You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Brad Whitaker <br...@agilemark.com> on 2009/01/27 00:04:24 UTC
AbstractRememberMeManager and javax.crypto.IllegalBlockSizeException
I'm having a bit of trouble running Jsecurity (built with revision
736939). I'm using the Grails plugin (updated in my local environment)
and running Tomcat 6.
I'm having several issues that I can't completely describe at this
point, but I'm seeing the following output in my logs. Is this just a
transient issue, or is it problem with the Jsecurity code (or my
environment)?
Are there any 'upgrade' issues related to the rememberMe cookies? (I was
having trouble logging in until I deleted cookies in my browser.)
Thanks,
Brad
01/26 16:52:04 INFO org.jsecurity.web.attr.CookieAttribute - Found
string value
[clJgEjFZVuRRN5lCpInkOsawSaKK4hLwegZK/QgR1Thk380v5wL9pA1NZo7QHr7erlnry1vt2AqIyM8Fj2HBCsl1lierxE9EJ1typI2GpgMeG+HmceNdrlN6KGh4AmjLG3zCUPo8E+QzGVs/EO3PIAGyYYtuYbW++oJDr5xfY9DwK4Omq5GijZSSmdpOHiYelPMa1XLwT0D/kNCUm6EVfG6TKwxViNtGdyzknY7abNU7ucw2UWfjFe24hH0SL0hZMXjPQYtMnPl5J5qfjU4EXX1a/Ijn0IKUEk5BmY+ipc6irMI/Rrmumr7XSSncSHq2cpyNbwJBykFX5s/ydB64hbMenS+LhbUvnQBNt8Xkjyc+IrzntDuVGH4IGfnRIAOwDkU6EZPQ4v36wbd8IB3kUFW1/1z6ZvS4jsIgMA3TS2xMjhGB8FWnIAFUoCkjdbD5IIrhYORnMFPMQ/6A+3yPnLCDQ3UIeZ5SB9Ol7a1oMIw]
from HttpServletRequest Cookie [rememberMe]
01/26 16:52:04 WARN org.jsecurity.mgt.AbstractRememberMeManager -
There was a failure while trying to retrieve remembered principals.
This could be due to a configuration problem or corrupted principals.
This could also be due to a recently changed encryption key. The
remembered identity will be forgotten and not used for this request.
java.lang.IllegalStateException: Unable to crypt bytes with cipher
[javax.crypto.Cipher@cb577].
at
org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:194)
at
org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:219)
at
org.jsecurity.crypto.BlowfishCipher.decrypt(BlowfishCipher.java:141)
at
org.jsecurity.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:251)
at
org.jsecurity.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:198)
at
org.jsecurity.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:411)
at
org.jsecurity.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:212)
at
org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:426)
at
org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:433)
at
org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:369)
at
org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:183)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:65)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.crypto.IllegalBlockSizeException: Input length must be
multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at
org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:191)
... 35 more
Re: AbstractRememberMeManager and javax.crypto.IllegalBlockSizeException
Posted by Brad Whitaker <br...@agilemark.com>.
Les Hazlewood wrote:
> Ah, excellent catch - you're right that should definitely be Debug.
> Can you please open a Jira issue so we can nab it?
https://issues.apache.org/jira/browse/JSEC-50
Re: AbstractRememberMeManager and javax.crypto.IllegalBlockSizeException
Posted by Les Hazlewood <le...@anjinllc.com>.
Ah, excellent catch - you're right that should definitely be Debug. Can you
please open a Jira issue so we can nab it?
On Tue, Jan 27, 2009 at 8:50 PM, Brad Whitaker <br...@agilemark.com> wrote:
> I had omitted jsecurity-ehcache-1.0.0-SNAPSHOT.jar and
> jsecurity-quartz-1.0.0-SNAPSHOT.jar from the plugin lib directory. (Don't
> ask me why. I was just guessing.) I added them back in and I am no longer
> seeing exceptions.
>
> I am seeing this 'info' level log statement a lot, approximately 15 times
> per web request. Perhaps this should be a 'debug' level statement instead of
> 'info'.
>
> 01/27 19:37:14 INFO org.jsecurity.web.attr.CookieAttribute - Found string
> value
> [clJgEjFZVuRRN5lCpInkOsawSaKK4hLwegZK/QgR1Thk380v5wL9pA1NZo7QHr7erlnry1vt2AqIyM8Fj2HBCsl1lierxE9EJ1typI2GpgMeG+HmceNdrlN6KGh4AmjLG3zCUPo8E+QzGVs/EO3PIAGyYYtuYbW++oJDr5xfY9DwK4Omq5GijZSSmdpOHiYelPMa1XLwT0D/kNCUm6EVfG6TKwxViNtGdyzknY7abNU7ucw2UWfjFe24hH0SL0hZMXjPQYtMnPl5J5qfjU4EXX1a/Ijn0IKUEk5BmY+ipc6irMI/Rrmumr7XSSncSHq2cpyNbwJBykFX5s/ydB64hbMenS+LhbUvnQBNt8Xkjyc+IrzntDuVGH4IGfnRIAOwDkU6EZPQ4v36wbd8IB3kUFW1/1z6ZvS4jsIgMA3TS2xMjhGB8FWnIPbbveMSpTk43fRjrvTkN88J4Qiz5mxhvtR2s6r2diCpdq57VA2xmPcIHmAf0lQu6j5Rs/rAhH0z]
> from HttpServletRequest Cookie [rememberMe]
>
> Thanks,
>
> Brad
>
>
> Les Hazlewood wrote:
>
> Hi Brad,
>
> I don't believe anyone has changed the Cipher implementation in a long
> time, so I'm not exactly sure how this happened. Are you using JSecurity's
> default Key? or did you specify your own?
>
> Regards,
>
> Les
>
> On Mon, Jan 26, 2009 at 6:04 PM, Brad Whitaker <br...@agilemark.com> wrote:
>
>> I'm having a bit of trouble running Jsecurity (built with revision
>> 736939). I'm using the Grails plugin (updated in my local environment) and
>> running Tomcat 6.
>>
>> I'm having several issues that I can't completely describe at this point,
>> but I'm seeing the following output in my logs. Is this just a transient
>> issue, or is it problem with the Jsecurity code (or my environment)?
>>
>> Are there any 'upgrade' issues related to the rememberMe cookies? (I was
>> having trouble logging in until I deleted cookies in my browser.)
>>
>> Thanks,
>>
>> Brad
>>
>>
>> 01/26 16:52:04 INFO org.jsecurity.web.attr.CookieAttribute - Found
>> string value
>> [clJgEjFZVuRRN5lCpInkOsawSaKK4hLwegZK/QgR1Thk380v5wL9pA1NZo7QHr7erlnry1vt2AqIyM8Fj2HBCsl1lierxE9EJ1typI2GpgMeG+HmceNdrlN6KGh4AmjLG3zCUPo8E+QzGVs/EO3PIAGyYYtuYbW++oJDr5xfY9DwK4Omq5GijZSSmdpOHiYelPMa1XLwT0D/kNCUm6EVfG6TKwxViNtGdyzknY7abNU7ucw2UWfjFe24hH0SL0hZMXjPQYtMnPl5J5qfjU4EXX1a/Ijn0IKUEk5BmY+ipc6irMI/Rrmumr7XSSncSHq2cpyNbwJBykFX5s/ydB64hbMenS+LhbUvnQBNt8Xkjyc+IrzntDuVGH4IGfnRIAOwDkU6EZPQ4v36wbd8IB3kUFW1/1z6ZvS4jsIgMA3TS2xMjhGB8FWnIAFUoCkjdbD5IIrhYORnMFPMQ/6A+3yPnLCDQ3UIeZ5SB9Ol7a1oMIw]
>> from HttpServletRequest Cookie [rememberMe]
>>
>>
>>
>
>
Re: AbstractRememberMeManager and javax.crypto.IllegalBlockSizeException
Posted by Brad Whitaker <br...@agilemark.com>.
I had omitted jsecurity-ehcache-1.0.0-SNAPSHOT.jar and
jsecurity-quartz-1.0.0-SNAPSHOT.jar from the plugin lib directory.
