AbstractRememberMeManager and javax.crypto.IllegalBlockSizeException (me too)

Mon, 15 Jun 2009 09:49:39 -0700 

There was an earlier thread with a similar issue I'm having (on Jan
26th, see http://markmail.org/message/hnbla673zygjgdcc). Trying to use
WebRememberMeManager fails with IllegalBlockSizeException in
AbstractRememberMeManager for me, the relevant stack trace lines are:

[WARN] subject.AbstractRememberMeManager There was a failure while
trying to retrieve remembered principals.  This could be due to a
configuration problem or corrupted principals.  This could also be due
to a recently changed encryption key.  The remembered identity will be
forgotten and not used for this request.
java.lang.IllegalStateException: Unable to crypt bytes with cipher
[javax.crypto.cip...@fee56].
        at org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:190)
        at org.jsecurity.crypto.BlowfishCipher.crypt(BlowfishCipher.java:214)
        at org.jsecurity.crypto.BlowfishCipher.decrypt(BlowfishCipher.java:139)
        at 
org.jsecurity.subject.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:246)
... and later...
Caused by: javax.crypto.IllegalBlockSizeException: Input length must
be multiple of 8 when decrypting with padded cipher

I'm using jsecurity 0.9 and programmatically initializing my managers
(initing rememberme simply with new WebRememberMeManager() and setting
it to my security manager). The suggested resolutions in the earlier
thread don't make sense to me. I couldn't find where the default
cipher key is in JSecurity and I also tried by setting a key manually
but it didn't work any better. To me, this sounds suspiciously like a
problem somewhere in the byte array to string conversion (similar to
what's described at
http://forums.sun.com/thread.jspa?threadID=5363535&tstart=0). I was
using a String principal then changed it to a byte array but got
unchanged results. I'm using Tomcat as the container.

It looks like it should be fairly easy to write a unit test to assert
the behavior to isolate the issue but before I proceed to do so, would
anybody have any good guesses of what might go wrong or know if
there's already a unit test for this? I didn't see any tests that
would already cover this fully (only one for partially testing the
cookie attribute).

Kalle

Reply via email to