You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "RynekMedyczny.pl (JIRA)" <ji...@apache.org> on 2010/07/15 11:19:53 UTC
[jira] Created: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Unable to correctly extract the Initialization Vector or ciphertext
-------------------------------------------------------------------
Key: SHIRO-183
URL: https://issues.apache.org/jira/browse/SHIRO-183
Project: Shiro
Issue Type: Bug
Components: Subject
Affects Versions: 1.0.0
Environment: GNU/Linux Debian Lenny, Java 1.6
Reporter: RynekMedyczny.pl
I obtain following exception while entering the secure page:
[java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
[java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
[java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
[java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
[java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
[java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
[java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
[java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
[java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
[java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
[java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
[java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
[java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
[java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
[java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
[java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
[java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
[java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
[java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
[java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
[java] at java.lang.Thread.run(Thread.java:619)
[java] Caused by: java.lang.ArrayIndexOutOfBoundsException
[java] at java.lang.System.arraycopy(Native Method)
[java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
[java] ... 23 more
Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12889226#action_12889226 ]
Les Hazlewood commented on SHIRO-183:
-------------------------------------
That shouldn't be happening if you clear out the cookies at least once, like you already have.
Can you please attach a version of shiro.ini that replicates this issue? We really should have a test case for what you're experiencing - beyond just changing an exception message and removing the cookie.
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood updated SHIRO-183:
--------------------------------
Fix Version/s: 1.0.1
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Fix For: 1.0.1
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12888898#action_12888898 ]
Les Hazlewood commented on SHIRO-183:
-------------------------------------
Ok, good - this should be easy to reproduce.
Could you please use one of Shiro's sample web applications and change the shiro.ini configuration to replicate your issue? If you can do that, I can use that shiro.ini to create a test case.
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12888871#action_12888871 ]
Les Hazlewood commented on SHIRO-183:
-------------------------------------
Hi there,
It is quite possible this is not be a bug - this can happen if a remember me cookie was created before upgrading to Shiro 1.0.0 and then the same cookie was read during a request after the upgrade. Or it can happen if a remember me cookie was created when securityManager.rememberMeManager.cipherService.generateInitializationVectors = false and then it was set to true at a later time, the read cookie would fail to be decrypted.
Odds are very high the first scenario occurred and caused you to see these warning messages. If so, you can completely ignore these warnings - the next time a user logs in, the faulty cookie will be deleted and reset with a new (correct) one.
Setting a cipherKey is recommended to ensure that no-one else can decrypt your data (instead of using the default cipherKey which can known since Shiro's source code is readily available). The cipherKey itself has nothing to do with how the initialization vector is generated or read, so setting the key, while still a good thing to do, won't make this warning go away.
If you still think this is a bug, do you have a test case to verify the issue? It is impossible for us to track down the issue unless we can re-create it.
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "RynekMedyczny.pl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
RynekMedyczny.pl updated SHIRO-183:
-----------------------------------
Attachment: shiro.ini
Here you are :)
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen updated SHIRO-183:
---------------------------------
Fix Version/s: (was: 1.0.1)
1.1.0
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Assignee: Kalle Korhonen
> Fix For: 1.1.0
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918394#action_12918394 ]
Kalle Korhonen commented on SHIRO-183:
--------------------------------------
Assigned to myself. We know it occurs so the immediate priority is to resolve that. I may clean up the code as I go or leave it for another issue.
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Assignee: Kalle Korhonen
> Fix For: 1.1.0
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "RynekMedyczny.pl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918440#action_12918440 ]
RynekMedyczny.pl commented on SHIRO-183:
----------------------------------------
This exception seriously disturbs our development work!
It occurs several times per page view (our logs are full of it) and causes that recognising real exceptions is realy hard!
I think that this is a major flaw...
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Assignee: Kalle Korhonen
> Fix For: 1.1.0
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12889062#action_12889062 ]
Les Hazlewood commented on SHIRO-183:
-------------------------------------
Those are two good questions, and ones that we could address in the form of adding them as new features to the codebase :)
Thanks so much for verifying that the cleared cookies solved this problem - that confirms my assumptions in my first comment above. We can now use this information as the basis for implementing the two changes you recommended.
