[jira] Resolved: (SHIRO-183) Unable to correctly extract the Initialization Vector or ciphertext

["Kalle Korhonen (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kalle Korhonen resolved SHIRO-183.
----------------------------------

    Resolution: Fixed

I believe the root cause of the issue is that Max-Age attribute wasn't written at all (instead it was using non-standard Expires). Added and using both now, other checks left in place as well.

> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
>                 Key: SHIRO-183
>                 URL: https://issues.apache.org/jira/browse/SHIRO-183
>             Project: Shiro
>          Issue Type: Bug
>          Components: Subject
>    Affects Versions: 1.0.0
>         Environment: GNU/Linux Debian Lenny, Java 1.6
>            Reporter: RynekMedyczny.pl
>            Assignee: Kalle Korhonen
>            Priority: Trivial
>             Fix For: 1.1.0
>
>         Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
>   [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
>      [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
>      [java] 	at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
>      [java] 	at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
>      [java] 	at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
>      [java] 	at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
>      [java] 	at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
>      [java] 	at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
>      [java] 	at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
>      [java] 	at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
>      [java] 	at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
>      [java] 	at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
>      [java] 	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
>      [java] 	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
>      [java] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>      [java] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>      [java] 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>      [java] 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>      [java] 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>      [java] 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>      [java] 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>      [java] 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
>      [java] 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
>      [java] 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
>      [java] 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>      [java] 	at java.lang.Thread.run(Thread.java:619)
>      [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
>      [java] 	at java.lang.System.arraycopy(Native Method)
>      [java] 	at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
>      [java] 	... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.