You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by "jim.piersol@gmail.com" <ji...@gmail.com> on 2016/08/16 19:01:47 UTC
CryptoException
Shiro 1.3.0
Jetty9.3.10 or Tomcat7 & 8
Servlet based webapp
Using authc (Form based Auth)
Occasionally on login I get a nasty stackTrace like the following. I need
help figuring out why. I am not doing anything with Cryptology myself.
This is down in the Shiro code. I am using the box stock
FormAuthenticationFilter. This doesn't happen everytime, and doesn't appear
to cause any known issues with my app, but the nasty log message is not
good. Any suggestions?
[qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
Delegate RememberMeManager instance of type [org.apache
.shiro.web.mgt.CookieRememberMeManager] threw an exception during
getRememberedPrincipals().
org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with
cipher instance [javax.crypto.Cipher@32d3ab59].
at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
at
org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:479)
at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)
at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)
at
org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
at
org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at org.eclipse.jetty.server.Server.handle(Server.java:524)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
at
com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
at javax.crypto.Cipher.doFinal(Cipher.java:2165)
at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
... 41 more
Shiro.ini file contents:
#
=============================================================================
# Shiro INI configuration
#
#
=============================================================================
#-----------
# Main
# ----------
[main]
authc.loginUrl = /pre-auth/authentication/login.html
authc.successUrl = /index.html
logout.redirectUrl = /pre-auth/authentication/login.html
myRealm = com.test.auth.VnfMgrCustomRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
securityManager.realms = $myRealm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
# Use the configured native session manager:
securityManager.sessionManager = $sessionManager
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = mgr.cookie
cookie.path = /
sessionManager.sessionIdCookie = $cookie
#
-----------------------------------------------------------------------------
# URLS - followed by Filter Chains.
#
-----------------------------------------------------------------------------
[urls]
/v1/sbc/** = anon
/v1/vnfs/** = anon
/logout = logout
/pre-auth/authentication/img/favicon/favicon.ico = anon
/pre-auth/authentication/ajax/** = anon
/pre-auth/authentication/css/** = anon
/pre-auth/authentication/data/** = anon
/pre-auth/authentication/design-resources/** = anon
/pre-auth/authentication/fonts/** = anon
/pre-auth/authentication/img/** = anon
/pre-auth/authentication/js/** = anon
/pre-auth/authentication/php/** = anon
/pre-auth/authentication/sound/** = anon
/pre-auth/authentication/xml/** = anon
/** = authc
--
View this message in context: http://shiro-user.582556.n2.nabble.com/CryptoException-tp7581223.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: CryptoException
Posted by "jim.piersol@gmail.com" <ji...@gmail.com>.
I see it in development, but I am not sure what would be different in
production, as there is no changes in my app between the two.
I see the reference in that doc to the cipherKey, but I don't understand it
fully. Where does that key come from? random?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/CryptoException-tp7581223p7581225.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: CryptoException
Posted by Brian Demers <br...@gmail.com>.
good to know, we will fix that
On Thu, Aug 18, 2016 at 10:44 AM, Rob Young <bo...@gmail.com> wrote:
> :) To be honest, it would have probably not been too hard to sort out...
> I just have a huge task list so I had been putting it off. This really got
> to the heart of the matter and sorted me out!
>
> OH, if you specify a cipher key of an incorrect length, you will get a big
> stack trace when shiro tries to create a remember me key. Buried within
> the stack is a message saying it. At first I had no idea why it failed,
> but the details are all there in the stack trace. I ran into this, the
> test hex key in the shiro docs is of the incorrect length, I had created a
> new key of a correct length.
>
> On Thu, Aug 18, 2016 at 10:38 AM, Brian Demers <br...@gmail.com>
> wrote:
>
>> Glad to hear it!, and thanks for letting us know because this further
>> confirms we need a better error message.
>>
>>
>> On Thu, Aug 18, 2016 at 9:45 AM, Rob Young <bo...@gmail.com> wrote:
>>
>>> Hi Brian, I just wanted to say thanks, I had been meaning to deal with
>>> this in my application, fixed because of your email here!
>>>
>>> On Wed, Aug 17, 2016 at 11:13 AM, Brian Demers <br...@gmail.com>
>>> wrote:
>>>
>>>> Do you see this during development? Or in production?
>>>>
>>>> Either way i'm guessing you have not set `securityManager.rememberMeManager.cipherKey`
>>>> property, for development this is fine, for a pro server, if not set, the
>>>> rememberme will change on restart.
>>>> http://shiro.apache.org/configuration.html#Configuration-Byt
>>>> eArrayValues
>>>>
>>>> We could probably improve the error message a bit, please open a bug
>>>> for this.
>>>>
>>>> On Tue, Aug 16, 2016 at 3:01 PM, jim.piersol@gmail.com <
>>>> jim.piersol@gmail.com> wrote:
>>>>
>>>>> Shiro 1.3.0
>>>>> Jetty9.3.10 or Tomcat7 & 8
>>>>> Servlet based webapp
>>>>> Using authc (Form based Auth)
>>>>>
>>>>> Occasionally on login I get a nasty stackTrace like the following. I
>>>>> need
>>>>> help figuring out why. I am not doing anything with Cryptology myself.
>>>>> This is down in the Shiro code. I am using the box stock
>>>>> FormAuthenticationFilter. This doesn't happen everytime, and doesn't
>>>>> appear
>>>>> to cause any known issues with my app, but the nasty log message is not
>>>>> good. Any suggestions?
>>>>>
>>>>> [qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
>>>>> Delegate RememberMeManager instance of type [org.apache
>>>>> .shiro.web.mgt.CookieRememberMeManager] threw an exception during
>>>>> getRememberedPrincipals().
>>>>> org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal'
>>>>> with
>>>>> cipher instance [javax.crypto.Cipher@32d3ab59].
>>>>> at
>>>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ
>>>>> ice.java:462)
>>>>> at
>>>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ
>>>>> ice.java:445)
>>>>> at
>>>>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe
>>>>> rvice.java:390)
>>>>> at
>>>>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe
>>>>> rvice.java:382)
>>>>> at
>>>>> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(Abstr
>>>>> actRememberMeManager.java:479)
>>>>> at
>>>>> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesT
>>>>> oPrincipals(AbstractRememberMeManager.java:419)
>>>>> at
>>>>> org.apache.shiro.mgt.AbstractRememberMeManager.getRemembered
>>>>> Principals(AbstractRememberMeManager.java:386)
>>>>> at
>>>>> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIde
>>>>> ntity(DefaultSecurityManager.java:604)
>>>>> at
>>>>> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipal
>>>>> s(DefaultSecurityManager.java:492)
>>>>> at
>>>>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(De
>>>>> faultSecurityManager.java:342)
>>>>> at
>>>>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subjec
>>>>> t.java:846)
>>>>> at
>>>>> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubj
>>>>> ect(WebSubject.java:148)
>>>>> at
>>>>> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubje
>>>>> ct(AbstractShiroFilter.java:292)
>>>>> at
>>>>> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInt
>>>>> ernal(AbstractShiroFilter.java:359)
>>>>> at
>>>>> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(O
>>>>> ncePerRequestFilter.java:125)
>>>>> at
>>>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte
>>>>> r(ServletHandler.java:1668)
>>>>> at
>>>>> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log
>>>>> 4jServletFilter.java:71)
>>>>> at
>>>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte
>>>>> r(ServletHandler.java:1676)
>>>>> at
>>>>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHan
>>>>> dler.java:581)
>>>>> at
>>>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped
>>>>> Handler.java:143)
>>>>> at
>>>>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHa
>>>>> ndler.java:548)
>>>>> at
>>>>> org.eclipse.jetty.server.session.SessionHandler.doHandle(Ses
>>>>> sionHandler.java:226)
>>>>> at
>>>>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(Con
>>>>> textHandler.java:1180)
>>>>> at
>>>>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHand
>>>>> ler.java:511)
>>>>> at
>>>>> org.eclipse.jetty.server.session.SessionHandler.doScope(Sess
>>>>> ionHandler.java:185)
>>>>> at
>>>>> org.eclipse.jetty.server.handler.ContextHandler.doScope(Cont
>>>>> extHandler.java:1112)
>>>>> at
>>>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped
>>>>> Handler.java:141)
>>>>> at
>>>>> org.eclipse.jetty.server.handler.ContextHandlerCollection.ha
>>>>> ndle(ContextHandlerCollection.java:213)
>>>>> at
>>>>> org.eclipse.jetty.server.handler.HandlerCollection.handle(Ha
>>>>> ndlerCollection.java:119)
>>>>> at
>>>>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handl
>>>>> erWrapper.java:134)
>>>>> at org.eclipse.jetty.server.Server.handle(Server.java:524)
>>>>> at org.eclipse.jetty.server.HttpC
>>>>> hannel.handle(HttpChannel.java:319)
>>>>> at
>>>>> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConne
>>>>> ction.java:253)
>>>>> at
>>>>> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeed
>>>>> ed(AbstractConnection.java:273)
>>>>> at org.eclipse.jetty.io.FillInter
>>>>> est.fillable(FillInterest.java:95)
>>>>> at
>>>>> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChann
>>>>> elEndPoint.java:93)
>>>>> at
>>>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>>>>> .executeProduceConsume(ExecuteProduceConsume.java:303)
>>>>>
>>>>> at
>>>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>>>>> .produceConsume(ExecuteProduceConsume.java:148)
>>>>> at
>>>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>>>>> .run(ExecuteProduceConsume.java:136)
>>>>> at
>>>>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(Queued
>>>>> ThreadPool.java:671)
>>>>> at
>>>>> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedT
>>>>> hreadPool.java:589)
>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>> Caused by: javax.crypto.BadPaddingException: Given final block not
>>>>> properly
>>>>> padded
>>>>> at com.sun.crypto.provider.Cipher
>>>>> Core.doFinal(CipherCore.java:966)
>>>>> at com.sun.crypto.provider.Cipher
>>>>> Core.doFinal(CipherCore.java:824)
>>>>> at
>>>>> com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
>>>>> at javax.crypto.Cipher.doFinal(Cipher.java:2165)
>>>>> at
>>>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ
>>>>> ice.java:459)
>>>>> ... 41 more
>>>>>
>>>>>
>>>>> Shiro.ini file contents:
>>>>>
>>>>> #
>>>>> ============================================================
>>>>> =================
>>>>> # Shiro INI configuration
>>>>> #
>>>>> #
>>>>> ============================================================
>>>>> =================
>>>>>
>>>>> #-----------
>>>>> # Main
>>>>> # ----------
>>>>> [main]
>>>>>
>>>>> authc.loginUrl = /pre-auth/authentication/login.html
>>>>> authc.successUrl = /index.html
>>>>> logout.redirectUrl = /pre-auth/authentication/login.html
>>>>>
>>>>> myRealm = com.test.auth.VnfMgrCustomRealm
>>>>>
>>>>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>>>>> securityManager.cacheManager = $cacheManager
>>>>>
>>>>> securityManager.realms = $myRealm
>>>>>
>>>>> sessionManager = org.apache.shiro.web.session.m
>>>>> gt.DefaultWebSessionManager
>>>>>
>>>>> # Use the configured native session manager:
>>>>> securityManager.sessionManager = $sessionManager
>>>>>
>>>>> cookie = org.apache.shiro.web.servlet.SimpleCookie
>>>>> cookie.name = mgr.cookie
>>>>> cookie.path = /
>>>>> sessionManager.sessionIdCookie = $cookie
>>>>>
>>>>> #
>>>>> ------------------------------------------------------------
>>>>> -----------------
>>>>> # URLS - followed by Filter Chains.
>>>>> #
>>>>> ------------------------------------------------------------
>>>>> -----------------
>>>>> [urls]
>>>>> /v1/sbc/** = anon
>>>>> /v1/vnfs/** = anon
>>>>> /logout = logout
>>>>> /pre-auth/authentication/img/favicon/favicon.ico = anon
>>>>> /pre-auth/authentication/ajax/** = anon
>>>>> /pre-auth/authentication/css/** = anon
>>>>> /pre-auth/authentication/data/** = anon
>>>>> /pre-auth/authentication/design-resources/** = anon
>>>>> /pre-auth/authentication/fonts/** = anon
>>>>> /pre-auth/authentication/img/** = anon
>>>>> /pre-auth/authentication/js/** = anon
>>>>> /pre-auth/authentication/php/** = anon
>>>>> /pre-auth/authentication/sound/** = anon
>>>>> /pre-auth/authentication/xml/** = anon
>>>>> /** = authc
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> View this message in context: http://shiro-user.582556.n2.na
>>>>> bble.com/CryptoException-tp7581223.html
>>>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>>>
>>>>
>>>>
>>>
>>
>
Re: CryptoException
Posted by Rob Young <bo...@gmail.com>.
:) To be honest, it would have probably not been too hard to sort out... I
just have a huge task list so I had been putting it off. This really got
to the heart of the matter and sorted me out!
OH, if you specify a cipher key of an incorrect length, you will get a big
stack trace when shiro tries to create a remember me key. Buried within
the stack is a message saying it. At first I had no idea why it failed,
but the details are all there in the stack trace. I ran into this, the
test hex key in the shiro docs is of the incorrect length, I had created a
new key of a correct length.
On Thu, Aug 18, 2016 at 10:38 AM, Brian Demers <br...@gmail.com>
wrote:
> Glad to hear it!, and thanks for letting us know because this further
> confirms we need a better error message.
>
>
> On Thu, Aug 18, 2016 at 9:45 AM, Rob Young <bo...@gmail.com> wrote:
>
>> Hi Brian, I just wanted to say thanks, I had been meaning to deal with
>> this in my application, fixed because of your email here!
>>
>> On Wed, Aug 17, 2016 at 11:13 AM, Brian Demers <br...@gmail.com>
>> wrote:
>>
>>> Do you see this during development? Or in production?
>>>
>>> Either way i'm guessing you have not set `securityManager.rememberMeManager.cipherKey`
>>> property, for development this is fine, for a pro server, if not set, the
>>> rememberme will change on restart.
>>> http://shiro.apache.org/configuration.html#Configuration-ByteArrayValues
>>>
>>> We could probably improve the error message a bit, please open a bug for
>>> this.
>>>
>>> On Tue, Aug 16, 2016 at 3:01 PM, jim.piersol@gmail.com <
>>> jim.piersol@gmail.com> wrote:
>>>
>>>> Shiro 1.3.0
>>>> Jetty9.3.10 or Tomcat7 & 8
>>>> Servlet based webapp
>>>> Using authc (Form based Auth)
>>>>
>>>> Occasionally on login I get a nasty stackTrace like the following. I
>>>> need
>>>> help figuring out why. I am not doing anything with Cryptology myself.
>>>> This is down in the Shiro code. I am using the box stock
>>>> FormAuthenticationFilter. This doesn't happen everytime, and doesn't
>>>> appear
>>>> to cause any known issues with my app, but the nasty log message is not
>>>> good. Any suggestions?
>>>>
>>>> [qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
>>>> Delegate RememberMeManager instance of type [org.apache
>>>> .shiro.web.mgt.CookieRememberMeManager] threw an exception during
>>>> getRememberedPrincipals().
>>>> org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal'
>>>> with
>>>> cipher instance [javax.crypto.Cipher@32d3ab59].
