Uploaded image for project: 'Geronimo'
  1. Geronimo
  2. GERONIMO-6310

Server can not shutdown or deploy when enable configured encryption and JMX security at the same time

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.1.7, 2.1.8, 3.0-M1, 3.0-beta-1
    • 2.1.8
    • crypto
    • Security Level: public (Regular issues)
    • Patch Available

    Description

      1.Enable configured encryption and JMX security in config.xml
      2.Start server
      3.Execute "deploy.bat --secure unlockKeystore geronimo-default" or "geronimo.bat stop --secure" and they fail

      2012-03-26 13:30:03,344 ERROR [EditKeystoreHandler] Unable to unlock keystore geronimo-default for editing.
      org.apache.geronimo.management.geronimo.KeystoreException: Unable to open keystore with provided password
      at org.apache.geronimo.security.keystore.FileKeystoreInstance.loadKeystoreData(FileKeystoreInstance.java:664)
      at org.apache.geronimo.security.keystore.FileKeystoreInstance.ensureLoaded(FileKeystoreInstance.java:706)
      at org.apache.geronimo.security.keystore.FileKeystoreInstance.listTrustCertificates(FileKeystoreInstance.java:270)
      at org.apache.geronimo.console.keystores.BaseKeystoreHandler$KeystoreData.unlockEdit(BaseKeystoreHandler.java:252)
      at org.apache.geronimo.console.keystores.EditKeystoreHandler.actionAfterView(EditKeystoreHandler.java:69)
      at org.apache.geronimo.console.MultiPagePortlet.processAction(MultiPagePortlet.java:114)
      at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:218)
      at org.apache.pluto.core.PortletServlet.doPost(PortletServlet.java:145)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
      at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551)
      at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488)
      at org.apache.pluto.core.DefaultPortletInvokerService.invoke(DefaultPortletInvokerService.java:167)
      at org.apache.pluto.core.DefaultPortletInvokerService.action(DefaultPortletInvokerService.java:85)
      at org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:219)
      at org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:121)
      at org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:167)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.geronimo.console.filter.PlutoURLRebuildFilter.doFilter(PlutoURLRebuildFilter.java:48)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.geronimo.console.filter.XSSXSRFFilter.doFilter(XSSXSRFFilter.java:130)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:56)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
      at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:406)
      at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:47)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:589)
      at org.apache.geronimo.tomcat.valve.ThreadCleanerValve.invoke(ThreadCleanerValve.java:40)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
      at java.lang.Thread.run(Thread.java:662)
      Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
      at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
      at java.security.KeyStore.load(KeyStore.java:1185)
      at org.apache.geronimo.security.keystore.FileKeystoreInstance.loadKeystoreData(FileKeystoreInstance.java:645)
      ... 45 more
      Caused by: java.security.UnrecoverableKeyException: Password verification failed
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
      ... 48 more

      Attachments

        Activity

          People

            saphen Saphen Qiu
            saphen Saphen Qiu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: