search

spring-projects / spring-boot

Spring Boot helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss.
https://spring.io/projects/spring-boot
Apache License 2.0
75.23k stars 40.7k forks source link

Tomcat does not load keystore from IDE #21482

Closed Captain-P-Goldfish closed 4 years ago

Captain-P-Goldfish commented 4 years ago

Hi I got a similiar issue last year. When I try to setup a simple springboot application that uses a ssl keystore Tomcat is not able to find keystore. It works though if I build the application with maven and start the jar or if I start the application directly with maven. IT simply does not work when starting it directly from the IDE.

Setup: OS: Windows 10 Pro JDK: 11.0.6 spring-boot-starter-web: 2.2.6.RELEASE IDE: IntellijIDEA Ultimate 2020.1.1

Here the link to the issue from last year: https://github.com/spring-projects/spring-boot/issues/17841

note that the error message is different but the problem is very similiar

org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Could not load key store 'classpath:/de/captaingoldfish/scim/sdk/client/tests/keys/test.jks'
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:156)
    at spring.context@5.2.5.RELEASE/org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:544)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
    at client.integration.tests/de.captaingoldfish.scim.sdk.client.tests.ScimServerApplication.main(ScimServerApplication.java:21)
Caused by: org.springframework.boot.web.server.WebServerException: Could not load key store 'classpath:/de/captaingoldfish/scim/sdk/client/tests/keys/test.jks'
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSslKeyStore(SslConnectorCustomizer.java:128)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSsl(SslConnectorCustomizer.java:88)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.customize(SslConnectorCustomizer.java:57)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeSsl(TomcatServletWebServerFactory.java:339)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeConnector(TomcatServletWebServerFactory.java:317)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:183)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:180)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:153)
    ... 8 more
Caused by: java.io.FileNotFoundException: class path resource [/de/captaingoldfish/scim/sdk/client/tests/keys/test.jks] cannot be resolved to URL because it does not exist
    at spring.core@5.2.5.RELEASE/org.springframework.util.ResourceUtils.getURL(ResourceUtils.java:137)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSslKeyStore(SslConnectorCustomizer.java:125)
    ... 15 more
wilkinsona commented 4 years ago

Thanks for the report. Can you please provide a minimal sample that reproduces the problem?

Captain-P-Goldfish commented 4 years ago

here you go https://github.com/Captain-P-Goldfish/spring-boot-keystore-sample

wilkinsona commented 4 years ago

Thanks for the sample. There's no need for the leading slash in classpath:/…. If I change it to server.ssl.key-store=classpath:test.jks then your sample works for me.

It works though if I … start the application directly with maven.

That sample does not behave like that for me. With the leading /, I see the same problem when starting the application using mvn spring-boot:run:

[INFO] --- spring-boot-maven-plugin:2.2.6.RELEASE:run (default-cli) @ spring-boot--keystore-example ---
[INFO] Attaching agents: []

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.2.6.RELEASE)

2020-05-18 11:31:51.781  INFO 52365 --- [           main] d.c.spring.boot.sample.TestApplication   : Starting TestApplication on Andys-MacBook-Pro.local with PID 52365 (/Users/awilkinson/dev/temp/spring-boot-keystore-sample/target/classes started by awilkinson in /Users/awilkinson/dev/temp/spring-boot-keystore-sample)
2020-05-18 11:31:51.783  INFO 52365 --- [           main] d.c.spring.boot.sample.TestApplication   : No active profile set, falling back to default profiles: default
2020-05-18 11:31:52.357  WARN 52365 --- [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Could not load key store 'classpath:/test.jks'
2020-05-18 11:31:52.365  INFO 52365 --- [           main] ConditionEvaluationReportLoggingListener : 

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2020-05-18 11:31:52.371 ERROR 52365 --- [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Could not load key store 'classpath:/test.jks'
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:156) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:544) ~[spring-context-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at de.captaingoldfish.spring.boot.sample.TestApplication.main(TestApplication.java:16) [classes/:na]
Caused by: org.springframework.boot.web.server.WebServerException: Could not load key store 'classpath:/test.jks'
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSslKeyStore(SslConnectorCustomizer.java:128) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSsl(SslConnectorCustomizer.java:88) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.customize(SslConnectorCustomizer.java:57) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeSsl(TomcatServletWebServerFactory.java:339) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeConnector(TomcatServletWebServerFactory.java:317) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:183) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:180) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:153) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    ... 8 common frames omitted
Caused by: java.io.FileNotFoundException: class path resource [/test.jks] cannot be resolved to URL because it does not exist
    at org.springframework.util.ResourceUtils.getURL(ResourceUtils.java:137) ~[spring-core-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSslKeyStore(SslConnectorCustomizer.java:125) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    ... 15 common frames omitted

Removing the leading / corrects the problem here as well.

Captain-P-Goldfish commented 4 years ago

I added module-info.java I opened the corresponding package and it does not work anymore for the following error:

I already pushed the change so you can simply pull it

org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:215) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.context@5.2.5.RELEASE/org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553) ~[spring-context-5.2.5.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot.keystore.example/de.captaingoldfish.spring.boot.sample.TestApplication.main(TestApplication.java:16) ~[classes/:na]
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.core.StandardService.addConnector(StandardService.java:231) ~[tomcat-embed-core-9.0.33.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:278) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) ~[spring-boot-2.2.6.RELEASE.jar:na]
    ... 10 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.connector.Connector.startInternal(Connector.java:1038) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ~[tomcat-embed-core-9.0.33.jar:na]
    ... 12 common frames omitted
Caused by: java.lang.IllegalArgumentException: Failed to load keystore type [JKS] with path [file:/C:/Users/capta/Dropbox/projekte/extern/spring-boot--keystore-example/target/classes/de/captaingoldfish/spring/boot/sample/test.jks] due to [Illegal char <:> at index 4: file:\C:\Users\capta\Dropbox\projekte\extern\spring-boot--keystore-example\target\classes\de\captaingoldfish\spring\boot\sample\test.jks]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1227) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:592) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.connector.Connector.startInternal(Connector.java:1035) ~[tomcat-embed-core-9.0.33.jar:na]
    ... 14 common frames omitted
Caused by: java.io.IOException: Failed to load keystore type [JKS] with path [file:/C:/Users/capta/Dropbox/projekte/extern/spring-boot--keystore-example/target/classes/de/captaingoldfish/spring/boot/sample/test.jks] due to [Illegal char <:> at index 4: file:\C:\Users\capta\Dropbox\projekte\extern\spring-boot--keystore-example\target\classes\de\captaingoldfish\spring\boot\sample\test.jks]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:229) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97) ~[tomcat-embed-core-9.0.33.jar:na]
    ... 20 common frames omitted

2020-05-18 21:55:42.301  INFO 13316 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Shutting down ExecutorService 'applicationTaskExecutor'
Captain-P-Goldfish commented 4 years ago

could you please reopen and see my last comment?

wilkinsona commented 4 years ago

The updated sample continues to work for me. Here it is starting on Windows using Java 11:

[INFO] Attaching agents: []

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.2.6.RELEASE)

2020-05-19 17:28:23.738  INFO 2516 --- [           main] d.c.spring.boot.sample.TestApplication   : Starting TestApplication on WIN-MV32EG1PCS7 with PID 2516 (C:\dev\temp\spring-boot-keystore-sample\target\classes started by Andy Wilkinson in C:\dev\temp\spring-boot-keystore-sample)
2020-05-19 17:28:23.743  INFO 2516 --- [           main] d.c.spring.boot.sample.TestApplication   : No active profile set, falling back to default profiles: default
2020-05-19 17:28:24.713  INFO 2516 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (https)
2020-05-19 17:28:24.724  INFO 2516 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2020-05-19 17:28:24.726  INFO 2516 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.33]
2020-05-19 17:28:24.798  INFO 2516 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2020-05-19 17:28:24.799  INFO 2516 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 1004 ms
2020-05-19 17:28:24.934  INFO 2516 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2020-05-19 17:28:25.163  INFO 2516 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (https) with context path ''
2020-05-19 17:28:25.171  INFO 2516 --- [           main] d.c.spring.boot.sample.TestApplication   : Started TestApplication in 1.822 seconds (JVM running for 2.141)
Captain-P-Goldfish commented 4 years ago

I tried it on 2 different machines. It works if:

  1. I build the jar and execute it
  2. I start the application with "mvn spring-boot:run"

But it fails if I start it directly with the IDE. This is the exact same error as last year.

Captain-P-Goldfish commented 4 years ago

this is my log on both machines

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.2.6.RELEASE)

2020-05-19 22:47:20.085  INFO 8304 --- [           main] d.c.spring.boot.sample.TestApplication   : Starting TestApplication on DESKTOP-8LBTBOB with PID 8304 (C:\Users\capta\Dropbox\projekte\extern\spring-boot--keystore-example\target\classes started by knueppel in C:\Users\capta\Dropbox\projekte\extern\spring-boot--keystore-example)
2020-05-19 22:47:20.089  INFO 8304 --- [           main] d.c.spring.boot.sample.TestApplication   : No active profile set, falling back to default profiles: default
2020-05-19 22:47:20.777  INFO 8304 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (https)
2020-05-19 22:47:20.786  INFO 8304 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2020-05-19 22:47:20.786  INFO 8304 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.33]
2020-05-19 22:47:20.845  INFO 8304 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2020-05-19 22:47:20.845  INFO 8304 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 714 ms
2020-05-19 22:47:20.968  INFO 8304 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2020-05-19 22:47:21.274 ERROR 8304 --- [           main] org.apache.tomcat.util.net.SSLUtilBase   : Failed to load keystore type [JKS] with path [file:/C:/Users/capta/Dropbox/projekte/extern/spring-boot--keystore-example/target/classes/de/captaingoldfish/spring/boot/sample/test.jks] due to [Illegal char <:> at index 4: file:\C:\Users\capta\Dropbox\projekte\extern\spring-boot--keystore-example\target\classes\de\captaingoldfish\spring\boot\sample\test.jks]

and here the stacktrace again. The setup simply won't boot...

org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:215) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.context@5.2.5.RELEASE/org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553) ~[spring-context-5.2.5.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot.keystore.example/de.captaingoldfish.spring.boot.sample.TestApplication.main(TestApplication.java:16) ~[classes/:na]
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.core.StandardService.addConnector(StandardService.java:231) ~[tomcat-embed-core-9.0.33.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:278) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) ~[spring-boot-2.2.6.RELEASE.jar:na]
    ... 10 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.connector.Connector.startInternal(Connector.java:1038) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ~[tomcat-embed-core-9.0.33.jar:na]
    ... 12 common frames omitted
Caused by: java.lang.IllegalArgumentException: Failed to load keystore type [JKS] with path [file:/C:/Users/capta/Dropbox/projekte/extern/spring-boot--keystore-example/target/classes/de/captaingoldfish/spring/boot/sample/test.jks] due to [Illegal char <:> at index 4: file:\C:\Users\capta\Dropbox\projekte\extern\spring-boot--keystore-example\target\classes\de\captaingoldfish\spring\boot\sample\test.jks]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1227) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:592) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.connector.Connector.startInternal(Connector.java:1035) ~[tomcat-embed-core-9.0.33.jar:na]
    ... 14 common frames omitted
Caused by: java.io.IOException: Failed to load keystore type [JKS] with path [file:/C:/Users/capta/Dropbox/projekte/extern/spring-boot--keystore-example/target/classes/de/captaingoldfish/spring/boot/sample/test.jks] due to [Illegal char <:> at index 4: file:\C:\Users\capta\Dropbox\projekte\extern\spring-boot--keystore-example\target\classes\de\captaingoldfish\spring\boot\sample\test.jks]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:229) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) ~[tomcat-embed-core-9.0.33.jar:na]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97) ~[tomcat-embed-core-9.0.33.jar:na]
    ... 20 common frames omitted

2020-05-19 22:47:21.295  INFO 8304 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Shutting down ExecutorService 'applicationTaskExecutor'
Captain-P-Goldfish commented 4 years ago

using the following workaround from your example from #17841 causes also an exception:

@Bean
  public WebServerFactoryCustomizer<TomcatServletWebServerFactory> tomcatCustomizer(ServerProperties serverProperties,
                                                                                    ResourceLoader resourceLoader)
  {
    return (tomcat) -> tomcat.setSslStoreProvider(new SslStoreProvider()
    {

      @Override
      public KeyStore getKeyStore() throws Exception
      {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        final String keystorePath = serverProperties.getSsl().getKeyStore();
        try (InputStream storeStream = resourceLoader.getResource(keystorePath).getInputStream())
        {
          keyStore.load(storeStream, serverProperties.getSsl().getKeyStorePassword().toCharArray());
        }
        return keyStore;
      }

      @Override
      public KeyStore getTrustStore() throws Exception
      {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        final String keystorePath = serverProperties.getSsl().getTrustStore();
        try (InputStream storeStream = resourceLoader.getResource(keystorePath).getInputStream())
        {
          keyStore.load(storeStream, serverProperties.getSsl().getTrustStorePassword().toCharArray());
        }
        return keyStore;
      }

    });
  }

here the stacktrace

19 Mai 2020 23:14:47,392 [main] ERROR org.springframework.boot.SpringApplication (SpringApplication.java:826) - Application run failed
org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:215)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163)
    at spring.context@5.2.5.RELEASE/org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
    at client.integration.tests/de.captaingoldfish.scim.sdk.client.tests.ScimServerApplication.main(ScimServerApplication.java:20)
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.core.StandardService.addConnector(StandardService.java:231)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:278)
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197)
    ... 10 more
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.connector.Connector.startInternal(Connector.java:1038)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.core.StandardService.addConnector(StandardService.java:227)
    ... 12 more
Caused by: java.lang.IllegalArgumentException: Failed to load keystore type [JKS] with path [springbootssl:keyStore] due to [Illegal char <:> at index 13: springbootssl:keyStore]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1227)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:592)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.catalina.connector.Connector.startInternal(Connector.java:1035)
    ... 14 more
Caused by: java.io.IOException: Failed to load keystore type [JKS] with path [springbootssl:keyStore] due to [Illegal char <:> at index 13: springbootssl:keyStore]
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:229)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
    at org.apache.tomcat.embed.core@9.0.33/org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
    ... 20 more
wilkinsona commented 4 years ago

Thanks, I can now reproduce the problem.

From the log output, I can see that the problem is occurring in Tomcat:

java.nio.file.InvalidPathException: Illegal char <:> at index 4: file:\C:\dev\temp\spring-boot-keystore-sample\target\classes\de\captaingoldfish\spring\boot\sample\test.jks
    at java.base/sun.nio.fs.WindowsPathParser.normalize(WindowsPathParser.java:182) ~[na:na]
    at java.base/sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:153) ~[na:na]
    at java.base/sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:77) ~[na:na]
    at java.base/sun.nio.fs.WindowsPath.parse(WindowsPath.java:92) ~[na:na]
    at java.base/sun.nio.fs.WindowsFileSystem.getPath(WindowsFileSystem.java:229) ~[na:na]
    at java.base/jdk.internal.module.Resources.toSafeFilePath(Resources.java:143) ~[na:na]
    at java.base/jdk.internal.module.Resources.toFilePath(Resources.java:97) ~[na:na]
    at java.base/jdk.internal.module.ModuleReferences$ExplodedModuleReader.find(ModuleReferences.java:382) ~[na:na]
    at java.base/jdk.internal.loader.BuiltinClassLoader$2.run(BuiltinClassLoader.java:409) ~[na:na]
    at java.base/jdk.internal.loader.BuiltinClassLoader$2.run(BuiltinClassLoader.java:404) ~[na:na]
    at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
    at java.base/jdk.internal.loader.BuiltinClassLoader.findMiscResource(BuiltinClassLoader.java:403) ~[na:na]
    at java.base/jdk.internal.loader.BuiltinClassLoader.findResource(BuiltinClassLoader.java:290) ~[na:na]
    at java.base/java.lang.ClassLoader.getResource(ClassLoader.java:1400) ~[na:na]
    at java.base/java.lang.ClassLoader.getResourceAsStream(ClassLoader.java:1736) ~[na:na]
    at org.apache.catalina.startup.CatalinaBaseConfigurationSource.getResource(CatalinaBaseConfigurationSource.java:92) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:198) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1227) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:592) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1035) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:278) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.context@5.2.5.RELEASE/org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553) ~[spring-context-5.2.5.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot@2.2.6.RELEASE/org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) ~[spring-boot-2.2.6.RELEASE.jar:na]
    at spring.boot.keystore.example/de.captaingoldfish.spring.boot.sample.TestApplication.main(TestApplication.java:16) ~[classes/:na]

This was fixed by https://github.com/apache/tomcat/commit/ccabf8e9afa3858f34938a5163f0ce14491ba631 but was then regressed by https://github.com/apache/tomcat/commit/e22624f976fe653bd9acb2ab3c14285f1c301d59. It's getClass().getClassLoader().getResourceAsStream(name) that throws the InvalidPathException so it needs to be done inside a try block. This will have to be addressed in Tomcat. /cc @markt-asf

Captain-P-Goldfish commented 4 years ago

and how about the case that I use the tomcatCustomizer? This seems like spring-boot putting invalid data into the tomcat context:

Caused by: java.io.IOException: Failed to load keystore type [JKS] with path [springbootssl:keyStore] due to [Illegal char <:> at index 13: springbootssl:keyStore]
Captain-P-Goldfish commented 4 years ago

I cannot figure out where to place the issue for embeded tomcat... could you please help me there?

markt-asf commented 4 years ago

Sorry for the regression. Working on the right fix now.

markt-asf commented 4 years ago

Fixed in:

Earlier Tomcat versions weren't affected.

wilkinsona commented 4 years ago

Thanks very much, @markt-asf.

@Captain-P-Goldfish We'll pick up Tomcat 9.0.36 (or later) in due course.