You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by jubax <ba...@semedy.com> on 2019/07/15 12:52:49 UTC
ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Hi,
I get the an ArrayIndexOutOfBoundsException in CookieRememberMeManager
exception when I'm logging out (tomcat-based web application). See below.
I also added
[main]
securityManager.rememberMeManager.cipherKey =
0xff64f88d526b7bb96b962682b7048d76
to the shiro.ini, but no avail.
Any ideas?
Thanks,
Jürgen
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter -
Current requestURI matches pattern '/logout'. Determining filter chain
execution...
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter -
Filter 'anon' is enabled for the current request under path '/logout' with
config [null]. Delegating to subclass implementation for 'onPre
Handle' check.
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter -
Invoked preHandle method. Continuing chain?: [true]
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] ProxiedFilterChain -
Invoking original filter chain.
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject -
attempting to get session; create = false; session is null = false; session
has id = true
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject -
attempting to get session; create = false; session is null = false; session
has id = true
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter -
Successfully invoked postHandle method
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter -
Successfully invoked afterCompletion method.
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] OncePerRequestFilter -
Filter 'ShiroFilter' not yet executed. Executing now.
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager
- Context already contains a SecurityManager instance. Returning.
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager
- No identity (PrincipalCollection) found in the context. Looking for a
remembered identity.
2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie -
Found 'rememberMe' cookie value
[383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm]
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] CookieRememberMeManager
- Acquired Base64 encoded identity
[383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm===]
2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10]
AbstractRememberMeManager - There was a failure while trying to retrieve
remembered principals. This could be due to a configuration problem or
corrupted princi
pals. This could also be due to a recently changed encryption key, if you
are using a shiro.ini file, this property would be
'securityManager.rememberMeManager.cipherKey' see:
http://shiro.apache.org/web.html#Web-Rememb
erMeServices. The remembered identity will be forgotten and not used for
this request.
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie -
calculated path: /myapplication
2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie -
Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/myapplication;
Max-Age=0; Expires=Sun, 14-Jul-2019 12:43:40 GMT]
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie -
Removed 'rememberMe' cookie by setting maxAge=0
2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10] DefaultSecurityManager
- *Delegate RememberMeManager instance of type
[org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during
getRememberedPr
incipals().*
java.lang.ArrayIndexOutOfBoundsException: Index 30 out of bounds for length
30
at org.apache.shiro.codec.Base64.decode(Base64.java:470)
at org.apache.shiro.codec.Base64.decode(Base64.java:414)
at
org.apache.shiro.web.mgt.CookieRememberMeManager.getRememberedSerializedIdentity(CookieRememberMeManager.java:215)
at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:383)
at
org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
at
org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager
- No remembered identity found. Returning original context.
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Posted by jubax <ba...@semedy.com>.
Brian Demers wrote
> What is the remember me cookie payload? That _should_ make it easy to
> reproduce
That's the weird thing: AFAIK I'm currently not using the "remember me"
functionality at all (I have a simple login mask with user name and password
and no "remember me" checkbox) .
Maybe that's the problem here. How do I turn it off (or how could I
accidentally have turned it on)?
Thanks,
Jürgen
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Brian Demers <br...@gmail.com>.
What is the remember me cookie payload? That _should_ make it easy to
reproduce
(Friendly reminder, I'm assuming that cipherKey is for test purposes and is
not used in production)
On Mon, Jul 15, 2019 at 8:52 AM jubax <ba...@semedy.com> wrote:
> Hi,
>
> I get the an ArrayIndexOutOfBoundsException in CookieRememberMeManager
> exception when I'm logging out (tomcat-based web application). See below.
>
> I also added
>
> [main]
> securityManager.rememberMeManager.cipherKey =
> 0xff64f88d526b7bb96b962682b7048d76
>
> to the shiro.ini, but no avail.
>
> Any ideas?
>
> Thanks,
>
> Jürgen
>
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter -
> Current requestURI matches pattern '/logout'. Determining filter chain
> execution...
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter -
> Filter 'anon' is enabled for the current request under path '/logout' with
> config [null]. Delegating to subclass implementation for 'onPre
> Handle' check.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter -
> Invoked preHandle method. Continuing chain?: [true]
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] ProxiedFilterChain -
> Invoking original filter chain.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject -
> attempting to get session; create = false; session is null = false; session
> has id = true
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject -
> attempting to get session; create = false; session is null = false; session
> has id = true
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter -
> Successfully invoked postHandle method
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter -
> Successfully invoked afterCompletion method.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] OncePerRequestFilter -
> Filter 'ShiroFilter' not yet executed. Executing now.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager
> - Context already contains a SecurityManager instance. Returning.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager
> - No identity (PrincipalCollection) found in the context. Looking for a
> remembered identity.