(Don't ask me why. I was just guessing.) I added them back in and I am
no longer seeing exceptions.
I am seeing this 'info' level log statement a lot, approximately 15
times per web request. Perhaps this should be a 'debug' level statement
instead of 'info'.
01/27 19:37:14 INFO org.jsecurity.web.attr.CookieAttribute - Found
string value
[clJgEjFZVuRRN5lCpInkOsawSaKK4hLwegZK/QgR1Thk380v5wL9pA1NZo7QHr7erlnry1vt2AqIyM8Fj2HBCsl1lierxE9EJ1typI2GpgMeG+HmceNdrlN6KGh4AmjLG3zCUPo8E+QzGVs/EO3PIAGyYYtuYbW++oJDr5xfY9DwK4Omq5GijZSSmdpOHiYelPMa1XLwT0D/kNCUm6EVfG6TKwxViNtGdyzknY7abNU7ucw2UWfjFe24hH0SL0hZMXjPQYtMnPl5J5qfjU4EXX1a/Ijn0IKUEk5BmY+ipc6irMI/Rrmumr7XSSncSHq2cpyNbwJBykFX5s/ydB64hbMenS+LhbUvnQBNt8Xkjyc+IrzntDuVGH4IGfnRIAOwDkU6EZPQ4v36wbd8IB3kUFW1/1z6ZvS4jsIgMA3TS2xMjhGB8FWnIPbbveMSpTk43fRjrvTkN88J4Qiz5mxhvtR2s6r2diCpdq57VA2xmPcIHmAf0lQu6j5Rs/rAhH0z]
from HttpServletRequest Cookie [rememberMe]
Thanks,
Brad
Les Hazlewood wrote:
> Hi Brad,
>
> I don't believe anyone has changed the Cipher implementation in a long
> time, so I'm not exactly sure how this happened. Are you using
> JSecurity's default Key? or did you specify your own?
>
> Regards,
>
> Les
>
> On Mon, Jan 26, 2009 at 6:04 PM, Brad Whitaker <brad@agilemark.com
> <ma...@agilemark.com>> wrote:
>
> I'm having a bit of trouble running Jsecurity (built with revision
> 736939). I'm using the Grails plugin (updated in my local
> environment) and running Tomcat 6.
>
> I'm having several issues that I can't completely describe at this
> point, but I'm seeing the following output in my logs. Is this
> just a transient issue, or is it problem with the Jsecurity code
> (or my environment)?
>
> Are there any 'upgrade' issues related to the rememberMe cookies?
> (I was having trouble logging in until I deleted cookies in my
> browser.)
>
> Thanks,
>
> Brad
>
>
> 01/26 16:52:04 INFO org.jsecurity.web.attr.CookieAttribute -
> Found string value
> [clJgEjFZVuRRN5lCpInkOsawSaKK4hLwegZK/QgR1Thk380v5wL9pA1NZo7QHr7erlnry1vt2AqIyM8Fj2HBCsl1lierxE9EJ1typI2GpgMeG+HmceNdrlN6KGh4AmjLG3zCUPo8E+QzGVs/EO3PIAGyYYtuYbW++oJDr5xfY9DwK4Omq5GijZSSmdpOHiYelPMa1XLwT0D/kNCUm6EVfG6TKwxViNtGdyzknY7abNU7ucw2UWfjFe24hH0SL0hZMXjPQYtMnPl5J5qfjU4EXX1a/Ijn0IKUEk5BmY+ipc6irMI/Rrmumr7XSSncSHq2cpyNbwJBykFX5s/ydB64hbMenS+LhbUvnQBNt8Xkjyc+IrzntDuVGH4IGfnRIAOwDkU6EZPQ4v36wbd8IB3kUFW1/1z6ZvS4jsIgMA3TS2xMjhGB8FWnIAFUoCkjdbD5IIrhYORnMFPMQ/6A+3yPnLCDQ3UIeZ5SB9Ol7a1oMIw]
> from HttpServletRequest Cookie [rememberMe]
>
>
>
Re: AbstractRememberMeManager and javax.crypto.IllegalBlockSizeException
Posted by Les Hazlewood <lh...@apache.org>.
