[jira] Commented: (MYFACES-1838) javax.crypto.BadPaddingException: Given final block not properly padded

Wed, 14 Jan 2009 07:30:26 -0800 

    [ 
https://issues.apache.org/jira/browse/MYFACES-1838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12663780#action_12663780
 ] 

Simon Kitching commented on MYFACES-1838:
-----------------------------------------

I don't believe this is a bug at all. Unless I've misunderstood something, it's 
just missing configuration.

I think any of the following (in order of preference) should solve this:

(1) in web.xml, define init-parameter "org.apache.myfaces.SECRET" to be some 
reasonably long string. The server will then use the same encryption secret 
after restart (instead of generating a key itself), and so will be able to 
decrypt "old" sessions.

(2) in web.xml, define init-parameter "org.apache.myfaces.USE_ENCRYPTION"  to 
be "false", in order to disable client-side state encryption.  Of course this 
potentially opens a security hole in the app.

(3) use server-side state saving (only client-side state is encrypted)

> javax.crypto.BadPaddingException: Given final block not properly padded
> -----------------------------------------------------------------------
>
>                 Key: MYFACES-1838
>                 URL: https://issues.apache.org/jira/browse/MYFACES-1838
>             Project: MyFaces Core
>          Issue Type: Bug
>    Affects Versions: 1.2.2
>            Reporter: Guy Bashan
>         Attachments: MYFACES-1838.patch
>
>
> I keep getting this exception from time to time when moving between pages:
> javax.faces.FacesException: javax.crypto.BadPaddingException: Given final 
> block not properly padded
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.symmetric(StateUtils.java:373)
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.symmetric(StateUtils.java:411)
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.decrypt(StateUtils.java:291)
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.reconstruct(StateUtils.java:240)
>       at 
> org.apache.myfaces.renderkit.html.HtmlResponseStateManager.getSavedState(HtmlResponseStateManager.java:184)
>       at 
> org.apache.myfaces.renderkit.html.HtmlResponseStateManager.getState(HtmlResponseStateManager.java:136)
>       at 
> org.apache.myfaces.application.jsp.JspStateManagerImpl.restoreView(JspStateManagerImpl.java:289)
>       at 
> org.apache.myfaces.application.jsp.JspViewHandlerImpl.restoreView(JspViewHandlerImpl.java:505)
>       at 
> org.apache.myfaces.lifecycle.RestoreViewExecutor.execute(RestoreViewExecutor.java:85)
>       at 
> org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:103)
>       at 
> org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:76)
>       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:148)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> com.vdo.admin.model.persistence.OpenSessionInViewFilterIC.doFilterInternal(OpenSessionInViewFilterIC.java:155)
>       at 
> com.vdo.admin.model.persistence.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:61)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>       at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>       at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>       at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>       at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>       at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>       at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>       at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
>       at 
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>       at 
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
>       at 
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>       at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.crypto.BadPaddingException: Given final block not properly 
> padded
>       at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>       at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>       at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13*..)
>       at javax.crypto.Cipher.doFinal(DashoA13*..)
>       at 
> org.apache.myfaces.shared_impl.util.StateUtils.symmetric(StateUtils.java:369)
>       ... 30 more

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to