> 2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie -
> Found 'rememberMe' cookie value
> [383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm]
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10]
> CookieRememberMeManager
> - Acquired Base64 encoded identity
> [383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm===]
> 2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10]
> AbstractRememberMeManager - There was a failure while trying to retrieve
> remembered principals. This could be due to a configuration problem or
> corrupted princi
> pals. This could also be due to a recently changed encryption key, if you
> are using a shiro.ini file, this property would be
> 'securityManager.rememberMeManager.cipherKey' see:
> http://shiro.apache.org/web.html#Web-Rememb
> erMeServices. The remembered identity will be forgotten and not used for
> this request.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie -
> calculated path: /myapplication
> 2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie -
> Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/myapplication;
> Max-Age=0; Expires=Sun, 14-Jul-2019 12:43:40 GMT]
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie -
> Removed 'rememberMe' cookie by setting maxAge=0
> 2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10] DefaultSecurityManager
> - *Delegate RememberMeManager instance of type
> [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception
> during
> getRememberedPr
> incipals().*
> java.lang.ArrayIndexOutOfBoundsException: Index 30 out of bounds for length
> 30
> at org.apache.shiro.codec.Base64.decode(Base64.java:470)
> at org.apache.shiro.codec.Base64.decode(Base64.java:414)
> at
>
> org.apache.shiro.web.mgt.CookieRememberMeManager.getRememberedSerializedIdentity(CookieRememberMeManager.java:215)
> at
>
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:383)
> at
>
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
> at
>
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
> at
>
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
> at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> at
>
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
> at
>
> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
> at
>
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager
> - No remembered identity found. Returning original context.
>
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: ArrayIndexOutOfBoundsException in CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Brian Demers <br...@gmail.com>.
Thanks for the update, keep us posted!
On Thu, Aug 1, 2019 at 10:20 AM jubax <ba...@semedy.com> wrote:
> Brian Demers wrote
> > It sounds like you have two conflicting versions of a remember me manager
> > in your applications?
> >
> > They each format the cookie differently, and this causes the stock
> > RememberMeManager to throw an exception.
> > If this assumption _is_ correct Shiro should probably log and ignore this
> > exception and NOT fail.
> >
> > Can you provide an example of your request/response headers that is
> > causing
> > this issue? (that should make it easy to write a test)
>
> In the meantime I made sure that our two applications are installed on
> separate servers. After that I tested only the old application. But the
> ArrayIndexOutOfBoundsException still occured. Then I deleted the
> corresponding cookies in my browser (I probably should have checked
> request/response headers before doing that). After that the error did not
> occur anymore.
>
> Right now I cannot change the application setup in order to reproduce the
> error, but I plan to do so in the next few weeks.
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Posted by jubax <ba...@semedy.com>.
Brian Demers wrote
> It sounds like you have two conflicting versions of a remember me manager
> in your applications?
>
> They each format the cookie differently, and this causes the stock
> RememberMeManager to throw an exception.
> If this assumption _is_ correct Shiro should probably log and ignore this
> exception and NOT fail.
>
> Can you provide an example of your request/response headers that is
> causing
> this issue? (that should make it easy to write a test)
In the meantime I made sure that our two applications are installed on
separate servers. After that I tested only the old application. But the
ArrayIndexOutOfBoundsException still occured. Then I deleted the
corresponding cookies in my browser (I probably should have checked
request/response headers before doing that). After that the error did not
occur anymore.
Right now I cannot change the application setup in order to reproduce the
error, but I plan to do so in the next few weeks.
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Brian Demers <br...@gmail.com>.
It sounds like you have two conflicting versions of a remember me manager
in your applications?
They each format the cookie differently, and this causes the stock
RememberMeManager to throw an exception.
If this assumption _is_ correct Shiro should probably log and ignore this
exception and NOT fail.
Can you provide an example of your request/response headers that is causing
this issue? (that should make it easy to write a test)
On Tue, Jul 30, 2019 at 3:32 AM Francois Papon <fr...@openobject.fr>
wrote:
> Ok, thanks for your feeback.
>
> We will take a look.
