You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2010/02/18 19:08:27 UTC
[jira] Resolved: (SHIRO-138) AbstractRememberMeManager attempts to
process null/empty byte array
[ https://issues.apache.org/jira/browse/SHIRO-138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved SHIRO-138.
---------------------------------
Resolution: Fixed
Resolved w/ accompanied test case
> AbstractRememberMeManager attempts to process null/empty byte array
> -------------------------------------------------------------------
>
> Key: SHIRO-138
> URL: https://issues.apache.org/jira/browse/SHIRO-138
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.0.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.0.0
>
> Original Estimate: 0.08h
> Remaining Estimate: 0.08h
>
> AbstractRememberMeManager#getRememberedPrincipals will call the 'convertBytesToPrincipals' method even if the 'getRememberedSerializedIdentity' method call returns a null/empty byte array, resulting in the following stack trace. The 'convertBytesToPrincipals' method should only be called with a non null/empty byte array.
> 21419 [btpool0-1] WARN org.apache.shiro.mgt.DefaultSecurityManager -
> Delegate RememberMeManager instance of type
> [org.apache.shiro.web.WebRememberMeManager] threw an exception during
> getRememberedPrincipals().
> java.lang.IllegalStateException: Unable to crypt bytes with cipher
> [javax.crypto.Cipher@1b951f2].
> at
> org.apache.shiro.crypto.BlowfishCipher.crypt(BlowfishCipher.java:196)
> at
> org.apache.shiro.crypto.BlowfishCipher.crypt(BlowfishCipher.java:221)
> at
> org.apache.shiro.crypto.BlowfishCipher.decrypt(BlowfishCipher.java:143)
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:571)
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:512)
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:482)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:586)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:475)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:352)
> at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:751)
> at
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:95)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.bind(AbstractShiroFilter.java:215)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:302)
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> at
> com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:51)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> at
> com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> at
> com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:121)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
> at
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
> at
> com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
> at
> com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:352)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
> at org.mortbay.jetty.Server.handle(Server.java:313)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:830)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
> at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
> at
> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
> Caused by: java.lang.IllegalArgumentException: Null input buffer
> at javax.crypto.Cipher.doFinal(DashoA13*..)
> at
> org.apache.shiro.crypto.BlowfishCipher.crypt(BlowfishCipher.java:193)
> ... 37 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.