···
On Fri, May 27, 2016 at 2:53 PM, Stefan Steiniger <sstein@anonymised.com> wrote:
Hi, just want to confirm that we found a new JDK version installed from auto update. Which brings us most likely closer to a solution.
thanks,
stefan
On 5/26/16 23:16, Christian Mueller wrote:
Hi
@Andrea, this is not a wild guess and could be the reason for this problem. Concerning security, OpenJDK makes live easier because it is unrestricted out of the box whilst Oralce JDK is not.
Cheers
Christian
–
On Thu, May 26, 2016 at 8:46 PM, Andrea Aime <andrea.aime@anonymised.com> wrote:
Hi,
I’m making a wild guess and I might be way off the mark, so sorry in advance if it does not help but…
could it be that you once installed the unrestricted policy jars for strong encryption, and then
a JDK upgrade happened, it wiped out those jars (they are in the JDK itself), and now you cannot perform the same
type of encryption anymore?
Cheers
Andrea
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
On Thu, May 26, 2016 at 7:33 PM, Stefan Steiniger <sstein@anonymised.com> wrote:
Hi,
thanks for the idea. I meant: deleting the default password file as the instructions suggest. The problem seems also that we would have to get GeoServer running at least once, but we haven’t achieved this.
Apart from that we did no new installation, everything is as it was before. But it seems like the problem is related to a security feature according to a new extended log output (see below) - my colleague is looking into that now (as I am giving a course all day).
stefan
===============
26 May 12:27:00 INFO [geoserver.wps] - Found 29 bindable processes in Vector processes
26 May 12:27:00 INFO [geoserver.wps] - Blacklisting process geonode:BatchDownload as the input LAYERS of type class org.geonode.process.batchdownload.LayerReference cannot be handled
26 May 12:27:00 INFO [geoserver.wps] - Blacklisting process geonode:BatchDownload as the input map of type class org.geonode.process.batchdownload.MapMetadata cannot be handled
26 May 12:27:00 INFO [geoserver.wps] - Blacklisting process geonode:BatchDownload as the output ZippedFile of type interface org.geonode.process.storage.Resource cannot be handled
26 May 12:27:00 INFO [geoserver.wps] - Found 0 bindable processes in Batch Downloader
26 May 12:27:00 INFO [geoserver.wps] - Found 4 bindable processes in GeoServer specific processes
26 May 12:27:00 INFO [geoserver.wps] - Found 89 bindable processes in Deprecated processes
May 26, 2016 12:27:00 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.geoserver.platform.GeoServerContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error occured reading security configuration; nested exception is java.lang.RuntimeException: org.jasypt.exceptions.EncryptionOperationNotPossibleException
at org.geoserver.security.GeoServerSecurityManager.onApplicationEvent(GeoServerSecurityManager.java:346)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:327)
at org.geoserver.platform.GeoServerContextLoaderListener.contextInitialized(GeoServerContextLoaderListener.java:25)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4779)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5273)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:895)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:871)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:649)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1581)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:701)
Caused by: java.lang.RuntimeException: org.jasypt.exceptions.EncryptionOperationNotPossibleException
at org.geoserver.security.GeoServerSecurityManager.getMasterPassword(GeoServerSecurityManager.java:1631)
at org.geoserver.security.KeyStoreProviderImpl.assertActivatedKeyStore(KeyStoreProviderImpl.java:236)
at org.geoserver.security.KeyStoreProviderImpl.reloadKeyStore(KeyStoreProviderImpl.java:103)
at org.geoserver.security.concurrent.LockingKeyStoreProvider.reloadKeyStore(LockingKeyStoreProvider.java:79)
at org.geoserver.security.GeoServerSecurityManager.init(GeoServerSecurityManager.java:429)
at org.geoserver.security.GeoServerSecurityManager.init(GeoServerSecurityManager.java:420)
at org.geoserver.security.GeoServerSecurityManager.onApplicationEvent(GeoServerSecurityManager.java:339)
… 17 more
Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:918)
at org.geoserver.security.password.URLMasterPasswordProvider.decode(URLMasterPasswordProvider.java:130)
at org.geoserver.security.password.URLMasterPasswordProvider.doGetMasterPassword(URLMasterPasswordProvider.java:76)
at org.geoserver.security.MasterPasswordProvider.getMasterPassword(MasterPasswordProvider.java:34)
at org.geoserver.security.GeoServerSecurityManager.getMasterPassword(GeoServerSecurityManager.java:1629)
… 23 more
May 26, 2016 12:27:00 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error listenerStart
May 26, 2016 12:27:00 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/geoserver] startup failed due to previous errors
May 26, 2016 12:27:00 PM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
26 May 12:27:00 WARN [support.DisposableBeanAdapter] - Invocation of destroy method failed on bean with name ‘printingWrapper’: java.lang.NullPointerException
26 May 12:27:00 INFO [georss.GeoRSSPoller] - destroy() invoked
26 May 12:27:00 INFO [geowebcache.GeoWebCacheDispatcher] - GeoWebCacheDispatcher.destroy() was invoked, shutting down.
26 May 12:27:00 INFO [diskquota.DiskQuotaMonitor] - Disk quota monitor shutting down…
26 May 12:27:00 INFO [diskquota.DiskQuotaMonitor] - Shutting down quota usage monitor…
26 May 12:27:00 INFO [diskquota.QuotaUpdatesMonitor] - Shutting down quota usage monitor…
26 May 12:27:00 INFO [diskquota.DiskQuotaMonitor] - Shutting down quota statistics gathering monitor…
26 May 12:27:00 INFO [diskquota.QueuedQuotaUpdatesConsumer] - Shutting down quota update background task due to InterruptedException
26 May 12:27:00 INFO [diskquota.QueuedUsageStatsConsumer] - Shutting down quota update background task due to interrupted exception
26 May 12:27:00 INFO [seed.SeederThreadPoolExecutor] - Initiating shut down for running and pending seed tasks…
26 May 12:27:00 INFO [seed.SeederThreadPoolExecutor] - Seeder thread pool executor shut down complete.
26 May 12:27:00 INFO [storage.DefaultStorageBroker] - Destroying StorageBroker
26 May 12:27:00 WARN [support.DisposableBeanAdapter] - Invocation of destroy method failed on bean with name ‘geoServerLoader’: org.springframework.beans.factory.BeanCreationNotAllowedException: Error creating bean with name ‘GWCLifeCycleHandler’: Singleton bean creation not allowed while the singletons of this factory are in destruction (Do not request a bean from a BeanFactory in a destroy method implementation!)
May 26, 2016 12:27:02 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@anonymised.com]) and a value of type [org.geotools.referencing.operation.projection.TransverseMercator.Provider] (value [PROJECTION[“Transverse_Mercator”]]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
May 26, 2016 12:27:02 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal with key of type [org.apache.commons.lang.builder.HashCodeBuilder$1] (value [org.apache.commons.lang.builder.HashCodeBuilder$1@anonymised.com]) and a value of type [java.util.HashSet] (value [[]]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
May 26, 2016 12:27:02 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal with key of type [org.eclipse.emf.ecore.xml.type.util.XMLTypeUtil.CharArrayThreadLocal] (value [org.eclipse.emf.ecore.xml.type.util.XMLTypeUtil$CharArrayThreadLocal@anonymised.com15…]) and a value of type [char[]] (value [[C@anonymised.com]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
May 26, 2016 12:27:02 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@anonymised.com]) and a value of type [org.geotools.referencing.wkt.Formatter] (value []) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
May 26, 2016 12:27:02 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@anonymised.com]) and a value of type [org.springframework.security.core.context.SecurityContextImpl] (value [org.springframework.security.core.context.SecurityContextImpl@anonymised.com: Null authentication]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
May 26, 2016 12:27:02 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks
SEVERE: The web application [/geoserver] created a ThreadLocal with key of type [org.eclipse.emf.ecore.impl.EClassImpl$1] (value [org.eclipse.emf.ecore.impl.EClassImpl$1@anonymised.com9…]) and a value of type [java.util.HashSet] (value [[]]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
May 26, 2016 12:27:02 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
May 26, 2016 12:27:02 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler [“http-bio-8080”]
May 26, 2016 12:27:02 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 20835 ms
On 05/26/2016 08:22 AM, Christian Mueller wrote:
Hi
What do you mean with deleting the admin password ?
Obviously GeoServer cannot decode the password of your datastore. I assume you did a fresh installation and the GeoServer internal key material
has changed. Different GeoServer installations use different key material.
Solution: find the xml config file for your datastore. Search the XML element named “password”. Replace the password with:
plain:mypassword.
After restarting, use the admin GUI, open the edit view of your datastore and save the config. This will encrypt the password using your new internal keys.
Cheers
Christian
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
