Description of problem: Mis-leading stack trace upon server startup. Occurs when adding a <security-domain> with a malformed <jsse> element. Version-Release number of selected component (if applicable): Picketbox version: 4.0.17.Final-redhat-1 How reproducible: Always Steps to Reproduce: 1. Start the server in standalone mode. ./standalone.sh 2. Run the following jboss-cli.sh commands: /subsystem=security/security-domain=test:add() /subsystem=security/security-domain=test1/jsse=classic:add(keystore={password=123456}) :reload 3. See the stacktrace: 11:49:45,138 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service jboss.security.security-domain.test: org.jboss.msc.service.StartException in service jboss.security.security-domain.test: JBAS013308: Unable to start the SecurityDomainService service at org.jboss.as.security.service.SecurityDomainService.start(SecurityDomainService.java:107) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: java.lang.RuntimeException: PBOX000117: Invalid KeyStore type: JKS at org.jboss.security.JBossJSSESecurityDomain.loadKeyAndTrustStore(JBossJSSESecurityDomain.java:469) at org.jboss.security.JBossJSSESecurityDomain.reloadKeyAndTrustStore(JBossJSSESecurityDomain.java:335) at org.jboss.as.security.service.SecurityDomainService.start(SecurityDomainService.java:104) ... 5 more Actual results: Stacktrace says that the keystore type "JKS" is not supported. This is the default keystore type, so this is not true. Expected results: I believe that the stacktrace should report that the keystore-url attribute is missing, since adding only that attribute causes the stacktrace to disappear.
I think it is reasonable to assign this to a "high" severity, since the result is a non-functional server configuration.
Stefan Guilhen <sguilhen> updated the status of jira SECURITY-751 to Closed
Stefan Guilhen <sguilhen> made a comment on jira SECURITY-751 There was an incorrect if-else clause in JBossJSSESecurityDomain that was causing the server to print this message when in fact the problem was that the KeyStore URL was null. This has been fixed in PicketBox.
Verified in 6.2.0.ER7 & 6.2.0.GA