>
> regards,
>
> François
> fpapon@apache.org
>
> Le 30/07/2019 à 09:08, jubax a écrit :
> > Hi François,
> >
> >
> > fpapon wrote
> >> Hi,
> >>
> >> Can you try with the latest version 1.4.1 ?
> >>
> >> regards,
> >>
> >> François
> >> fpapon@
> >
> > With 1.4.1 I get the same behavior.
> >
> > Thanks,
> >
> > Jürgen
> >
> >
> >
> > --
> > Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Francois Papon <fr...@openobject.fr>.
Ok, thanks for your feeback.
We will take a look.
regards,
François
fpapon@apache.org
Le 30/07/2019 à 09:08, jubax a écrit :
> Hi François,
>
>
> fpapon wrote
>> Hi,
>>
>> Can you try with the latest version 1.4.1 ?
>>
>> regards,
>>
>> François
>> fpapon@
>
> With 1.4.1 I get the same behavior.
>
> Thanks,
>
> Jürgen
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Posted by jubax <ba...@semedy.com>.
Hi François,
fpapon wrote
> Hi,
>
> Can you try with the latest version 1.4.1 ?
>
> regards,
>
> François
> fpapon@
With 1.4.1 I get the same behavior.
Thanks,
Jürgen
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Francois Papon <fr...@openobject.fr>.
Hi,
Can you try with the latest version 1.4.1 ?
regards,
François
fpapon@apache.org
Le 24/07/2019 à 10:15, jubax a écrit :
> Brian Demers wrote
>> I'm not able to reproduce the ArrayIndexOutOfBoundsException. I can
>> reproduce various cipher exceptions (expected).
>>
>> What versions of Shiro are you using? (both the version with rememberMe
>> configured and without).
> In both version of the application I'm using Shiro 1.3.2.
>
>
> Brian Demers wrote
>> I'm not sure I understand the "rememberMe" code you are referring to. Do
>> you have custom Remember Me code in one application? And we are seeing a
>> cookie name collision?
> The code I posted comes from the new version of the application. It is from
> our own implementation of the RememberMeManager interface.
>
> -Jürgen
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Posted by jubax <ba...@semedy.com>.
Brian Demers wrote
> I'm not able to reproduce the ArrayIndexOutOfBoundsException. I can
> reproduce various cipher exceptions (expected).
>
> What versions of Shiro are you using? (both the version with rememberMe
> configured and without).
In both version of the application I'm using Shiro 1.3.2.
Brian Demers wrote
> I'm not sure I understand the "rememberMe" code you are referring to. Do
> you have custom Remember Me code in one application? And we are seeing a
> cookie name collision?
The code I posted comes from the new version of the application. It is from
our own implementation of the RememberMeManager interface.
-Jürgen
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Brian Demers <br...@gmail.com>.
I'm not able to reproduce the ArrayIndexOutOfBoundsException. I can
reproduce various cipher exceptions (expected).
What versions of Shiro are you using? (both the version with rememberMe
configured and without).
I'm not sure I understand the "rememberMe" code you are referring to. Do
you have custom Remember Me code in one application? And we are seeing a
cookie name collision?
On Mon, Jul 22, 2019 at 2:48 PM Brian Demers <br...@gmail.com> wrote:
> I'll try to reproduce this.
>
> On Mon, Jul 22, 2019 at 4:16 AM jubax <ba...@semedy.com> wrote:
>
>> Hi,
>>
>>
>> Brian Demers wrote
>> > Agreed, it should be a easy enough test to write, can you give us an
>> > example of the cookie body.
>> > My guess the apps are using different secrets (the one not defined is a
>> > random key, but that one does’t set a cookie), so its the decryption
>> that
>> > is failing.
>> >
>> > If you are using the same set of cookies between apps you should
>> configure
>> > Shiro the same on both apps.
>> >
>> > -Brian (mobile)
>>
>> I would like to help, but I'm not sure what exactly you need. The
>> shiro.ini
>> files contain no special configuration properties regarding cookies,
>> cypherkey etc.
>>
>> The cookie name is "rememberMe" and it just contains the realm names:
>>
>> String principal = (String) subject.getPrincipal();
>> String rememberMeToken =
>> UUID.randomUUID().toString().toUpperCase(Locale.ROOT);
>> Cookie newCookie = new SimpleCookie(getCookie());
>> newCookie.setValue(concat(rememberMeToken,
>> subject.getPrincipals().getRealmNames()));
>> newCookie.saveTo(request, response);
>>
>> Is this what you need?
>>
>> Thanks,
>>
>> Jürgen
>>
>>
>>
>>
>> --
>> Sent from: http://shiro-user.582556.n2.nabble.com/
>>
>
Re: ArrayIndexOutOfBoundsException in CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Brian Demers <br...@gmail.com>.
I'll try to reproduce this.
On Mon, Jul 22, 2019 at 4:16 AM jubax <ba...@semedy.com> wrote:
> Hi,
>
>
> Brian Demers wrote
> > Agreed, it should be a easy enough test to write, can you give us an
> > example of the cookie body.
> > My guess the apps are using different secrets (the one not defined is a
> > random key, but that one does’t set a cookie), so its the decryption that
> > is failing.
> >
> > If you are using the same set of cookies between apps you should
> configure
> > Shiro the same on both apps.
> >
> > -Brian (mobile)
>
> I would like to help, but I'm not sure what exactly you need. The shiro.ini
> files contain no special configuration properties regarding cookies,
> cypherkey etc.
>
> The cookie name is "rememberMe" and it just contains the realm names:
>
> String principal = (String) subject.getPrincipal();
> String rememberMeToken =
> UUID.randomUUID().toString().toUpperCase(Locale.ROOT);
> Cookie newCookie = new SimpleCookie(getCookie());
> newCookie.setValue(concat(rememberMeToken,
> subject.getPrincipals().getRealmNames()));
> newCookie.saveTo(request, response);
>
> Is this what you need?
>
> Thanks,
>
> Jürgen
>
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Posted by jubax <ba...@semedy.com>.
Hi,
Brian Demers wrote
> Agreed, it should be a easy enough test to write, can you give us an
> example of the cookie body.
> My guess the apps are using different secrets (the one not defined is a
> random key, but that one does’t set a cookie), so its the decryption that
> is failing.
>
> If you are using the same set of cookies between apps you should configure
> Shiro the same on both apps.
>
> -Brian (mobile)
I would like to help, but I'm not sure what exactly you need. The shiro.ini
files contain no special configuration properties regarding cookies,
cypherkey etc.
The cookie name is "rememberMe" and it just contains the realm names:
String principal = (String) subject.getPrincipal();
String rememberMeToken =
UUID.randomUUID().toString().toUpperCase(Locale.ROOT);
Cookie newCookie = new SimpleCookie(getCookie());
newCookie.setValue(concat(rememberMeToken,
subject.getPrincipals().getRealmNames()));
newCookie.saveTo(request, response);
Is this what you need?
Thanks,
Jürgen
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Brian Demers <br...@gmail.com>.
Agreed, it should be a easy enough test to write, can you give us an example of the cookie body.
My guess the apps are using different secrets (the one not defined is a random key, but that one does’t set a cookie), so its the decryption that is failing.
If you are using the same set of cookies between apps you should configure Shiro the same on both apps.
-Brian (mobile)
> On Jul 19, 2019, at 3:39 AM, Philip Whitehouse <ph...@whiuk.com> wrote:
>
> AIOOBE is not a helpful error regardless of config - we should still improve that...
>
> Best,
>
> Philip Whitehouse
>
>> On 19 Jul 2019, at 09:35, jubax <ba...@semedy.com> wrote:
>>
>> Brian Demers wrote
>>> What cookies are set?
>>>
>>> -Brian
>>
>> I just noticed: We have two versions of our application running in the same
>> Tomcat at the same time. The old version does not use RememberMe, but the
>> new one does.
>>
>> The error seems to occur only when I choose the RememberMe option in the new
>> version. After that I always get the ArrayIndexOutOfBoundsException in the
>> old version.
>>
>> So this might be just a misconfiguration somewhere. I guess I was not aware
>> that different webapps can affect each other in this way.
>>
>> Any ideas what I configured wrong?
>>
>> Thanks,
>>
>> Jürgen
>>
>>
>>
>> --
>> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: ArrayIndexOutOfBoundsException in CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Philip Whitehouse <ph...@whiuk.com>.
AIOOBE is not a helpful error regardless of config - we should still improve that...
Best,
Philip Whitehouse
> On 19 Jul 2019, at 09:35, jubax <ba...@semedy.com> wrote:
>
> Brian Demers wrote
>> What cookies are set?
>>
>> -Brian
>
> I just noticed: We have two versions of our application running in the same
> Tomcat at the same time. The old version does not use RememberMe, but the
> new one does.
