Bug 979117 - Misleading stacktrace on server startup with malformed security-domain
Misleading stacktrace on server startup with malformed security-domain
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ER7
: EAP 6.2.0
Assigned To: Stefan Guilhen
Depends On:
Blocks: 1002028
  Show dependency treegraph
Reported: 2013-06-27 12:16 EDT by Thomas Hauser
Modified: 2013-12-15 11:55 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-12-15 11:55:54 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SECURITY-751 Major Closed Misleading stacktrace on server startup with malformed security-domain 2013-12-06 07:05:02 EST

  None (edit)
Description Thomas Hauser 2013-06-27 12:16:06 EDT
Description of problem:
Mis-leading stack trace upon server startup. Occurs when adding a <security-domain> with a malformed <jsse> element. 

Version-Release number of selected component (if applicable):
Picketbox version: 4.0.17.Final-redhat-1

How reproducible:

Steps to Reproduce:
1. Start the server in standalone mode.

2. Run the following jboss-cli.sh commands:

3. See the stacktrace: 
11:49:45,138 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service jboss.security.security-domain.test: org.jboss.msc.service.StartException in service jboss.security.security-domain.test: JBAS013308: Unable to start the SecurityDomainService service
	at org.jboss.as.security.service.SecurityDomainService.start(SecurityDomainService.java:107)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
Caused by: java.lang.RuntimeException: PBOX000117: Invalid KeyStore type: JKS
	at org.jboss.security.JBossJSSESecurityDomain.loadKeyAndTrustStore(JBossJSSESecurityDomain.java:469)
	at org.jboss.security.JBossJSSESecurityDomain.reloadKeyAndTrustStore(JBossJSSESecurityDomain.java:335)
	at org.jboss.as.security.service.SecurityDomainService.start(SecurityDomainService.java:104)
	... 5 more

Actual results:
Stacktrace says that the keystore type "JKS" is not supported. This is the default keystore type, so this is not true. 

Expected results:
I believe that the stacktrace should report that the keystore-url attribute is missing, since adding only that attribute causes the stacktrace to disappear.
Comment 5 Thomas Hauser 2013-07-22 09:52:05 EDT
I think it is reasonable to assign this to a "high" severity, since the result is a non-functional server configuration.
Comment 7 JBoss JIRA Server 2013-08-30 10:27:02 EDT
Stefan Guilhen <sguilhen@redhat.com> updated the status of jira SECURITY-751 to Closed
Comment 8 JBoss JIRA Server 2013-08-30 10:27:02 EDT
Stefan Guilhen <sguilhen@redhat.com> made a comment on jira SECURITY-751

There was an incorrect if-else clause in JBossJSSESecurityDomain that was causing the server to print this message when in fact the problem was that the KeyStore URL was null. This has been fixed in PicketBox.
Comment 12 FIlip Bogyai 2013-12-06 06:44:06 EST
Verified in 6.2.0.ER7 & 6.2.0.GA

Note You need to log in before you can comment on or make changes to this bug.