>>>> at
>>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ
>>>> ice.java:462)
>>>> at
>>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ
>>>> ice.java:445)
>>>> at
>>>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe
>>>> rvice.java:390)
>>>> at
>>>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe
>>>> rvice.java:382)
>>>> at
>>>> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(Abstr
>>>> actRememberMeManager.java:479)
>>>> at
>>>> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesT
>>>> oPrincipals(AbstractRememberMeManager.java:419)
>>>> at
>>>> org.apache.shiro.mgt.AbstractRememberMeManager.getRemembered
>>>> Principals(AbstractRememberMeManager.java:386)
>>>> at
>>>> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIde
>>>> ntity(DefaultSecurityManager.java:604)
>>>> at
>>>> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipal
>>>> s(DefaultSecurityManager.java:492)
>>>> at
>>>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(De
>>>> faultSecurityManager.java:342)
>>>> at
>>>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
>>>> at
>>>> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubj
>>>> ect(WebSubject.java:148)
>>>> at
>>>> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubje
>>>> ct(AbstractShiroFilter.java:292)
>>>> at
>>>> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInt
>>>> ernal(AbstractShiroFilter.java:359)
>>>> at
>>>> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(O
>>>> ncePerRequestFilter.java:125)
>>>> at
>>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte
>>>> r(ServletHandler.java:1668)
>>>> at
>>>> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log
>>>> 4jServletFilter.java:71)
>>>> at
>>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte
>>>> r(ServletHandler.java:1676)
>>>> at
>>>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHan
>>>> dler.java:581)
>>>> at
>>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped
>>>> Handler.java:143)
>>>> at
>>>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHa
>>>> ndler.java:548)
>>>> at
>>>> org.eclipse.jetty.server.session.SessionHandler.doHandle(Ses
>>>> sionHandler.java:226)
>>>> at
>>>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(Con
>>>> textHandler.java:1180)
>>>> at
>>>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHand
>>>> ler.java:511)
>>>> at
>>>> org.eclipse.jetty.server.session.SessionHandler.doScope(Sess
>>>> ionHandler.java:185)
>>>> at
>>>> org.eclipse.jetty.server.handler.ContextHandler.doScope(Cont
>>>> extHandler.java:1112)
>>>> at
>>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped
>>>> Handler.java:141)
>>>> at
>>>> org.eclipse.jetty.server.handler.ContextHandlerCollection.ha
>>>> ndle(ContextHandlerCollection.java:213)
>>>> at
>>>> org.eclipse.jetty.server.handler.HandlerCollection.handle(Ha
>>>> ndlerCollection.java:119)
>>>> at
>>>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handl
>>>> erWrapper.java:134)
>>>> at org.eclipse.jetty.server.Server.handle(Server.java:524)
>>>> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java
>>>> :319)
>>>> at
>>>> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConne
>>>> ction.java:253)
>>>> at
>>>> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeed
>>>> ed(AbstractConnection.java:273)
>>>> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java
>>>> :95)
>>>> at
>>>> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChann
>>>> elEndPoint.java:93)
>>>> at
>>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>>>> .executeProduceConsume(ExecuteProduceConsume.java:303)
>>>>
>>>> at
>>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>>>> .produceConsume(ExecuteProduceConsume.java:148)
>>>> at
>>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>>>> .run(ExecuteProduceConsume.java:136)
>>>> at
>>>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(Queued
>>>> ThreadPool.java:671)
>>>> at
>>>> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedT
>>>> hreadPool.java:589)
>>>> at java.lang.Thread.run(Thread.java:745)
>>>> Caused by: javax.crypto.BadPaddingException: Given final block not
>>>> properly
>>>> padded
>>>> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:9
>>>> 66)
>>>> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:8
>>>> 24)
>>>> at
>>>> com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
>>>> at javax.crypto.Cipher.doFinal(Cipher.java:2165)
>>>> at
>>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ
>>>> ice.java:459)
>>>> ... 41 more
>>>>
>>>>
>>>> Shiro.ini file contents:
>>>>
>>>> #
>>>> ============================================================
>>>> =================
>>>> # Shiro INI configuration
>>>> #
>>>> #
>>>> ============================================================
>>>> =================
>>>>
>>>> #-----------
>>>> # Main
>>>> # ----------
>>>> [main]
>>>>
>>>> authc.loginUrl = /pre-auth/authentication/login.html
>>>> authc.successUrl = /index.html
>>>> logout.redirectUrl = /pre-auth/authentication/login.html
>>>>
>>>> myRealm = com.test.auth.VnfMgrCustomRealm
>>>>
>>>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>>>> securityManager.cacheManager = $cacheManager
>>>>
>>>> securityManager.realms = $myRealm
>>>>
>>>> sessionManager = org.apache.shiro.web.session.m
>>>> gt.DefaultWebSessionManager
>>>>
>>>> # Use the configured native session manager:
>>>> securityManager.sessionManager = $sessionManager
>>>>
>>>> cookie = org.apache.shiro.web.servlet.SimpleCookie
>>>> cookie.name = mgr.cookie
>>>> cookie.path = /
>>>> sessionManager.sessionIdCookie = $cookie
>>>>
>>>> #
>>>> ------------------------------------------------------------
>>>> -----------------
>>>> # URLS - followed by Filter Chains.
