:) To be honest, it would have probably not been too hard to sort out... I just have a huge task list so I had been putting it off. This really got to the heart of the matter and sorted me out!
OH, if you specify a cipher key of an incorrect length, you will get a big stack trace when shiro tries to create a remember me key. Buried within the stack is a message saying it. At first I had no idea why it failed, but the details are all there in the stack trace. I ran into this, the test hex key in the shiro docs is of the incorrect length, I had created a new key of a correct length. On Thu, Aug 18, 2016 at 10:38 AM, Brian Demers <[email protected]> wrote: > Glad to hear it!, and thanks for letting us know because this further > confirms we need a better error message. > > > On Thu, Aug 18, 2016 at 9:45 AM, Rob Young <[email protected]> wrote: > >> Hi Brian, I just wanted to say thanks, I had been meaning to deal with >> this in my application, fixed because of your email here! >> >> On Wed, Aug 17, 2016 at 11:13 AM, Brian Demers <[email protected]> >> wrote: >> >>> Do you see this during development? Or in production? >>> >>> Either way i'm guessing you have not set >>> `securityManager.rememberMeManager.cipherKey` >>> property, for development this is fine, for a pro server, if not set, the >>> rememberme will change on restart. >>> http://shiro.apache.org/configuration.html#Configuration-ByteArrayValues >>> >>> We could probably improve the error message a bit, please open a bug for >>> this. >>> >>> On Tue, Aug 16, 2016 at 3:01 PM, [email protected] < >>> [email protected]> wrote: >>> >>>> Shiro 1.3.0 >>>> Jetty9.3.10 or Tomcat7 & 8 >>>> Servlet based webapp >>>> Using authc (Form based Auth) >>>> >>>> Occasionally on login I get a nasty stackTrace like the following. I >>>> need >>>> help figuring out why. I am not doing anything with Cryptology myself. >>>> This is down in the Shiro code. I am using the box stock >>>> FormAuthenticationFilter. This doesn't happen everytime, and doesn't >>>> appear >>>> to cause any known issues with my app, but the nasty log message is not >>>> good. Any suggestions? >>>> >>>> [qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager - >>>> Delegate RememberMeManager instance of type [org.apache >>>> .shiro.web.mgt.CookieRememberMeManager] threw an exception during >>>> getRememberedPrincipals(). >>>> org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' >>>> with >>>> cipher instance [javax.crypto.Cipher@32d3ab59]. >>>> at >>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ >>>> ice.java:462) >>>> at >>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ >>>> ice.java:445) >>>> at >>>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe >>>> rvice.java:390) >>>> at >>>> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherSe >>>> rvice.java:382) >>>> at >>>> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(Abstr >>>> actRememberMeManager.java:479) >>>> at >>>> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesT >>>> oPrincipals(AbstractRememberMeManager.java:419) >>>> at >>>> org.apache.shiro.mgt.AbstractRememberMeManager.getRemembered >>>> Principals(AbstractRememberMeManager.java:386) >>>> at >>>> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIde >>>> ntity(DefaultSecurityManager.java:604) >>>> at >>>> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipal >>>> s(DefaultSecurityManager.java:492) >>>> at >>>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(De >>>> faultSecurityManager.java:342) >>>> at >>>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) >>>> at >>>> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubj >>>> ect(WebSubject.java:148) >>>> at >>>> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubje >>>> ct(AbstractShiroFilter.java:292) >>>> at >>>> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInt >>>> ernal(AbstractShiroFilter.java:359) >>>> at >>>> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(O >>>> ncePerRequestFilter.java:125) >>>> at >>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte >>>> r(ServletHandler.java:1668) >>>> at >>>> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log >>>> 4jServletFilter.java:71) >>>> at >>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte >>>> r(ServletHandler.java:1676) >>>> at >>>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHan >>>> dler.java:581) >>>> at >>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped >>>> Handler.java:143) >>>> at >>>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHa >>>> ndler.java:548) >>>> at >>>> org.eclipse.jetty.server.session.SessionHandler.doHandle(Ses >>>> sionHandler.java:226) >>>> at >>>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(Con >>>> textHandler.java:1180) >>>> at >>>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHand >>>> ler.java:511) >>>> at >>>> org.eclipse.jetty.server.session.SessionHandler.doScope(Sess >>>> ionHandler.java:185) >>>> at >>>> org.eclipse.jetty.server.handler.ContextHandler.doScope(Cont >>>> extHandler.java:1112) >>>> at >>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped >>>> Handler.java:141) >>>> at >>>> org.eclipse.jetty.server.handler.ContextHandlerCollection.ha >>>> ndle(ContextHandlerCollection.java:213) >>>> at >>>> org.eclipse.jetty.server.handler.HandlerCollection.handle(Ha >>>> ndlerCollection.java:119) >>>> at >>>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handl >>>> erWrapper.java:134) >>>> at org.eclipse.jetty.server.Server.handle(Server.java:524) >>>> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java >>>> :319) >>>> at >>>> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConne >>>> ction.java:253) >>>> at >>>> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeed >>>> ed(AbstractConnection.java:273) >>>> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java >>>> :95) >>>> at >>>> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChann >>>> elEndPoint.java:93) >>>> at >>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume >>>> .executeProduceConsume(ExecuteProduceConsume.java:303) >>>> >>>> at >>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume >>>> .produceConsume(ExecuteProduceConsume.java:148) >>>> at >>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume >>>> .run(ExecuteProduceConsume.java:136) >>>> at >>>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(Queued >>>> ThreadPool.java:671) >>>> at >>>> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedT >>>> hreadPool.java:589) >>>> at java.lang.Thread.run(Thread.java:745) >>>> Caused by: javax.crypto.BadPaddingException: Given final block not >>>> properly >>>> padded >>>> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:9 >>>> 66) >>>> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:8 >>>> 24) >>>> at >>>> com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436) >>>> at javax.crypto.Cipher.doFinal(Cipher.java:2165) >>>> at >>>> org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherServ >>>> ice.java:459) >>>> ... 41 more >>>> >>>> >>>> Shiro.ini file contents: >>>> >>>> # >>>> ============================================================ >>>> ================= >>>> # Shiro INI configuration >>>> # >>>> # >>>> ============================================================ >>>> ================= >>>> >>>> #----------- >>>> # Main >>>> # ---------- >>>> [main] >>>> >>>> authc.loginUrl = /pre-auth/authentication/login.html >>>> authc.successUrl = /index.html >>>> logout.redirectUrl = /pre-auth/authentication/login.html >>>> >>>> myRealm = com.test.auth.VnfMgrCustomRealm >>>> >>>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager >>>> securityManager.cacheManager = $cacheManager >>>> >>>> securityManager.realms = $myRealm >>>> >>>> sessionManager = org.apache.shiro.web.session.m >>>> gt.DefaultWebSessionManager >>>> >>>> # Use the configured native session manager: >>>> securityManager.sessionManager = $sessionManager >>>> >>>> cookie = org.apache.shiro.web.servlet.SimpleCookie >>>> cookie.name = mgr.cookie >>>> cookie.path = / >>>> sessionManager.sessionIdCookie = $cookie >>>> >>>> # >>>> ------------------------------------------------------------ >>>> ----------------- >>>> # URLS - followed by Filter Chains. >>>> # >>>> ------------------------------------------------------------ >>>> ----------------- >>>> [urls] >>>> /v1/sbc/** = anon >>>> /v1/vnfs/** = anon >>>> /logout = logout >>>> /pre-auth/authentication/img/favicon/favicon.ico = anon >>>> /pre-auth/authentication/ajax/** = anon >>>> /pre-auth/authentication/css/** = anon >>>> /pre-auth/authentication/data/** = anon >>>> /pre-auth/authentication/design-resources/** = anon >>>> /pre-auth/authentication/fonts/** = anon >>>> /pre-auth/authentication/img/** = anon >>>> /pre-auth/authentication/js/** = anon >>>> /pre-auth/authentication/php/** = anon >>>> /pre-auth/authentication/sound/** = anon >>>> /pre-auth/authentication/xml/** = anon >>>> /** = authc >>>> >>>> >>>> >>>> >>>> -- >>>> View this message in context: http://shiro-user.582556.n2.na >>>> bble.com/CryptoException-tp7581223.html >>>> Sent from the Shiro User mailing list archive at Nabble.com. >>>> >>> >>> >> >
