Hi Brad, I don't believe anyone has changed the Cipher implementation in a long time, so I'm not exactly sure how this happened. Are you using JSecurity's default Key? or did you specify your own?
Regards, Les On Mon, Jan 26, 2009 at 6:04 PM, Brad Whitaker <[email protected]> wrote: > I'm having a bit of trouble running Jsecurity (built with revision 736939). > I'm using the Grails plugin (updated in my local environment) and running > Tomcat 6. > > I'm having several issues that I can't completely describe at this point, > but I'm seeing the following output in my logs. Is this just a transient > issue, or is it problem with the Jsecurity code (or my environment)? > > Are there any 'upgrade' issues related to the rememberMe cookies? (I was > having trouble logging in until I deleted cookies in my browser.) > > Thanks, > > Brad > > > 01/26 16:52:04 INFO org.jsecurity.web.attr.CookieAttribute - Found string > value > [clJgEjFZVuRRN5lCpInkOsawSaKK4hLwegZK/QgR1Thk380v5wL9pA1NZo7QHr7erlnry1vt2AqIyM8Fj2HBCsl1lierxE9EJ1typI2GpgMeG+HmceNdrlN6KGh4AmjLG3zCUPo8E+QzGVs/EO3PIAGyYYtuYbW++oJDr5xfY9DwK4Omq5GijZSSmdpOHiYelPMa1XLwT0D/kNCUm6EVfG6TKwxViNtGdyzknY7abNU7ucw2UWfjFe24hH0SL0hZMXjPQYtMnPl5J5qfjU4EXX1a/Ijn0IKUEk5BmY+ipc6irMI/Rrmumr7XSSncSHq2cpyNbwJBykFX5s/ydB64hbMenS+LhbUvnQBNt8Xkjyc+IrzntDuVGH4IGfnRIAOwDkU6EZPQ4v36wbd8IB3kUFW1/1z6ZvS4jsIgMA3TS2xMjhGB8FWnIAFUoCkjdbD5IIrhYORnMFPMQ/6A+3yPnLCDQ3UIeZ5SB9Ol7a1oMIw] > from HttpServletRequest Cookie [rememberMe] > 01/26 16:52:04 WARN org.jsecurity.mgt.AbstractRememberMeManager - There > was a failure while trying to retrieve remembered principals. This could be > due to a configuration problem or corrupted principals. This could also be > due to a recently changed encryption key. The remembered identity will be > forgotten and not used for this request. > java.lang.IllegalStateException: Unable to crypt bytes with cipher > [javax.crypto.cip...@cb577]. > at org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:194) > at org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:219) > at > org.jsecurity.crypto.BlowfishCipher.decrypt(BlowfishCipher.java:141) > at > org.jsecurity.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:251) > at > org.jsecurity.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:198) > at > org.jsecurity.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:411) > at > org.jsecurity.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:212) > at > org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:426) > at > org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:433) > at > org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:369) > at > org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:183) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:65) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) > at java.lang.Thread.run(Thread.java:619) > Caused by: javax.crypto.IllegalBlockSizeException: Input length must be > multiple of 8 when decrypting with padded cipher > at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) > at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) > at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA13*..) > at javax.crypto.Cipher.doFinal(DashoA13*..) > at org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:191) > ... 35 more > > > > >