>>>> #
>>>> ------------------------------------------------------------
>>>> -----------------
>>>> [urls]
>>>> /v1/sbc/** = anon
>>>> /v1/vnfs/** = anon
>>>> /logout = logout
>>>> /pre-auth/authentication/img/favicon/favicon.ico = anon
>>>> /pre-auth/authentication/ajax/** = anon
>>>> /pre-auth/authentication/css/** = anon
>>>> /pre-auth/authentication/data/** = anon
>>>> /pre-auth/authentication/design-resources/** = anon
>>>> /pre-auth/authentication/fonts/** = anon
>>>> /pre-auth/authentication/img/** = anon
>>>> /pre-auth/authentication/js/** = anon
>>>> /pre-auth/authentication/php/** = anon
>>>> /pre-auth/authentication/sound/** = anon
>>>> /pre-auth/authentication/xml/** = anon
>>>> /** = authc
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context: http://shiro-user.582556.n2.na
>>>> bble.com/CryptoException-tp7581223.html
>>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>
>
Re: CryptoException
Posted by Brian Demers <br...@gmail.com>.
Glad to hear it!, and thanks for letting us know because this further
confirms we need a better error message.
On Thu, Aug 18, 2016 at 9:45 AM, Rob Young <bo...@gmail.com> wrote:
> Hi Brian, I just wanted to say thanks, I had been meaning to deal with
> this in my application, fixed because of your email here!
>
> On Wed, Aug 17, 2016 at 11:13 AM, Brian Demers <br...@gmail.com>
> wrote:
>
>> Do you see this during development? Or in production?
>>
>> Either way i'm guessing you have not set `securityManager.rememberMeManager.cipherKey`
>> property, for development this is fine, for a pro server, if not set, the
>> rememberme will change on restart.
>> http://shiro.apache.org/configuration.html#Configuration-ByteArrayValues
>>
>> We could probably improve the error message a bit, please open a bug for
>> this.
>>
>> On Tue, Aug 16, 2016 at 3:01 PM, jim.piersol@gmail.com <
>> jim.piersol@gmail.com> wrote:
>>
>>> Shiro 1.3.0
>>> Jetty9.3.10 or Tomcat7 & 8
>>> Servlet based webapp
>>> Using authc (Form based Auth)
>>>
>>> Occasionally on login I get a nasty stackTrace like the following. I
>>> need
>>> help figuring out why. I am not doing anything with Cryptology myself.
>>> This is down in the Shiro code. I am using the box stock
>>> FormAuthenticationFilter. This doesn't happen everytime, and doesn't
>>> appear
>>> to cause any known issues with my app, but the nasty log message is not
>>> good. Any suggestions?
>>>
>>> [qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
>>> Delegate RememberMeManager instance of type [org.apache
>>> .shiro.web.mgt.CookieRememberMeManager] threw an exception during
>>> getRememberedPrincipals().
>>> org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal'
>>> with
>>> cipher instance [javax.crypto.Cipher@32d3ab59].
>>> at
>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ
>>> ice.java:462)
>>> at
>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ
>>> ice.java:445)
>>> at
>>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe
>>> rvice.java:390)
>>> at
>>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe
>>> rvice.java:382)
>>> at
>>> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(Abstr
>>> actRememberMeManager.java:479)
>>> at
>>> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesT
>>> oPrincipals(AbstractRememberMeManager.java:419)
>>> at
>>> org.apache.shiro.mgt.AbstractRememberMeManager.getRemembered
>>> Principals(AbstractRememberMeManager.java:386)
>>> at
>>> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIde
>>> ntity(DefaultSecurityManager.java:604)
>>> at
>>> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipal
>>> s(DefaultSecurityManager.java:492)
>>> at
>>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(De
>>> faultSecurityManager.java:342)
>>> at
>>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
>>> at
>>> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubj
>>> ect(WebSubject.java:148)
>>> at
>>> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubje
>>> ct(AbstractShiroFilter.java:292)
>>> at
>>> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInt
>>> ernal(AbstractShiroFilter.java:359)
>>> at
>>> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(O
>>> ncePerRequestFilter.java:125)
>>> at
>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte
>>> r(ServletHandler.java:1668)
>>> at
>>> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log
>>> 4jServletFilter.java:71)
>>> at
>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte
>>> r(ServletHandler.java:1676)
>>> at
>>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHan
>>> dler.java:581)
>>> at
>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped
>>> Handler.java:143)
>>> at
>>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHa
>>> ndler.java:548)
>>> at
>>> org.eclipse.jetty.server.session.SessionHandler.doHandle(Ses
>>> sionHandler.java:226)
>>> at
>>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(Con
>>> textHandler.java:1180)
>>> at
>>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHand
>>> ler.java:511)
>>> at
>>> org.eclipse.jetty.server.session.SessionHandler.doScope(Sess
>>> ionHandler.java:185)
>>> at
>>> org.eclipse.jetty.server.handler.ContextHandler.doScope(Cont
>>> extHandler.java:1112)
>>> at
>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped
>>> Handler.java:141)
>>> at
>>> org.eclipse.jetty.server.handler.ContextHandlerCollection.ha
