Tomcat 8 Manager war部署上传因SSL失败

时间:2016-07-07 20:32:30

标签: java tomcat ssl encryption deployment

这是一个奇怪的事情 - 我看起来既高又低的线索,但没有到达任何地方。在Solaris上运行Tomcat 8 / Java 8。为SSL配置的NIO连接器。一切似乎都运行良好,但现在通过管理器部署war文件在Firefox和Chrome上失败。它仍然似乎在旧的仿真节点中使用IE 11。不同的浏览器提出不同的投诉: FF - 安全连接失败,Chrome - 无法访问此站点。 其他一切似乎都有效 - 您可以登录管理器,SSL连接看起来配置正确,您可以浏览到各种管理器页面,但文件上载部署失败。我检查了管理器日志,这个请求的错误似乎与bufferCrypt和NativeGCMCipher有关。 (见下面的堆栈跟踪) 我试过了: - 更新到最新的JDK(u92) - Oracle在NativeGCMCipher中报告了一个缓冲区大小确定问题 - 在连接器中设置较大的缓冲区,即socket.rxBufSize,socket.txBufSize和socketBuffer - 转到BIO连接器(认为这解决了另一台服务器上的这个问题) 但是没有任何运气。

如果有人有任何建议,将不胜感激。我们可以使用IE进行上传或简单的复制部署,但我担心这个更大问题的迹象会在我们在这些服务器上输出25个应用程序时咬我们。

这是来自经理日志的堆栈跟踪:

07-Jul-2016 13:44:12.597 INFO [http-nio-8086-exec-19] org.apache.catalina.core.ApplicationContext.log HTMLManager: list: Listing contexts for virtual host 'localhost'
07-Jul-2016 13:44:50.623 SEVERE [http-nio-8086-exec-19] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [HTMLManager] in context with path [/manager] threw exception
 java.security.ProviderException: Could not determine buffer size
    at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:843)
    at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
    at javax.crypto.Cipher.doFinal(Cipher.java:2460)
    at sun.security.ssl.CipherBox.decrypt(CipherBox.java:535)
    at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:200)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at org.apache.tomcat.util.net.SecureNioChannel.read(SecureNioChannel.java:455)
    at org.apache.tomcat.util.net.NioBlockingSelector.read(NioBlockingSelector.java:173)
    at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:251)
    at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:232)
    at org.apache.coyote.http11.InternalNioInputBuffer.fill(InternalNioInputBuffer.java:133)
    at org.apache.coyote.http11.InternalNioInputBuffer$SocketInputBuffer.doRead(InternalNioInputBuffer.java:177)
    at org.apache.coyote.http11.filters.IdentityInputFilter.doRead(IdentityInputFilter.java:110)
    at org.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:416)
    at org.apache.coyote.Request.doRead(Request.java:469)
    at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:338)
    at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:395)
    at org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:363)
    at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:190)
    at java.io.FilterInputStream.read(FilterInputStream.java:133)
    at org.apache.tomcat.util.http.fileupload.util.LimitedInputStream.read(LimitedInputStream.java:132)
    at org.apache.tomcat.util.http.fileupload.MultipartStream$ItemInputStream.makeAvailable(MultipartStream.java:946)
    at org.apache.tomcat.util.http.fileupload.MultipartStream$ItemInputStream.read(MultipartStream.java:850)
    at java.io.InputStream.read(InputStream.java:101)
    at org.apache.tomcat.util.http.fileupload.util.Streams.copy(Streams.java:98)
    at org.apache.tomcat.util.http.fileupload.util.Streams.copy(Streams.java:68)
    at org.apache.tomcat.util.http.fileupload.MultipartStream.readBodyData(MultipartStream.java:539)
    at org.apache.tomcat.util.http.fileupload.MultipartStream.discardBodyData(MultipartStream.java:563)
    at org.apache.tomcat.util.http.fileupload.MultipartStream.skipPreamble(MultipartStream.java:580)
    at org.apache.tomcat.util.http.fileupload.FileUploadBase$FileItemIteratorImpl.findNextItem(FileUploadBase.java:874)
    at org.apache.tomcat.util.http.fileupload.FileUploadBase$FileItemIteratorImpl.<init>(FileUploadBase.java:854)
    at org.apache.tomcat.util.http.fileupload.FileUploadBase.getItemIterator(FileUploadBase.java:256)
    at org.apache.tomcat.util.http.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:280)
    at org.apache.catalina.connector.Request.parseParts(Request.java:2730)
    at org.apache.catalina.connector.Request.parseParameters(Request.java:3064)
    at org.apache.catalina.connector.Request.getParameter(Request.java:1093)
    at org.apache.catalina.connector.RequestFacade.getParameter(RequestFacade.java:380)
    at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:185)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
    at org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:194)
    at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:318)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
    at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:676)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.ShortBufferException: Output buffer must be (at least) 12272 bytes long
    at com.oracle.security.ucrypto.NativeGCMCipher.engineUpdate(NativeGCMCipher.java:266)
    at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:828)
    ... 67 more

2 个答案:

答案 0 :(得分:0)

帖子的最后几行是指套接字输出缓冲区。

tomcat configuration page读取

  

socketBuffer要提供的缓冲区的大小(以字节为单位)   套接字输出缓冲。可以指定-1来禁用a   缓冲。默认情况下,将使用9000字节的缓冲区。

所以我想第一步是在server.xml中找到你的ssl连接器并添加socketBuffer =“12272”或更大的值。

ibm's tomcat tuning page调整tomcat时也提到了这一点。

答案 1 :(得分:0)

我的系统有同样的问题。经过一天的搜索,我发现oracle ucrypto JCE提供商似乎有罪。 所以我打开了文件jdk1.8.0_121 / jre / lib / security / java.security并注释掉了这行

#security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg

重新启动后,我的系统运行良好。

相关问题
最新问题