Thanks, Les.
I've been trying to get this to work, but I run into a problem I do not
understand.
I created a simple class for generating the key, but I get an error when
using it like this:
The error is:
15:02:22.845 [1681861325@qtp-107480723-0] WARN
o.a.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance
of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an
exception
during onSuccessfulLogin. RememberMe services will not be performed for
account [patient1].
org.apache.shiro.crypto.CryptoException: Unable to init cipher instance.
at
org.apache.shiro.crypto.JcaCipherService.init(JcaCipherService.java:495)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.crypto.JcaCipherService.initNewCipher(JcaCipherService.java:598)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:444)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:324)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:313)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.mgt.AbstractRememberMeManager.encrypt(AbstractRememberMeManager.java:473)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.mgt.AbstractRememberMeManager.convertPrincipalsToBytes(AbstractRememberMeManager.java:362)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.mgt.AbstractRememberMeManager.rememberIdentity(AbstractRememberMeManager.java:346)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.mgt.AbstractRememberMeManager.rememberIdentity(AbstractRememberMeManager.java:321)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.mgt.AbstractRememberMeManager.onSuccessfulLogin(AbstractRememberMeManager.java:297)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.mgt.DefaultSecurityManager.rememberMeSuccessfulLogin(DefaultSecurityManager.java:206)
[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.mgt.DefaultSecurityManager.onSuccessfulLogin(DefaultSecurityManager.java:291)
[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:285)
[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.filter.authc.FormAuthenticationFilter.onAccessDenied(FormAuthenticationFilter.java:154)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
~[shiro-core-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
~[shiro-web-1.2.2.jar:1.2.2]
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
~[jetty-6.1.26.jar:6.1.26]
at org.mortbay.jetty.Server.handle(Server.java:326)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
~[jetty-6.1.26.jar:6.1.26]
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
~[jetty-6.1.26.jar:6.1.26]
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
~[jetty-6.1.26.jar:6.1.26]
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
~[jetty-6.1.26.jar:6.1.26]
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
~[jetty-util-6.1.26.jar:6.1.26]
*Caused by: java.security.InvalidKeyException: Invalid AES key length: 7
bytes*
at com.sun.crypto.provider.AESCrypt.init(AESCrypt.java:87)
~[sunjce_provider.jar:1.7.0_11]
at
com.sun.crypto.provider.CipherBlockChaining.init(CipherBlockChaining.java:91)
~[sunjce_provider.jar:1.7.0_11]
at com.sun.crypto.provider.CipherCore.init(CipherCore.java:469)
~[sunjce_provider.jar:1.7.0_11]
at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:217)
~[sunjce_provider.jar:1.7.0_11]
at javax.crypto.Cipher.implInit(Cipher.java:791) ~[na:1.7.0_10]
at javax.crypto.Cipher.chooseProvider(Cipher.java:849)
~[na:1.7.0_10]
at javax.crypto.Cipher.init(Cipher.java:1348) ~[na:1.7.0_10]
at javax.crypto.Cipher.init(Cipher.java:1282) ~[na:1.7.0_10]
at
org.apache.shiro.crypto.JcaCipherService.init(JcaCipherService.java:488)
~[shiro-core-1.2.2.jar:1.2.2]
... 46 common frames omitted
If I use the value of a generated key directly, there is no error:
The highlighted error suggested to me that the key is not actually getting
returned by the getInstance() method on the factory class. But I confirmed
that getInstance() does work by doing:
Here the Debugger class simply prints out the values of debug and debug2,
which show the properly formatted cipher keys, and also confirm they are
different each time the variable $cipherKey is used (as each getInstance()
call correctly generates a new key). I actually used the string printed by
the debugger when confirming that using the value
"0xb332723e93241ec74cf3c3ca31ca4006" directly works.
The "securityManager.rememberMeManager.cipherKey" line seems not to call
getInstance(), but treats the actual string "$cipherKey" itself as a byte[]
array. Although I am unsure why "Invalid AES key length: 7 bytes" is
reported when the string length appears to be a few characters longer than
that.
Is there a way to get around this? Or am I missing something?
Thanks.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Randomized-key-for-RememberMe-token-tp7579078p7579090.html
Sent from the Shiro User mailing list archive at Nabble.com.
