "password". Replace the password with:
plain:mypassword.
After restarting, use the admin GUI, open the edit view of
your datastore and save the config. This will encrypt the
password using your new internal keys.
Cheers
Christian
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting.
Employees who
bring their own devices (BYOD) to work are irked by the
imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control
only the
apps on BYO-devices by containerizing them, leaving personal
data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Geoserver-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313 <tel:%2B39%200584%20962313>
fax: +39 0584 1660272 <tel:%2B39%200584%201660272>
mob: +39 339 8844549 <tel:%2B39%20%C2%A0339%208844549>
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica
e/o nel/i file/s allegato/i sono da considerarsi strettamente
riservate. Il loro utilizzo è consentito esclusivamente al
destinatario del messaggio, per le finalità indicate nel messaggio
stesso. Qualora riceviate questo messaggio senza esserne il
destinatario, Vi preghiamo cortesemente di darcene notizia via
e-mail e di procedere alla distruzione del messaggio stesso,
cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti,
copiarlo, od utilizzarlo per finalità diverse, costituisce
comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended
solely for the attention and use of the named addressee(s) and may
be confidential or proprietary in nature or covered by the
provisions of privacy act (Legislative Decree June, 30 2003,
no.196 - Italy's New Data Protection Code).Any use not in accord
with its purpose, any disclosure, reproduction, copying,
distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please
contact immediately the sender by telephone, fax or e-mail and
delete the information in this message that has been received in
error. The sender does not give any warranty or accept liability
as the content, accuracy or completeness of sent messages and
accepts no responsibility for changes made after they were sent
or for other risks which arise as a result of e-mail transmission,
viruses, etc.
-------------------------------------------------------
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition
of MDM
restrictions. Mobile Device Manager Plus allows you to control
only the
apps on BYO-devices by containerizing them, leaving personal data
untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Geoserver-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
