You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2010/02/18 19:08:27 UTC

[jira] Resolved: (SHIRO-138) AbstractRememberMeManager attempts to process null/empty byte array

     [ https://issues.apache.org/jira/browse/SHIRO-138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood resolved SHIRO-138.
---------------------------------

    Resolution: Fixed

Resolved w/ accompanied test case

> AbstractRememberMeManager attempts to process null/empty byte array
> -------------------------------------------------------------------
>
>                 Key: SHIRO-138
>                 URL: https://issues.apache.org/jira/browse/SHIRO-138
>             Project: Shiro
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 1.0.0
>            Reporter: Les Hazlewood
>            Assignee: Les Hazlewood
>             Fix For: 1.0.0
>
>   Original Estimate: 0.08h
>  Remaining Estimate: 0.08h
>
> AbstractRememberMeManager#getRememberedPrincipals will call the 'convertBytesToPrincipals' method even if the 'getRememberedSerializedIdentity' method call returns a null/empty byte array, resulting in the following stack trace.  The 'convertBytesToPrincipals' method should only be called with a non null/empty byte array.
> 21419 [btpool0-1] WARN org.apache.shiro.mgt.DefaultSecurityManager -
> Delegate RememberMeManager instance of type
> [org.apache.shiro.web.WebRememberMeManager] threw an exception during
> getRememberedPrincipals().
> java.lang.IllegalStateException: Unable to crypt bytes with cipher
> [javax.crypto.Cipher@1b951f2].
>        at
> org.apache.shiro.crypto.BlowfishCipher.crypt(BlowfishCipher.java:196)
>        at
> org.apache.shiro.crypto.BlowfishCipher.crypt(BlowfishCipher.java:221)
>        at
> org.apache.shiro.crypto.BlowfishCipher.decrypt(BlowfishCipher.java:143)
>        at
> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:571)
>        at
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:512)
>        at
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:482)
>        at
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:586)
>        at
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:475)
>        at
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:352)
>        at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:751)
>        at
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:95)
>        at
> org.apache.shiro.web.servlet.AbstractShiroFilter.bind(AbstractShiroFilter.java:215)
>        at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:302)
>        at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
>        at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>        at
> com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:51)
>        at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>        at
> com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
>        at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>        at
> com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:121)
>        at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>        at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
>        at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
>        at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
>        at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
>        at
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
>        at
> com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
>        at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
>        at
> com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:352)
>        at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
>        at org.mortbay.jetty.Server.handle(Server.java:313)
>        at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
>        at
> org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:830)
>        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
>        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
>        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
>        at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
>        at
> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
> Caused by: java.lang.IllegalArgumentException: Null input buffer
>        at javax.crypto.Cipher.doFinal(DashoA13*..)
>        at
> org.apache.shiro.crypto.BlowfishCipher.crypt(BlowfishCipher.java:193)
>        ... 37 more

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.