Spring-boot: Unlike Jetty and Tomcat, Reactor Netty and Undertow do not cause a startup failure when SSL is enabled but no key store is configured

Created on 18 Dec 2018  路  6Comments  路  Source: spring-projects/spring-boot

Spring Boot Version: 2.0.5

Case-1

If I set server.ssl.enabled=true, but do not provide SSL key-store details (via corresponding properties), what should be the behavior? I mean does server start in SSL mode. I am experiencing a behavior where my app starts without any warning/error, but the requests (over HTTP) fail with Empty reply from server.

Case-2

If I set server.ssl.enabled=true and server.ssl.key-store=classpath:ks_does_not_exist.p12, the app does not start, but I see following log line:

2018-12-18 21:50:01.370 [Thread: main] [WARN] TxPath: org.springframework.boot.web.reactive.context.AnnotationConfigReactiveWebServerApplicationContext# Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start reactive web server; nested exception is java.lang.IllegalStateException: java.io.FileNotFoundException: class path resource [ks_does_not_exist.p12] cannot be resolved to URL because it does not exist

Case-3

If I set server.ssl.enabled=true and server.ssl.key-store=classpath:valid_ks.p12, server.ssl.key-store-password=wrong_password, the app fails to start with following log line

2018-12-18 21:53:50.276 [Thread: main] [ERROR] TxPath: org.springframework.boot.SpringApplication# Application run failed
org.springframework.context.ApplicationContextException: Unable to start reactive web server; nested exception is java.lang.IllegalStateException: java.io.IOException: keystore password was incorrect

Expected behavior

Case-1: Spring Boot should fail to start with error saying SSL is enabled, but corresponding key-store details are missing.

Case-2: Spring Boot should write the log at ERROR level with stack trace. The WARN level is inconsistent with Case-3.

Case-3: This is the right behavior.

superseded bug
Source
picture nnanda2016

All 6 comments

Undertow exhibits the same behaviour for case 1. Tomcat and Jetty both fail with an exception similar to the following:

2018-12-19 15:41:14.132 ERROR 99940 --- [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.context.ApplicationContextException: Unable to start reactive web server; nested exception is java.lang.IllegalArgumentException: Resource location must not be null
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:82) ~[classes/:na]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:540) ~[spring-context-5.1.4.BUILD-SNAPSHOT.jar:5.1.4.BUILD-SNAPSHOT]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.refresh(ReactiveWebServerApplicationContext.java:67) ~[classes/:na]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775) [classes/:na]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [classes/:na]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) [classes/:na]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) [classes/:na]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) [classes/:na]
    at sample.webflux.SampleWebFluxApplication.main(SampleWebFluxApplication.java:32) [classes/:na]
Caused by: java.lang.IllegalArgumentException: Resource location must not be null
    at org.springframework.util.Assert.notNull(Assert.java:198) ~[spring-core-5.1.4.BUILD-SNAPSHOT.jar:5.1.4.BUILD-SNAPSHOT]
    at org.springframework.util.ResourceUtils.getURL(ResourceUtils.java:130) ~[spring-core-5.1.4.BUILD-SNAPSHOT.jar:5.1.4.BUILD-SNAPSHOT]
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSslKeyStore(SslConnectorCustomizer.java:133) ~[classes/:na]
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSsl(SslConnectorCustomizer.java:92) ~[classes/:na]
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.customize(SslConnectorCustomizer.java:58) ~[classes/:na]
    at org.springframework.boot.web.embedded.tomcat.TomcatReactiveWebServerFactory.customizeSsl(TomcatReactiveWebServerFactory.java:188) ~[classes/:na]
    at org.springframework.boot.web.embedded.tomcat.TomcatReactiveWebServerFactory.customizeConnector(TomcatReactiveWebServerFactory.java:171) ~[classes/:na]
    at org.springframework.boot.web.embedded.tomcat.TomcatReactiveWebServerFactory.getWebServer(TomcatReactiveWebServerFactory.java:106) ~[classes/:na]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext$ServerManager.<init>(ReactiveWebServerApplicationContext.java:202) ~[classes/:na]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext$ServerManager.get(ReactiveWebServerApplicationContext.java:221) ~[classes/:na]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.createWebServer(ReactiveWebServerApplicationContext.java:90) ~[classes/:na]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:79) ~[classes/:na]
    ... 8 common frames omitted

I cannot reproduce the reported behaviour for case 2 with any of the 4 embedded containers that we support. When the key store is configured but it does not exist, a failure similar to the following is logged:

