[jira] Commented: (MYFACES-1838) javax.crypto.BadPaddingException: Given final block not properly padded

[Mike Kienenberger (JIRA)]

    [ 
https://issues.apache.org/jira/browse/MYFACES-1838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756573#action_12756573
 ] 

Mike Kienenberger commented on MYFACES-1838:
--------------------------------------------

I suspect this bug can be caused by corrupted or truncated form submissions.

Here's some related situations I've seen in the past:

1) An apache proxy server that truncates form submissions at 4K, resulting in a 
truncated view state value sent back to the server.

2) An Oracle application server that inexplicably sends a truncated page back 
to the client, resulting in a corrupted encrypted view state value on the 
client's web page, which eventually gets sent back to the server.


For 2)  You can examine the page submitting the failed request and determine if 
the page is corrupted.

For 1)  You'll have to do some testing to see if there's an artificial limit on 
form submissions being enforced on your submitted form data.  I wrote a simple 
servlet to check what was received after submission.  I suppose a servlet 
filter could do the same thing.

Note than none of these issues are specific to JSF.


> javax.crypto.BadPaddingException: Given final block not properly padded
> -----------------------------------------------------------------------
>
>                 Key: MYFACES-1838
>                 URL: https://issues.apache.org/jira/browse/MYFACES-1838
>             Project: MyFaces Core
>          Issue Type: Bug
>    Affects Versions: 1.2.2
>            Reporter: Guy Bashan
>         Attachments: MYFACES-1838.patch
>
>
> I keep getting this exception from time to time when moving between pages:
> javax.faces.FacesException: javax.crypto.BadPaddingException: Given final 
> block not properly padded
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.symmetric(StateUtils.java:373)
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.symmetric(StateUtils.java:411)
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.decrypt(StateUtils.java:291)
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.reconstruct(StateUtils.java:240)
>       at 
> org.apache.myfaces.renderkit.html.HtmlResponseStateManager.getSavedState(HtmlResponseStateManager.java:184)
>       at 
> org.apache.myfaces.renderkit.html.HtmlResponseStateManager.getState(HtmlResponseStateManager.java:136)
>       at 
> org.apache.myfaces.application.jsp.JspStateManagerImpl.restoreView(JspStateManagerImpl.java:289)
>       at 
> org.apache.myfaces.application.jsp.JspViewHandlerImpl.restoreView(JspViewHandlerImpl.java:505)
>       at 
> org.apache.myfaces.lifecycle.RestoreViewExecutor.execute(RestoreViewExecutor.java:85)
>       at 
> org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:103)
>       at 
> org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:76)
>       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:148)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> com.vdo.admin.model.persistence.OpenSessionInViewFilterIC.doFilterInternal(OpenSessionInViewFilterIC.java:155)
>       at 
> com.vdo.admin.model.persistence.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:61)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>       at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>       at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>       at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>       at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>       at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
>       at 
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>       at 
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
>       at 
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>       at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.crypto.BadPaddingException: Given final block not properly 
> padded
>       at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>       at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>       at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13*..)
>       at javax.crypto.Cipher.doFinal(DashoA13*..)
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.symmetric(StateUtils.java:369)
>       ... 30 more

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.