We'll use this issue to implement those two changes.
Thanks,
Les
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918735#action_12918735 ]
Kalle Korhonen commented on SHIRO-183:
--------------------------------------
I can easily reproduce the issue with a unit test (you'll get the same stack trace whenever the ciphertext is shorter than the initialization vector size). However, it's just a warning and the code is doing it right in my opinion. Rynek, if you just want to get rid of the log message, you can *easily* configure your logging system to squelch just that warning. However, if you want to help, can you answer the following questions:
- Have you tried with 1.1.0-SNAPSHOT and if so, do you get the same warning? (I'm not able to reproduce this myself in a web app)
- Are you simultaneously developing some other web applications and/or using cookie named rememberMe?(you'd easily run into the same exception in that case)
- Have you tried different browsers (there's the remote chance that a particular browser is truncating the cookie value)
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Assignee: Kalle Korhonen
> Fix For: 1.1.0
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "RynekMedyczny.pl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12889029#action_12889029 ]
RynekMedyczny.pl commented on SHIRO-183:
----------------------------------------
I have cleared all cookies and the warning stopped occurring.
The question is - why the cookie was not replaced if it was invalid?
And another one - why don't you provide clear message about the cause of the problem instead of that ugly exception?
Kind regards
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918391#action_12918391 ]
Les Hazlewood commented on SHIRO-183:
-------------------------------------
Nope, I'm not working on this at the moment. I still don't know exactly what the problem is - this *should* only happen when changing the cipher key or if the data serialized is an older serialization format than what the runtime environment reflects. Are you trying to solve why this occurs? Or clean up the code so that the cookie is removed upon seeing a failure? Or both? ;)
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Fix For: 1.0.1
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen reassigned SHIRO-183:
------------------------------------
Assignee: Kalle Korhonen
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Assignee: Kalle Korhonen
> Fix For: 1.1.0
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "RynekMedyczny.pl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12889213#action_12889213 ]
RynekMedyczny.pl commented on SHIRO-183:
----------------------------------------
Thank you so much.
One more thing - these exceptions keep occurring after each redeploy of my application.
Kind regards.
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918385#action_12918385 ]
Kalle Korhonen commented on SHIRO-183:
--------------------------------------
Les - are you working on this? This just popped up in one of the Tapestry-based apps I'm involved with. I could take this if you are not claiming first dibs.
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Fix For: 1.0.1
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "RynekMedyczny.pl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12888892#action_12888892 ]
RynekMedyczny.pl commented on SHIRO-183:
----------------------------------------
1) Negative - It is my first time when I use Shiro
2) Negative - I have not changed any of the properties connected with "securityManager.rememberMeManager.cipherService.generateInitializationVectors"
3) It happens all the time when I try to log in.
Kind regards
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen updated SHIRO-183:
---------------------------------
Priority: Trivial (was: Major)
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Assignee: Kalle Korhonen
> Priority: Trivial
> Fix For: 1.1.0
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918395#action_12918395 ]
Les Hazlewood commented on SHIRO-183:
-------------------------------------
Sounds good to me!
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Assignee: Kalle Korhonen
> Fix For: 1.1.0
>
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-183) Unable to correctly extract the
Initialization Vector or ciphertext
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12889257#action_12889257 ]
Les Hazlewood commented on SHIRO-183:
-------------------------------------
Thanks!
> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
> Key: SHIRO-183
> URL: https://issues.apache.org/jira/browse/SHIRO-183
> Project: Shiro
> Issue Type: Bug
> Components: Subject
> Affects Versions: 1.0.0
> Environment: GNU/Linux Debian Lenny, Java 1.6
> Reporter: RynekMedyczny.pl
> Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
> [java] 101637 [http-8080-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
> [java] org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> [java] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
> [java] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
> [java] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
> [java] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
> [java] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
> [java] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
> [java] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [java] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [java] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [java] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
> [java] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [java] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [java] at java.lang.Thread.run(Thread.java:619)
> [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
> [java] at java.lang.System.arraycopy(Native Method)
> [java] at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
> [java] ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in shiro.ini but it did not help.
> kind regards.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.