>>> ndle(ContextHandlerCollection.java:213)
>>> at
>>> org.eclipse.jetty.server.handler.HandlerCollection.handle(Ha
>>> ndlerCollection.java:119)
>>> at
>>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handl
>>> erWrapper.java:134)
>>> at org.eclipse.jetty.server.Server.handle(Server.java:524)
>>> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java
>>> :319)
>>> at
>>> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConne
>>> ction.java:253)
>>> at
>>> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeed
>>> ed(AbstractConnection.java:273)
>>> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java
>>> :95)
>>> at
>>> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChann
>>> elEndPoint.java:93)
>>> at
>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>>> .executeProduceConsume(ExecuteProduceConsume.java:303)
>>>
>>> at
>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>>> .produceConsume(ExecuteProduceConsume.java:148)
>>> at
>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>>> .run(ExecuteProduceConsume.java:136)
>>> at
>>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(Queued
>>> ThreadPool.java:671)
>>> at
>>> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedT
>>> hreadPool.java:589)
>>> at java.lang.Thread.run(Thread.java:745)
>>> Caused by: javax.crypto.BadPaddingException: Given final block not
>>> properly
>>> padded
>>> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:9
>>> 66)
>>> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:8
>>> 24)
>>> at
>>> com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
>>> at javax.crypto.Cipher.doFinal(Cipher.java:2165)
>>> at
>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ
>>> ice.java:459)
>>> ... 41 more
>>>
>>>
>>> Shiro.ini file contents:
>>>
>>> #
>>> ============================================================
>>> =================
>>> # Shiro INI configuration
>>> #
>>> #
>>> ============================================================
>>> =================
>>>
>>> #-----------
>>> # Main
>>> # ----------
>>> [main]
>>>
>>> authc.loginUrl = /pre-auth/authentication/login.html
>>> authc.successUrl = /index.html
>>> logout.redirectUrl = /pre-auth/authentication/login.html
>>>
>>> myRealm = com.test.auth.VnfMgrCustomRealm
>>>
>>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>>> securityManager.cacheManager = $cacheManager
>>>
>>> securityManager.realms = $myRealm
>>>
>>> sessionManager = org.apache.shiro.web.session.m
>>> gt.DefaultWebSessionManager
>>>
>>> # Use the configured native session manager:
>>> securityManager.sessionManager = $sessionManager
>>>
>>> cookie = org.apache.shiro.web.servlet.SimpleCookie
>>> cookie.name = mgr.cookie
>>> cookie.path = /
>>> sessionManager.sessionIdCookie = $cookie
>>>
>>> #
>>> ------------------------------------------------------------
>>> -----------------
>>> # URLS - followed by Filter Chains.
>>> #
>>> ------------------------------------------------------------
>>> -----------------
>>> [urls]
>>> /v1/sbc/** = anon
>>> /v1/vnfs/** = anon
>>> /logout = logout
>>> /pre-auth/authentication/img/favicon/favicon.ico = anon
>>> /pre-auth/authentication/ajax/** = anon
>>> /pre-auth/authentication/css/** = anon
>>> /pre-auth/authentication/data/** = anon
>>> /pre-auth/authentication/design-resources/** = anon
>>> /pre-auth/authentication/fonts/** = anon
>>> /pre-auth/authentication/img/** = anon
>>> /pre-auth/authentication/js/** = anon
>>> /pre-auth/authentication/php/** = anon
>>> /pre-auth/authentication/sound/** = anon
>>> /pre-auth/authentication/xml/** = anon
>>> /** = authc
>>>
>>>
>>>
>>>
>>> --
>>> View this message in context: http://shiro-user.582556.n2.na
>>> bble.com/CryptoException-tp7581223.html
>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>
>>
>>
>
Re: CryptoException
Posted by Rob Young <bo...@gmail.com>.
Hi Brian, I just wanted to say thanks, I had been meaning to deal with this
in my application, fixed because of your email here!
On Wed, Aug 17, 2016 at 11:13 AM, Brian Demers <br...@gmail.com>
wrote:
> Do you see this during development? Or in production?
>
> Either way i'm guessing you have not set `securityManager.rememberMeManager.cipherKey`
> property, for development this is fine, for a pro server, if not set, the
> rememberme will change on restart.
> http://shiro.apache.org/configuration.html#Configuration-ByteArrayValues
>
> We could probably improve the error message a bit, please open a bug for
> this.
>
> On Tue, Aug 16, 2016 at 3:01 PM, jim.piersol@gmail.com <
> jim.piersol@gmail.com> wrote:
>
>> Shiro 1.3.0
>> Jetty9.3.10 or Tomcat7 & 8
>> Servlet based webapp
>> Using authc (Form based Auth)
>>
>> Occasionally on login I get a nasty stackTrace like the following. I need
>> help figuring out why. I am not doing anything with Cryptology myself.
>> This is down in the Shiro code. I am using the box stock
>> FormAuthenticationFilter. This doesn't happen everytime, and doesn't
>> appear
>> to cause any known issues with my app, but the nasty log message is not
>> good. Any suggestions?
>>
>> [qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
>> Delegate RememberMeManager instance of type [org.apache
>> .shiro.web.mgt.CookieRememberMeManager] threw an exception during
>> getRememberedPrincipals().
>> org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with
>> cipher instance [javax.crypto.Cipher@32d3ab59].
