Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 979117

Summary: Misleading stacktrace on server startup with malformed security-domain
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Thomas Hauser <thauser>
Component: SecurityAssignee: Stefan Guilhen <sguilhen>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: anil.saldhana, asaldhan, fbogyai, jawilson, jcacek, jdoyle, myarboro, thauser
Target Milestone: ER7   
Target Release: EAP 6.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-15 16:55:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1002028    

Description Thomas Hauser 2013-06-27 16:16:06 UTC
Description of problem:
Mis-leading stack trace upon server startup. Occurs when adding a <security-domain> with a malformed <jsse> element. 

Version-Release number of selected component (if applicable):
Picketbox version: 4.0.17.Final-redhat-1

How reproducible:
Always

Steps to Reproduce:
1. Start the server in standalone mode.
./standalone.sh 

2. Run the following jboss-cli.sh commands:
/subsystem=security/security-domain=test:add()
/subsystem=security/security-domain=test1/jsse=classic:add(keystore={password=123456})
:reload

3. See the stacktrace: 
11:49:45,138 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service jboss.security.security-domain.test: org.jboss.msc.service.StartException in service jboss.security.security-domain.test: JBAS013308: Unable to start the SecurityDomainService service
	at org.jboss.as.security.service.SecurityDomainService.start(SecurityDomainService.java:107)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
Caused by: java.lang.RuntimeException: PBOX000117: Invalid KeyStore type: JKS
	at org.jboss.security.JBossJSSESecurityDomain.loadKeyAndTrustStore(JBossJSSESecurityDomain.java:469)
	at org.jboss.security.JBossJSSESecurityDomain.reloadKeyAndTrustStore(JBossJSSESecurityDomain.java:335)
	at org.jboss.as.security.service.SecurityDomainService.start(SecurityDomainService.java:104)
	... 5 more

Actual results:
Stacktrace says that the keystore type "JKS" is not supported. This is the default keystore type, so this is not true. 

Expected results:
I believe that the stacktrace should report that the keystore-url attribute is missing, since adding only that attribute causes the stacktrace to disappear.

Comment 5 Thomas Hauser 2013-07-22 13:52:05 UTC
I think it is reasonable to assign this to a "high" severity, since the result is a non-functional server configuration.

Comment 7 JBoss JIRA Server 2013-08-30 14:27:02 UTC
Stefan Guilhen <sguilhen> updated the status of jira SECURITY-751 to Closed

Comment 8 JBoss JIRA Server 2013-08-30 14:27:02 UTC
Stefan Guilhen <sguilhen> made a comment on jira SECURITY-751

There was an incorrect if-else clause in JBossJSSESecurityDomain that was causing the server to print this message when in fact the problem was that the KeyStore URL was null. This has been fixed in PicketBox.

Comment 12 FIlip Bogyai 2013-12-06 11:44:06 UTC
Verified in 6.2.0.ER7 & 6.2.0.GA