2018-12-19 15:42:59.393 ERROR 99945 --- [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.context.ApplicationContextException: Unable to start reactive web server; nested exception is java.lang.IllegalStateException: java.lang.IllegalStateException: java.io.FileNotFoundException: class path resource [ks_does_not_exist.p12] cannot be resolved to URL because it does not exist
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:82) ~[classes/:na]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:540) ~[spring-context-5.1.4.BUILD-SNAPSHOT.jar:5.1.4.BUILD-SNAPSHOT]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.refresh(ReactiveWebServerApplicationContext.java:67) ~[classes/:na]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775) [classes/:na]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [classes/:na]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) [classes/:na]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) [classes/:na]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) [classes/:na]
    at sample.webflux.SampleWebFluxApplication.main(SampleWebFluxApplication.java:32) [classes/:na]
Caused by: java.lang.IllegalStateException: java.lang.IllegalStateException: java.io.FileNotFoundException: class path resource [ks_does_not_exist.p12] cannot be resolved to URL because it does not exist
    at org.springframework.boot.web.embedded.netty.SslServerCustomizer.apply(SslServerCustomizer.java:68) ~[classes/:na]
    at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.createHttpServer(NettyReactiveWebServerFactory.java:141) ~[classes/:na]
    at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.getWebServer(NettyReactiveWebServerFactory.java:63) ~[classes/:na]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext$ServerManager.<init>(ReactiveWebServerApplicationContext.java:202) ~[classes/:na]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext$ServerManager.get(ReactiveWebServerApplicationContext.java:221) ~[classes/:na]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.createWebServer(ReactiveWebServerApplicationContext.java:90) ~[classes/:na]
    at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:79) ~[classes/:na]
    ... 8 common frames omitted
Caused by: java.lang.IllegalStateException: java.io.FileNotFoundException: class path resource [ks_does_not_exist.p12] cannot be resolved to URL because it does not exist
    at org.springframework.boot.web.embedded.netty.SslServerCustomizer.getKeyManagerFactory(SslServerCustomizer.java:106) ~[classes/:na]
    at org.springframework.boot.web.embedded.netty.SslServerCustomizer.getContextBuilder(SslServerCustomizer.java:74) ~[classes/:na]
    at org.springframework.boot.web.embedded.netty.SslServerCustomizer.lambda$0(SslServerCustomizer.java:61) ~[classes/:na]
    at reactor.netty.http.server.HttpServerSecure.<init>(HttpServerSecure.java:37) ~[reactor-netty-0.8.3.RELEASE.jar:0.8.3.RELEASE]
    at reactor.netty.http.server.HttpServer.secure(HttpServer.java:356) ~[reactor-netty-0.8.3.RELEASE.jar:0.8.3.RELEASE]
    at org.springframework.boot.web.embedded.netty.SslServerCustomizer.apply(SslServerCustomizer.java:59) ~[classes/:na]
    ... 14 common frames omitted
Caused by: java.io.FileNotFoundException: class path resource [ks_does_not_exist.p12] cannot be resolved to URL because it does not exist
    at org.springframework.util.ResourceUtils.getURL(ResourceUtils.java:137) ~[spring-core-5.1.4.BUILD-SNAPSHOT.jar:5.1.4.BUILD-SNAPSHOT]
    at org.springframework.boot.web.embedded.netty.SslServerCustomizer.loadKeyStore(SslServerCustomizer.java:150) ~[classes/:na]
    at org.springframework.boot.web.embedded.netty.SslServerCustomizer.getKeyStore(SslServerCustomizer.java:115) ~[classes/:na]
    at org.springframework.boot.web.embedded.netty.SslServerCustomizer.getKeyManagerFactory(SslServerCustomizer.java:94) ~[classes/:na]
    ... 19 common frames omitted
wilkinsona picture wilkinsona on 19 Dec 2018

@wilkinsona I want to work on it. Please let me know if I can start working on it ?

Raheela1024 picture Raheela1024 on 11 Jan 2019

@Raheela1024 Yes, please. That'd be great. Please let us know if you have any questions.

wilkinsona picture wilkinsona on 11 Jan 2019
👍1

@wilkinsona Thanks sure.

Raheela1024 picture Raheela1024 on 14 Jan 2019

@wilkinsona I have fixed the mentioned issue and PR is created please have a look and let me know if i am doing something wrong or missed.

PR Link :
https://github.com/spring-projects/spring-boot/pull/15709

Raheela1024 picture Raheela1024 on 15 Jan 2019
👍1

Thanks very much, @Raheela1024. I'll close this one in favour of your PR (#15709).

wilkinsona picture wilkinsona on 22 Jan 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Dasiu picture Dasiu  路  3Comments
bbrouwer picture bbrouwer  路  3Comments
philwebb picture philwebb  路  3Comments
techpavan picture techpavan  路  3Comments
lievendoclo picture lievendoclo  路  3Comments