>> at
>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
>> at
>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
>> at
>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe
>> rvice.java:390)
>> at
>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe
>> rvice.java:382)
>> at
>> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(Abstr
>> actRememberMeManager.java:479)
>> at
>> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesT
>> oPrincipals(AbstractRememberMeManager.java:419)
>> at
>> org.apache.shiro.mgt.AbstractRememberMeManager.getRemembered
>> Principals(AbstractRememberMeManager.java:386)
>> at
>> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIde
>> ntity(DefaultSecurityManager.java:604)
>> at
>> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipal
>> s(DefaultSecurityManager.java:492)
>> at
>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(De
>> faultSecurityManager.java:342)
>> at
>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
>> at
>> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubj
>> ect(WebSubject.java:148)
>> at
>> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubje
>> ct(AbstractShiroFilter.java:292)
>> at
>> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInt
>> ernal(AbstractShiroFilter.java:359)
>> at
>> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(O
>> ncePerRequestFilter.java:125)
>> at
>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte
>> r(ServletHandler.java:1668)
>> at
>> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log
>> 4jServletFilter.java:71)
>> at
>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte
>> r(ServletHandler.java:1676)
>> at
>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHan
>> dler.java:581)
>> at
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped
>> Handler.java:143)
>> at
>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHa
>> ndler.java:548)
>> at
>> org.eclipse.jetty.server.session.SessionHandler.doHandle(
>> SessionHandler.java:226)
>> at
>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(
>> ContextHandler.java:1180)
>> at
>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
>> at
>> org.eclipse.jetty.server.session.SessionHandler.doScope(
>> SessionHandler.java:185)
>> at
>> org.eclipse.jetty.server.handler.ContextHandler.doScope(
>> ContextHandler.java:1112)
>> at
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped
>> Handler.java:141)
>> at
>> org.eclipse.jetty.server.handler.ContextHandlerCollection.ha
>> ndle(ContextHandlerCollection.java:213)
>> at
>> org.eclipse.jetty.server.handler.HandlerCollection.handle(
>> HandlerCollection.java:119)
>> at
>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handl
>> erWrapper.java:134)
>> at org.eclipse.jetty.server.Server.handle(Server.java:524)
>> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.
>> java:319)
>> at
>> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConne
>> ction.java:253)
>> at
>> org.eclipse.jetty.io.AbstractConnection$ReadCallback.
>> succeeded(AbstractConnection.java:273)
>> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.
>> java:95)
>> at
>> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChann
>> elEndPoint.java:93)
>> at
>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>> .executeProduceConsume(ExecuteProduceConsume.java:303)
>>
>> at
>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>> .produceConsume(ExecuteProduceConsume.java:148)
>> at
>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume
>> .run(ExecuteProduceConsume.java:136)
>> at
>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(Queued
>> ThreadPool.java:671)
>> at
>> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedT
>> hreadPool.java:589)
>> at java.lang.Thread.run(Thread.java:745)
>> Caused by: javax.crypto.BadPaddingException: Given final block not
>> properly
>> padded
>> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:
>> 966)
>> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:
>> 824)
>> at
>> com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
>> at javax.crypto.Cipher.doFinal(Cipher.java:2165)
>> at
>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
>> ... 41 more
>>
>>
>> Shiro.ini file contents:
>>
>> #
>> ============================================================
>> =================
>> # Shiro INI configuration
>> #
>> #
>> ============================================================
>> =================
>>
>> #-----------
>> # Main
>> # ----------
>> [main]
>>
>> authc.loginUrl = /pre-auth/authentication/login.html
>> authc.successUrl = /index.html
>> logout.redirectUrl = /pre-auth/authentication/login.html
>>
>> myRealm = com.test.auth.VnfMgrCustomRealm
>>
>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>> securityManager.cacheManager = $cacheManager
>>
>> securityManager.realms = $myRealm
>>
>> sessionManager = org.apache.shiro.web.session.m
>> gt.DefaultWebSessionManager
>>
>> # Use the configured native session manager:
>> securityManager.sessionManager = $sessionManager
>>
>> cookie = org.apache.shiro.web.servlet.SimpleCookie
>> cookie.name = mgr.cookie
>> cookie.path = /
>> sessionManager.sessionIdCookie = $cookie
>>
>> #
>> ------------------------------------------------------------
>> -----------------
>> # URLS - followed by Filter Chains.
>> #
>> ------------------------------------------------------------
>> -----------------
>> [urls]
>> /v1/sbc/** = anon
>> /v1/vnfs/** = anon
>> /logout = logout
>> /pre-auth/authentication/img/favicon/favicon.ico = anon
>> /pre-auth/authentication/ajax/** = anon
>> /pre-auth/authentication/css/** = anon
>> /pre-auth/authentication/data/** = anon
>> /pre-auth/authentication/design-resources/** = anon
>> /pre-auth/authentication/fonts/** = anon
>> /pre-auth/authentication/img/** = anon
>> /pre-auth/authentication/js/** = anon
>> /pre-auth/authentication/php/** = anon
>> /pre-auth/authentication/sound/** = anon
>> /pre-auth/authentication/xml/** = anon
>> /** = authc
>>
>>
>>
>>
>> --
>> View this message in context: http://shiro-user.582556.n2.na
>> bble.com/CryptoException-tp7581223.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
Re: CryptoException
Posted by Brian Demers <br...@gmail.com>.
Do you see this during development? Or in production?
Either way i'm guessing you have not set
`securityManager.rememberMeManager.cipherKey` property, for development
this is fine, for a pro server, if not set, the rememberme will change on
restart.
http://shiro.apache.org/configuration.html#Configuration-ByteArrayValues
We could probably improve the error message a bit, please open a bug for
this.
On Tue, Aug 16, 2016 at 3:01 PM, jim.piersol@gmail.com <
jim.piersol@gmail.com> wrote:
> Shiro 1.3.0
> Jetty9.3.10 or Tomcat7 & 8
> Servlet based webapp
> Using authc (Form based Auth)
>
> Occasionally on login I get a nasty stackTrace like the following. I need
> help figuring out why. I am not doing anything with Cryptology myself.
> This is down in the Shiro code. I am using the box stock
> FormAuthenticationFilter. This doesn't happen everytime, and doesn't
> appear
> to cause any known issues with my app, but the nasty log message is not
> good. Any suggestions?
>
> [qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
> Delegate RememberMeManager instance of type [org.apache
> .shiro.web.mgt.CookieRememberMeManager] threw an exception during
> getRememberedPrincipals().
> org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with
> cipher instance [javax.crypto.Cipher@32d3ab59].
> at
> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
> at
> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
> at
> org.apache.shiro.crypto.JcaCipherService.decrypt(
> JcaCipherService.java:390)
> at
> org.apache.shiro.crypto.JcaCipherService.decrypt(
> JcaCipherService.java:382)
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(
> AbstractRememberMeManager.java:479)
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(
> AbstractRememberMeManager.java:419)
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(
> AbstractRememberMeManager.java:386)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(
> DefaultSecurityManager.java:604)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(
> DefaultSecurityManager.java:492)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(
> DefaultSecurityManager.java:342)
> at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> at
> org.apache.shiro.web.subject.WebSubject$Builder.
> buildWebSubject(WebSubject.java:148)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(
> AbstractShiroFilter.java:292)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(
> AbstractShiroFilter.java:359)
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(
> OncePerRequestFilter.java:125)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.
> doFilter(ServletHandler.java:1668)
> at
> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(
> Log4jServletFilter.java:71)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.
> doFilter(ServletHandler.java:1676)
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(
> ScopedHandler.java:143)
> at
> org.eclipse.jetty.security.SecurityHandler.handle(
> SecurityHandler.java:548)
> at
> org.eclipse.jetty.server.session.SessionHandler.
> doHandle(SessionHandler.java:226)
> at
> org.eclipse.jetty.server.handler.ContextHandler.
> doHandle(ContextHandler.java:1180)
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
> at
> org.eclipse.jetty.server.session.SessionHandler.
> doScope(SessionHandler.java:185)
> at
> org.eclipse.jetty.server.handler.ContextHandler.
> doScope(ContextHandler.java:1112)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(
> ScopedHandler.java:141)
> at
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(
> ContextHandlerCollection.java:213)
> at
> org.eclipse.jetty.server.handler.HandlerCollection.
> handle(HandlerCollection.java:119)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(
> HandlerWrapper.java:134)
> at org.eclipse.jetty.server.Server.handle(Server.java:524)
> at org.eclipse.jetty.server.HttpChannel.handle(
> HttpChannel.java:319)
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(
> HttpConnection.java:253)
> at
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(
> AbstractConnection.java:273)
> at org.eclipse.jetty.io.FillInterest.fillable(
> FillInterest.java:95)
> at
> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(
> SelectChannelEndPoint.java:93)
> at
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.
> executeProduceConsume(ExecuteProduceConsume.java:303)
>
> at
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.
> produceConsume(ExecuteProduceConsume.java:148)
> at
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(
> ExecuteProduceConsume.java:136)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(
> QueuedThreadPool.java:671)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(
> QueuedThreadPool.java:589)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.crypto.BadPaddingException: Given final block not
> properly
> padded
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
> at
> com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
> at javax.crypto.Cipher.doFinal(Cipher.java:2165)
> at
> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
> ... 41 more
>
>
> Shiro.ini file contents:
>
> #
> ============================================================
> =================
> # Shiro INI configuration
> #
> #
> ============================================================
> =================
>
> #-----------
> # Main
> # ----------
> [main]
>
> authc.loginUrl = /pre-auth/authentication/login.html
> authc.successUrl = /index.html
> logout.redirectUrl = /pre-auth/authentication/login.html
>
> myRealm = com.test.auth.VnfMgrCustomRealm
>
> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> securityManager.cacheManager = $cacheManager
>
> securityManager.realms = $myRealm
>
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
>
> # Use the configured native session manager:
> securityManager.sessionManager = $sessionManager
>
> cookie = org.apache.shiro.web.servlet.SimpleCookie
> cookie.name = mgr.cookie
> cookie.path = /
> sessionManager.sessionIdCookie = $cookie
>
> #
> ------------------------------------------------------------
> -----------------
> # URLS - followed by Filter Chains.
> #
> ------------------------------------------------------------
> -----------------
> [urls]
> /v1/sbc/** = anon
> /v1/vnfs/** = anon
> /logout = logout
> /pre-auth/authentication/img/favicon/favicon.ico = anon
> /pre-auth/authentication/ajax/** = anon
> /pre-auth/authentication/css/** = anon
> /pre-auth/authentication/data/** = anon
> /pre-auth/authentication/design-resources/** = anon
> /pre-auth/authentication/fonts/** = anon
> /pre-auth/authentication/img/** = anon
> /pre-auth/authentication/js/** = anon
> /pre-auth/authentication/php/** = anon
> /pre-auth/authentication/sound/** = anon
> /pre-auth/authentication/xml/** = anon
> /** = authc
>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.
> nabble.com/CryptoException-tp7581223.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>