You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "xiezhi (JIRA)" <ji...@apache.org> on 2013/03/08 10:00:21 UTC
[jira] [Commented] (GERONIMO-6440) unlock keystore action appears
to be broken when running server against Oracle JDK 1.7
[ https://issues.apache.org/jira/browse/GERONIMO-6440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13596951#comment-13596951 ]
xiezhi commented on GERONIMO-6440:
----------------------------------
The root cause is there is no action in Oracle JDK1.7 when ThreadGroupContext.getContext().getPropertyEditorFinder().find(targetType) couldn't find a PropertyEditor.
In Oracle JDK1.6 the PropertyEditorManager uses three techniques for locating an editor for a give type.
1. It provides a registerEditor method to allow an editor to be specifically registered for a given type.
2. It tries to locate a suitable class by adding "Editor" to the full qualified classname of the given type (e.g. "foo.bah.FozEditor").
3. It takes the simple classname (without the package name) adds "Editor" to it and looks in a search-path of packages for a matching class
Obviously, it misses the last 2 techniques in 1.7.
So I think we should add the missed techniques in org.apache.geronimo.common.propertyeditor.findEditor(Class).
> unlock keystore action appears to be broken when running server against Oracle JDK 1.7
> --------------------------------------------------------------------------------------
>
> Key: GERONIMO-6440
> URL: https://issues.apache.org/jira/browse/GERONIMO-6440
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: JVM-compatibility
> Affects Versions: 3.0-beta-1
> Reporter: xiezhi
> Priority: Blocker
>
> To reproduce the issue, you can follow the steps below.
> 1.Start geronimo 3.0 server.
> 2.Use keytool command to create a keystore with a key. For example,
> keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 2048 -dname "cn=test.apache.org,c=US" -validity 365 -storepass welcome1
> 3.Copy the keystore to <geronimo-home>\var\security\keystores
> 4.use deploy encrypt to encrypt the password "welcome",go the encrypt string:
> {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> add the string into config-substitution.properties like this:
> test.jks = {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> testkey = {Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
> 5. restart the server.
> 6. use deploy unlock-keystore command to unlock test.jks. For example,
> deploy -u system -p manager unlock-keystore test.jks
> The result is the unlock action seems to success. But you can find an ERROR below in admin console. It will generate a incomplete j2ee-security module in config.xml. When you restart the server, you will fail on it.
> 2013-02-27 11:41:06,564 WARN [FileKeystoreManager] keystoreType for new keystore "test.jks" set to "jks" based on file extension.
> 2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format attribute of type java.net.URI; no editor found
> 2013-02-27 11:41:06,660 WARN [BasicProxyManager] Could not load interface org.apache.geronimo.security.keystore.FileKeystoreInsta
> nce in provided ClassLoader for org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
> j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira