Skip to content

Configuring SSL bundle reload for non-file resource types causes errors that are difficult to diagnose #38903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
scottfrederick opened this issue Dec 21, 2023 · 0 comments
Closed

Configuring SSL bundle reload for non-file resource types causes errors that are difficult to diagnose #38903

scottfrederick opened this issue Dec 21, 2023 · 0 comments
Assignees
@mhalbritter
Labels
type: bug A general bug
Milestone
3.2.6

Comments

@scottfrederick
Copy link
Contributor

When an SSL bundle is configured to use trust material using a classpath: or other non-file resource types, the exception message that is provided does not make it obvious that the error is caused by reload being enabled.

From the example in #38853, the stack trace is:

Caused by: java.lang.IllegalStateException: Unable to watch for reload on update
	at org.springframework.boot.autoconfigure.ssl.SslPropertiesBundleRegistrar.watchForUpdates(SslPropertiesBundleRegistrar.java:79)
	at org.springframework.boot.autoconfigure.ssl.SslPropertiesBundleRegistrar.lambda$registerBundles$2(SslPropertiesBundleRegistrar.java:64)
	... 60 more
Caused by: java.lang.IllegalStateException: Unable to convert value of property 'keystore.location' to a path
	at org.springframework.boot.autoconfigure.ssl.BundleContentProperty.toPath(BundleContentProperty.java:65)
	at org.springframework.boot.autoconfigure.ssl.BundleContentProperty.toWatchPath(BundleContentProperty.java:55)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
	at org.springframework.boot.autoconfigure.ssl.SslPropertiesBundleRegistrar.watchedPaths(SslPropertiesBundleRegistrar.java:103)
	at org.springframework.boot.autoconfigure.ssl.SslPropertiesBundleRegistrar.watchedJksPaths(SslPropertiesBundleRegistrar.java:87)
	at org.springframework.boot.autoconfigure.ssl.SslPropertiesBundleRegistrar.lambda$registerBundles$1(SslPropertiesBundleRegistrar.java:63)
	at org.springframework.boot.autoconfigure.ssl.SslPropertiesBundleRegistrar.watchForUpdates(SslPropertiesBundleRegistrar.java:76)
	... 61 more
Caused by: java.lang.IllegalStateException: Value 'jar:file:/home/sfrederick/.m2/repository/com/sample/common-lib/1.0.0/common-lib-1.0.0.jar!/com/sample/common.jks' is not a file URL
	at org.springframework.util.Assert.state(Assert.java:97)
	at org.springframework.boot.autoconfigure.ssl.BundleContentProperty.toPath(BundleContentProperty.java:61)
	... 74 more

Instead of the last message just saying is not a file URL, it could also state that reloading is only supported with file: resources. Alternatively, we could throw a different exception and provide a FailureAnalyzer.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mhalbritter mhalbritter

Labels
type: bug A general bug
Projects
None yet
Milestone
3.2.6
Development

No branches or pull requests
2 participants
@scottfrederick @mhalbritter