[jira] Commented: (SHIRO-183) Unable to correctly extract the Initialization Vector or ciphertext

Fri, 08 Oct 2010 12:47:56 -0700 

    [ 
https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12919363#action_12919363
 ] 

Borut Bolcina commented on SHIRO-183:
-------------------------------------

I am using tapestry-security-0.2.0 which is dependent on 
shiro-web-1.0.0-incubating.

The url with a login form looks like 
http://localhost:8080/security/login;jsessionid=3gy546y02uhnw8p05i3kvs2p
There are no cookies for localhost in the firefox 3.6.10 browser.
Remember me checkbox is NOT ticked. I hit the Enter button, I got logged in AND 
the rememberMe cookie with default valaue (deleteMe) gets written (18 bytes).

Now when I click the logout link I get the familiar waning message:
[WARN] 21:37:57,885 org.apache.shiro.mgt.DefaultSecurityManager Delegate 
RememberMeManager instance of type 
[org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during 
getRememberedPrincipals().
org.apache.shiro.crypto.CryptoException: Unable to correctly extract the 
Initialization Vector or ciphertext.
        at 
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
...

This is 100% repeatable.

If you now want to login again, the warning appears again. So it seem only if 
the rememberMe cookie is not present the warnings do not show up.

I battle the plagued logs with:
log4j.logger.org.apache.shiro.mgt.DefaultSecurityManager=error

The same applies for IE 8.

> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
>                 Key: SHIRO-183
>                 URL: https://issues.apache.org/jira/browse/SHIRO-183
>             Project: Shiro
>          Issue Type: Bug
>          Components: Subject
>    Affects Versions: 1.0.0
>         Environment: GNU/Linux Debian Lenny, Java 1.6
>            Reporter: RynekMedyczny.pl
>            Assignee: Kalle Korhonen
>            Priority: Trivial
>             Fix For: 1.1.0
>
>         Attachments: shiro.ini
>
>
> I obtain following exception while entering the secure page:
>   [java] 101637 [http-8080-1] WARN 
> org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager 
> instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an 
> exception during getRememberedPrincipals().
>      [java] org.apache.shiro.crypto.CryptoException: Unable to correctly 
> extract the Initialization Vector or ciphertext.
>      [java]   at 
> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
>      [java]   at 
> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
>      [java]   at 
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
>      [java]   at 
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
>      [java]   at 
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
>      [java]   at 
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
>      [java]   at 
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
>      [java]   at 
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
>      [java]   at 
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
>      [java]   at 
> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
>      [java]   at 
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
>      [java]   at 
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
>      [java]   at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>      [java]   at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>      [java]   at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>      [java]   at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>      [java]   at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>      [java]   at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>      [java]   at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>      [java]   at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
>      [java]   at 
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
>      [java]   at 
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
>      [java]   at 
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>      [java]   at java.lang.Thread.run(Thread.java:619)
>      [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
>      [java]   at java.lang.System.arraycopy(Native Method)
>      [java]   at 
> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
>      [java]   ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in 
> shiro.ini but it did not help.
> kind regards.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to