Jboss SecurityVaultException - Jdk7u191

u2nhd7ah  于 12个月前  发布在  其他
关注(0)|答案(1)|浏览(192)

从JDK 7 u171切换到JDK 7 u191。在启动Jboss时看到以下错误。

05:05:51,804 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault --  org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:
    at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:89) [jboss-as-server-7.4.3.Final-redhat-2-bz-1195283.jar:7.4.3.Final-redhat-3]
    at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:75) [jboss-as-controller-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:611) [jboss-as-controller-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:489) [jboss-as-controller-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:290) [jboss-as-controller-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:285) [jboss-as-controller-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1132) [jboss-as-controller-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:322) [jboss-as-controller-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:292) [jboss-as-controller-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at org.jboss.as.server.ServerService.boot(ServerService.java:346) [jboss-as-server-7.4.3.Final-redhat-2-bz-1195283.jar:7.4.3.Final-redhat-3]
    at org.jboss.as.server.ServerService.boot(ServerService.java:321) [jboss-as-server-7.4.3.Final-redhat-2-bz-1195283.jar:7.4.3.Final-redhat-3]
    at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:254) [jboss-as-controller-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_191]
Caused by: org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:
    at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:95) [jboss-as-security-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:87) [jboss-as-server-7.4.3.Final-redhat-2-bz-1195283.jar:7.4.3.Final-redhat-3]
    ... 12 more
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX000140: Unable to get keystore (/instances/abc-test1/configuration/vault/vault.keystore)
    at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210) [picketbox-4.0.19.SP10-redhat-1.jar:4.0.19.SP10-redhat-1]
    at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:93) [jboss-as-security-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
    ... 13 more
Caused by: java.lang.RuntimeException: PBOX000140: Unable to get keystore (/instances/abc-test1/configuration/vault/vault.keystore)
    at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:678) [picketbox-4.0.19.SP10-redhat-1.jar:4.0.19.SP10-redhat-1]
    at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:205) [picketbox-4.0.19.SP10-redhat-1.jar:4.0.19.SP10-redhat-1]
    ... 14 more
Caused by: java.io.IOException: Invalid secret key format
    at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:861) [sunjce_provider.jar:1.7.0_191]
    at java.security.KeyStore.load(KeyStore.java:1357) [rt.jar:1.7.0_191]
    at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:201) [picketbox-4.0.19.SP10-redhat-1.jar:4.0.19.SP10-redhat-1]
    at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:151) [picketbox-4.0.19.SP10-redhat-1.jar:4.0.19.SP10-redhat-1]
    at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:675) [picketbox-4.0.19.SP10-redhat-1.jar:4.0.19.SP10-redhat-1]
    ... 15 more

05:05:51,825 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

字符串
05:05:51,867信息[org.jboss.as](MSC服务线程1-2)JBAS 015950:JBoss EAP 6.3.3.GA(AS 7.4.3.Final-redhat-2)在11毫秒内停止
JBoss EAP 6.3.3.GA(AS 7.4.3.Final-redhat-2)
java版本“1.7.0_191”Java(TM)SE虚拟机环境(build 1.7.0_191-b 08)Java HotSpot(TM)64位服务器虚拟机(build 24.191-b 08,混合模式)

am46iovg

am46iovg1#

如果你使用的是3DES算法,可能与JDK 1.7.0u181中的这个变化有关:
security-libs/javax.net.ssl禁用3DES密码套件
为了提高SSL/TLS连接的强度,在JDK中通过jdk.tls.disabledAlgorithms Security属性在SSL/TLS连接中禁用了3DES密码套件。
JDK-8175075(非公开)
您可以尝试Oracle中的指令重新启用3DES密码:

  • 在JDK 8和更早版本上,编辑/lib/security/java.security文件并从jdk.tls.legacyAlgorithms安全属性中删除3DES_EDE_CBC。
  • 在JDK 9上,编辑/conf/security/java.security文件并从jdk.tls.legacyAlgorithms安全属性中删除3DES_EDE_CBC。

例如,如果当前值为:

jdk.tls.legacyAlgorithms= \
    K_NULL, C_NULL, M_NULL, \
    DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
    DH_RSA_EXPORT, RSA_EXPORT, \
    DH_anon, ECDH_anon, \
    RC4_128, RC4_40, DES_CBC, DES40_CBC, \
    3DES_EDE_CBC

字符串
删除3DES_EDE_CBC后的新值为:

jdk.tls.legacyAlgorithms= \
    K_NULL, C_NULL, M_NULL, \
    DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
    DH_RSA_EXPORT, RSA_EXPORT, \
    DH_anon, ECDH_anon, \
    RC4_128, RC4_40, DES_CBC, DES40_CBC

相关问题