Tomcat 8 Manager war部署上傳失敗，通過SSL

Question

這是一個奇怪的 - 我看起來很高，很低的線索，但沒有得到任何地方。在Solaris上運行Tomcat 8/Java 8。 NIO連接器配置爲SSL。似乎一切正常，但現在通過管理器在Firefox和Chrome上部署一個war文件失敗。它似乎仍然在舊的仿真節點中使用IE 11。不同的瀏覽器會給出不同的投訴： FF - 安全連接失敗，Chrome - 無法訪問此網站。 其他一切似乎都奏效 - 您可以登錄管理器，SSL連接看起來已正確配置，您可以瀏覽到各種管理器頁面，但文件上載部署失敗。我查看了管理員日誌，並發現與此請求有關的錯誤與bufferCrypt和NativeGCMCipher有關。 （請參閱下面的堆棧跟蹤） 我試過了： - 更新到最新的JDK（u92） - Oracle報告了NativeGCMCipher中的緩衝區大小確定問題，該問題已修復 - 在連接器中設置更大的緩衝區，即socket.rxBufSize， socket.txBufSize和socketBuffer - 已切換到BIO連接器（認爲這解決了這個問題在另一臺服務器上） 但沒有任何運氣。

如果有人有任何建議，將不勝感激。我們可以使用IE瀏覽器進行上傳或簡單複製部署，但我很擔心，當我們在這些服務器上發佈25個應用程序時，會出現更大問題的跡象。

下面是從管理器日誌的堆棧跟蹤：

07-Jul-2016 13:44:12.597 INFO [http-nio-8086-exec-19] org.apache.catalina.core.ApplicationContext.log HTMLManager: list: Listing contexts for virtual host 'localhost' 
07-Jul-2016 13:44:50.623 SEVERE [http-nio-8086-exec-19] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [HTMLManager] in context with path [/manager] threw exception 
java.security.ProviderException: Could not determine buffer size 
    at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:843) 
    at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) 
    at javax.crypto.Cipher.doFinal(Cipher.java:2460) 
    at sun.security.ssl.CipherBox.decrypt(CipherBox.java:535) 
    at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:200) 
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974) 
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) 
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) 
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) 
    at org.apache.tomcat.util.net.SecureNioChannel.read(SecureNioChannel.java:455) 
    at org.apache.tomcat.util.net.NioBlockingSelector.read(NioBlockingSelector.java:173) 
    at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:251) 
    at org.apache.tomcat.util.net.NioSelectorPool.read(NioSelectorPool.java:232) 
    at org.apache.coyote.http11.InternalNioInputBuffer.fill(InternalNioInputBuffer.java:133) 
    at org.apache.coyote.http11.InternalNioInputBuffer$SocketInputBuffer.doRead(InternalNioInputBuffer.java:177) 
    at org.apache.coyote.http11.filters.IdentityInputFilter.doRead(IdentityInputFilter.java:110) 
    at org.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:416) 
    at org.apache.coyote.Request.doRead(Request.java:469) 
    at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:338) 
    at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:395) 
    at org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:363) 
    at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:190) 
    at java.io.FilterInputStream.read(FilterInputStream.java:133) 
    at org.apache.tomcat.util.http.fileupload.util.LimitedInputStream.read(LimitedInputStream.java:132) 
    at org.apache.tomcat.util.http.fileupload.MultipartStream$ItemInputStream.makeAvailable(MultipartStream.java:946) 
    at org.apache.tomcat.util.http.fileupload.MultipartStream$ItemInputStream.read(MultipartStream.java:850) 
    at java.io.InputStream.read(InputStream.java:101) 
    at org.apache.tomcat.util.http.fileupload.util.Streams.copy(Streams.java:98) 
    at org.apache.tomcat.util.http.fileupload.util.Streams.copy(Streams.java:68) 
    at org.apache.tomcat.util.http.fileupload.MultipartStream.readBodyData(MultipartStream.java:539) 
    at org.apache.tomcat.util.http.fileupload.MultipartStream.discardBodyData(MultipartStream.java:563) 
    at org.apache.tomcat.util.http.fileupload.MultipartStream.skipPreamble(MultipartStream.java:580) 
    at org.apache.tomcat.util.http.fileupload.FileUploadBase$FileItemIteratorImpl.findNextItem(FileUploadBase.java:874) 
    at org.apache.tomcat.util.http.fileupload.FileUploadBase$FileItemIteratorImpl.<init>(FileUploadBase.java:854) 
    at org.apache.tomcat.util.http.fileupload.FileUploadBase.getItemIterator(FileUploadBase.java:256) 
    at org.apache.tomcat.util.http.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:280) 
    at org.apache.catalina.connector.Request.parseParts(Request.java:2730) 
    at org.apache.catalina.connector.Request.parseParameters(Request.java:3064) 
    at org.apache.catalina.connector.Request.getParameter(Request.java:1093) 
    at org.apache.catalina.connector.RequestFacade.getParameter(RequestFacade.java:380) 
    at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:185) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
    at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) 
    at org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:194) 
    at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:318) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) 
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617) 
    at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:676) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668) 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521) 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
    at java.lang.Thread.run(Thread.java:745) 
Caused by: javax.crypto.ShortBufferException: Output buffer must be (at least) 12272 bytes long 
    at com.oracle.security.ucrypto.NativeGCMCipher.engineUpdate(NativeGCMCipher.java:266) 
    at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:828) 
    ... 67 more 

Answer 1

您的文章的最後幾行指插座輸出緩衝區。

的tomcat configuration page讀取

socketBuffer的緩衝區的大小（以字節爲單位），以提供用於 插座輸出緩衝。 -1可以被指定爲禁止使用緩衝區的一個 。默認情況下，將使用9000個字節的緩衝區。

所以我想第一步是在server.xml中找到你的ssl連接器並添加socketBuffer =「12272」或更大的值。

這也在ibm's tomcat tuning page下調優tomcat。

Answer 2

我的系統有同樣的問題。經過一天的搜索，我發現oracle ucrypto JCE提供商似乎有罪。 所以我已經打開文件jdk1.8.0_121/JRE/lib/security中/ java.security和註釋掉線

#security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg 

重新啓動，我的系統工作做好後。