Bug 979117 - Misleading stacktrace on server startup with malformed security-domain
Summary: Misleading stacktrace on server startup with malformed security-domain
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ER7
: EAP 6.2.0
Assignee: Stefan Guilhen
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1002028
TreeView+ depends on / blocked
 
Reported: 2013-06-27 16:16 UTC by Thomas Hauser
Modified: 2013-12-15 16:55 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-12-15 16:55:54 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SECURITY-751 0 Major Closed Misleading stacktrace on server startup with malformed security-domain 2013-12-06 12:05:02 UTC

Description Thomas Hauser 2013-06-27 16:16:06 UTC
Description of problem:
Mis-leading stack trace upon server startup. Occurs when adding a <security-domain> with a malformed <jsse> element. 

Version-Release number of selected component (if applicable):
Picketbox version: 4.0.17.Final-redhat-1

How reproducible:
Always

Steps to Reproduce:
1. Start the server in standalone mode.
./standalone.sh 

2. Run the following jboss-cli.sh commands:
/subsystem=security/security-domain=test:add()
/subsystem=security/security-domain=test1/jsse=classic:add(keystore={password=123456})
:reload

3. See the stacktrace: 
11:49:45,138 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service jboss.security.security-domain.test: org.jboss.msc.service.StartException in service jboss.security.security-domain.test: JBAS013308: Unable to start the SecurityDomainService service
	at org.jboss.as.security.service.SecurityDomainService.start(SecurityDomainService.java:107)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
Caused by: java.lang.RuntimeException: PBOX000117: Invalid KeyStore type: JKS
	at org.jboss.security.JBossJSSESecurityDomain.loadKeyAndTrustStore(JBossJSSESecurityDomain.java:469)
	at org.jboss.security.JBossJSSESecurityDomain.reloadKeyAndTrustStore(JBossJSSESecurityDomain.java:335)
	at org.jboss.as.security.service.SecurityDomainService.start(SecurityDomainService.java:104)
	... 5 more

Actual results:
Stacktrace says that the keystore type "JKS" is not supported. This is the default keystore type, so this is not true. 

Expected results:
I believe that the stacktrace should report that the keystore-url attribute is missing, since adding only that attribute causes the stacktrace to disappear.

Comment 5 Thomas Hauser 2013-07-22 13:52:05 UTC
I think it is reasonable to assign this to a "high" severity, since the result is a non-functional server configuration.

Comment 7 JBoss JIRA Server 2013-08-30 14:27:02 UTC
Stefan Guilhen <sguilhen> updated the status of jira SECURITY-751 to Closed

Comment 8 JBoss JIRA Server 2013-08-30 14:27:02 UTC
Stefan Guilhen <sguilhen> made a comment on jira SECURITY-751

There was an incorrect if-else clause in JBossJSSESecurityDomain that was causing the server to print this message when in fact the problem was that the KeyStore URL was null. This has been fixed in PicketBox.

Comment 12 FIlip Bogyai 2013-12-06 11:44:06 UTC
Verified in 6.2.0.ER7 & 6.2.0.GA


Note You need to log in before you can comment on or make changes to this bug.