Hi Brad,
I don't believe anyone has changed the Cipher implementation in a long time,
so I'm not exactly sure how this happened. Are you using JSecurity's
default Key? or did you specify your own?
Regards,
Les
On Mon, Jan 26, 2009 at 6:04 PM, Brad Whitaker <br...@agilemark.com> wrote:
> I'm having a bit of trouble running Jsecurity (built with revision 736939).
> I'm using the Grails plugin (updated in my local environment) and running
> Tomcat 6.
>
> I'm having several issues that I can't completely describe at this point,
> but I'm seeing the following output in my logs. Is this just a transient
> issue, or is it problem with the Jsecurity code (or my environment)?
>
> Are there any 'upgrade' issues related to the rememberMe cookies? (I was
> having trouble logging in until I deleted cookies in my browser.)
>
> Thanks,
>
> Brad
>
>
> 01/26 16:52:04 INFO org.jsecurity.web.attr.CookieAttribute - Found string
> value
> [clJgEjFZVuRRN5lCpInkOsawSaKK4hLwegZK/QgR1Thk380v5wL9pA1NZo7QHr7erlnry1vt2AqIyM8Fj2HBCsl1lierxE9EJ1typI2GpgMeG+HmceNdrlN6KGh4AmjLG3zCUPo8E+QzGVs/EO3PIAGyYYtuYbW++oJDr5xfY9DwK4Omq5GijZSSmdpOHiYelPMa1XLwT0D/kNCUm6EVfG6TKwxViNtGdyzknY7abNU7ucw2UWfjFe24hH0SL0hZMXjPQYtMnPl5J5qfjU4EXX1a/Ijn0IKUEk5BmY+ipc6irMI/Rrmumr7XSSncSHq2cpyNbwJBykFX5s/ydB64hbMenS+LhbUvnQBNt8Xkjyc+IrzntDuVGH4IGfnRIAOwDkU6EZPQ4v36wbd8IB3kUFW1/1z6ZvS4jsIgMA3TS2xMjhGB8FWnIAFUoCkjdbD5IIrhYORnMFPMQ/6A+3yPnLCDQ3UIeZ5SB9Ol7a1oMIw]
> from HttpServletRequest Cookie [rememberMe]
> 01/26 16:52:04 WARN org.jsecurity.mgt.AbstractRememberMeManager - There
> was a failure while trying to retrieve remembered principals. This could be
> due to a configuration problem or corrupted principals. This could also be
> due to a recently changed encryption key. The remembered identity will be
> forgotten and not used for this request.
> java.lang.IllegalStateException: Unable to crypt bytes with cipher
> [javax.crypto.Cipher@cb577].
> at org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:194)
> at org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:219)
> at
> org.jsecurity.crypto.BlowfishCipher.decrypt(BlowfishCipher.java:141)
> at
> org.jsecurity.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:251)
> at
> org.jsecurity.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:198)
> at
> org.jsecurity.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:411)
> at
> org.jsecurity.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:212)
> at
> org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:426)
> at
> org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:433)
> at
> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:369)
> at
> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:183)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:65)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> at
> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
> at
> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
> at
> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
> at
> org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.crypto.IllegalBlockSizeException: Input length must be
> multiple of 8 when decrypting with padded cipher
> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
> at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA13*..)
> at javax.crypto.Cipher.doFinal(DashoA13*..)
> at org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:191)
> ... 35 more
>
>
>
>
>
Re: AbstractRememberMeManager and javax.crypto.IllegalBlockSizeException
Posted by Peter Ledbrook <pe...@cacoethes.co.uk>.
> Caused by: javax.crypto.IllegalBlockSizeException: Input length must be
> multiple of 8 when decrypting with padded cipher
> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
> at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
> at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA13*..)
> at javax.crypto.Cipher.doFinal(DashoA13*..)
> at org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:191)
> ... 35 more
I have seen this when the "key" used for the encryption wasn't 8
characters in length. I can't remember much about it, but I vaguely
remember "secret" being used, which of course has only 6 characters.
Sorry, my memory's a bit hazy on this front, but this might be enough
information to trigger a eureka moment in someone else :)
Cheers,
Peter