You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kylin.apache.org by "Shaofeng SHI (JIRA)" <ji...@apache.org> on 2017/04/20 05:13:04 UTC

[jira] [Resolved] (KYLIN-2416) Max LDAP password length is 15 chars

     [ https://issues.apache.org/jira/browse/KYLIN-2416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shaofeng SHI resolved KYLIN-2416.
---------------------------------
       Resolution: Duplicate
    Fix Version/s: v2.0.0

This issue is fixed with KYLIN-2305, you can download Kylin 2.0 beta to verify.

> Max LDAP password length is 15 chars
> ------------------------------------
>
>                 Key: KYLIN-2416
>                 URL: https://issues.apache.org/jira/browse/KYLIN-2416
>             Project: Kylin
>          Issue Type: Bug
>         Environment: HDP 2.5.3
> Kylin 1.6.0
>            Reporter: Berry Ă–sterlund
>             Fix For: v2.0.0
>
>
> Hi
> Max length of the LDAP password is 15 chars. 16 chars and more will give this  error during startup of Kylin.
> {quote}
> 2017-01-24 07:12:06,110 WARN  [localhost-startStop-1] support.XmlWebApplicationContext:487 : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanDefinitionStoreException: Invalid bean definition with name 'ldapSource' defined in class path resource [kylinSecurity.xml]: Input length must be multiple of 16 when decrypting with padded cipher; nested exception is java.lang.RuntimeException: Input length must be multiple of 16 when decrypting with padded cipher
> 2017-01-24 07:12:06,111 ERROR [localhost-startStop-1] context.ContextLoader:331 : Context initialization failed
> org.springframework.beans.factory.BeanDefinitionStoreException: Invalid bean definition with name 'ldapSource' defined in class path resource [kylinSecurity.xml]: Input length must be multiple of 16 when decrypting with padded cipher; nested exception is java.lang.RuntimeException: Input length must be multiple of 16 when decrypting with padded cipher
>         at org.springframework.beans.factory.config.PlaceholderConfigurerSupport.doProcessProperties(PlaceholderConfigurerSupport.java:209)
>         at org.springframework.beans.factory.config.PropertyPlaceholderConfigurer.processProperties(PropertyPlaceholderConfigurer.java:222)
>         at org.springframework.beans.factory.config.PropertyResourceConfigurer.postProcessBeanFactory(PropertyResourceConfigurer.java:84)
>         at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:699)
>         at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:674)
>         at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:461)
>         at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
>         at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
>         at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
>         at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5068)
>         at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5584)
>         at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>         at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>         at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
>         at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>         at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1092)
>         at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1984)
>         at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.RuntimeException: Input length must be multiple of 16 when decrypting with padded cipher
>         at org.apache.kylin.rest.security.PasswordPlaceholderConfigurer.decrypt(PasswordPlaceholderConfigurer.java:84)
>         at org.apache.kylin.rest.security.PasswordPlaceholderConfigurer.resolvePlaceholder(PasswordPlaceholderConfigurer.java:90)
>         at org.springframework.beans.factory.config.PropertyPlaceholderConfigurer.resolvePlaceholder(PropertyPlaceholderConfigurer.java:162)
>         at org.springframework.beans.factory.config.PropertyPlaceholderConfigurer$PropertyPlaceholderConfigurerResolver.resolvePlaceholder(PropertyPlaceholderConfigurer.java:272)
>         at org.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:146)
>         at org.springframework.util.PropertyPlaceholderHelper.replacePlaceholders(PropertyPlaceholderHelper.java:125)
>         at org.springframework.beans.factory.config.PropertyPlaceholderConfigurer$PlaceholderResolvingStringValueResolver.resolveStringValue(PropertyPlaceholderConfigurer.java:257)
>         at org.springframework.beans.factory.config.BeanDefinitionVisitor.resolveStringValue(BeanDefinitionVisitor.java:282)
>         at org.springframework.beans.factory.config.BeanDefinitionVisitor.resolveValue(BeanDefinitionVisitor.java:204)
>         at org.springframework.beans.factory.config.BeanDefinitionVisitor.visitPropertyValues(BeanDefinitionVisitor.java:141)
>         at org.springframework.beans.factory.config.BeanDefinitionVisitor.visitBeanDefinition(BeanDefinitionVisitor.java:82)
>         at org.springframework.beans.factory.config.PlaceholderConfigurerSupport.doProcessProperties(PlaceholderConfigurerSupport.java:206)
>         ... 21 more
> Caused by: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
>         at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:934)
>         at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845)
>         at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
>        at javax.crypto.Cipher.doFinal(Cipher.java:2165)
>         at org.apache.kylin.rest.security.PasswordPlaceholderConfigurer.decrypt(PasswordPlaceholderConfigurer.java:81)
> {quote}
> It's very easy to verify. 
> java org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES 123456789012345
> AES encrypted password is:
> pLKuoHlKbRg+55tny8n2YA==
> If I put this string into ldap.password, Kylin starts up without errors (I can ofc not login, because the password is wrong.)
>  
> java org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES 1234567890123456
> AES encrypted password is:
> RSvxLxIHAugtd/LBQFpGF+9fW0wb6YVnsEYgogo9w/w=
> If I put this string into ldap.password, Kylin failes to start with the "Input length must be multiple of 16 when decrypting with padded cipher" error



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)