>
> The error seems to occur only when I choose the RememberMe option in the new
> version. After that I always get the ArrayIndexOutOfBoundsException in the
> old version.
>
> So this might be just a misconfiguration somewhere. I guess I was not aware
> that different webapps can affect each other in this way.
>
> Any ideas what I configured wrong?
>
> Thanks,
>
> Jürgen
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Posted by jubax <ba...@semedy.com>.
Brian Demers wrote
> What cookies are set?
>
> -Brian
I just noticed: We have two versions of our application running in the same
Tomcat at the same time. The old version does not use RememberMe, but the
new one does.
The error seems to occur only when I choose the RememberMe option in the new
version. After that I always get the ArrayIndexOutOfBoundsException in the
old version.
So this might be just a misconfiguration somewhere. I guess I was not aware
that different webapps can affect each other in this way.
Any ideas what I configured wrong?
Thanks,
Jürgen
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in
CookieRememberMeManager.getRememberedSerializedIdentity
Posted by jubax <ba...@semedy.com>.
Brian Demers wrote
> What cookies are set?
My application does not use cookies explicitly. There is a single cookie
which is set after login this is called "jsessionid" which sounds like it is
coming from tomcat. I'm not sure how this cookie is related to shiro.
-Jürgen
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: ArrayIndexOutOfBoundsException in CookieRememberMeManager.getRememberedSerializedIdentity
Posted by Brian Demers <br...@gmail.com>.
What cookies are set?
-Brian
> On Jul 15, 2019, at 8:52 AM, jubax <ba...@semedy.com> wrote:
>
> Hi,
>
> I get the an ArrayIndexOutOfBoundsException in CookieRememberMeManager
> exception when I'm logging out (tomcat-based web application). See below.
>
> I also added
>
> [main]
> securityManager.rememberMeManager.cipherKey =
> 0xff64f88d526b7bb96b962682b7048d76
>
> to the shiro.ini, but no avail.
>
> Any ideas?
>
> Thanks,
>
> Jürgen
>
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter -
> Current requestURI matches pattern '/logout'. Determining filter chain
> execution...
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter -
> Filter 'anon' is enabled for the current request under path '/logout' with
> config [null]. Delegating to subclass implementation for 'onPre
> Handle' check.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter -
> Invoked preHandle method. Continuing chain?: [true]
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] ProxiedFilterChain -
> Invoking original filter chain.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject -
> attempting to get session; create = false; session is null = false; session
> has id = true
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject -
> attempting to get session; create = false; session is null = false; session
> has id = true
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter -
> Successfully invoked postHandle method
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter -
> Successfully invoked afterCompletion method.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] OncePerRequestFilter -
> Filter 'ShiroFilter' not yet executed. Executing now.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager
> - Context already contains a SecurityManager instance. Returning.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager
> - No identity (PrincipalCollection) found in the context. Looking for a
> remembered identity.
> 2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie -
> Found 'rememberMe' cookie value
> [383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm]
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] CookieRememberMeManager
> - Acquired Base64 encoded identity
> [383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm===]
> 2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10]
> AbstractRememberMeManager - There was a failure while trying to retrieve
> remembered principals. This could be due to a configuration problem or
> corrupted princi
> pals. This could also be due to a recently changed encryption key, if you
> are using a shiro.ini file, this property would be
> 'securityManager.rememberMeManager.cipherKey' see:
> http://shiro.apache.org/web.html#Web-Rememb
> erMeServices. The remembered identity will be forgotten and not used for
> this request.
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie -
> calculated path: /myapplication
> 2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie -
> Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/myapplication;
> Max-Age=0; Expires=Sun, 14-Jul-2019 12:43:40 GMT]
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie -
> Removed 'rememberMe' cookie by setting maxAge=0
> 2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10] DefaultSecurityManager
> - *Delegate RememberMeManager instance of type
> [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during
> getRememberedPr
> incipals().*
> java.lang.ArrayIndexOutOfBoundsException: Index 30 out of bounds for length
> 30
> at org.apache.shiro.codec.Base64.decode(Base64.java:470)
> at org.apache.shiro.codec.Base64.decode(Base64.java:414)
> at
> org.apache.shiro.web.mgt.CookieRememberMeManager.getRememberedSerializedIdentity(CookieRememberMeManager.java:215)
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:383)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
> at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> at
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
> 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager
> - No remembered identity found. Returning original context.
>
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/