[ https://issues.apache.org/jira/browse/SLING-9433?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Munteanu resolved SLING-9433. ------------------------------------ Resolution: Fixed > Do not log stack trace in case of cookies with no match in the token store > -------------------------------------------------------------------------- > > Key: SLING-9433 > URL: https://issues.apache.org/jira/browse/SLING-9433 > Project: Sling > Issue Type: Improvement > Components: Authentication > Reporter: Robert Munteanu > Assignee: Robert Munteanu > Priority: Major > Fix For: Form Based Authentication 1.0.20 > > > When a cookie does not have a match in the token store, a stack trace is > logged at error level > {noformat}08.05.2020 14:21:42.991 *ERROR* [qtp804599815-226] > org.apache.sling.auth.form.impl.TokenStore No installed provider supports > this key: (null) > java.security.InvalidKeyException: No installed provider supports this key: > (null) > at java.base/javax.crypto.Mac.chooseProvider(Mac.java:392) > at java.base/javax.crypto.Mac.init(Mac.java:435) > at > org.apache.sling.auth.form.impl.TokenStore.encode(TokenStore.java:174) > [org.apache.sling.auth.form:1.0.19.SNAPSHOT] > at > org.apache.sling.auth.form.impl.TokenStore.isValid(TokenStore.java:229) > [org.apache.sling.auth.form:1.0.19.SNAPSHOT] > at > org.apache.sling.auth.form.impl.FormAuthenticationHandler.extractCredentials(FormAuthenticationHandler.java:195) > [org.apache.sling.auth.form:1.0.19.SNAPSHOT]{noformat} > (snip) > This is easily preventable, as we should not be passing a null {{SecretKey}} > further. Instead, we should log an ERROR and consider the cookie as invalid. > Steps to reproduce: > 1. Start up Sling Starter > 2. Log in > 3. Stop Sling Starter > 4. Remove sling directory > 5. Start Sling Starter > 6. Visit front page > Alternatively, save a Sling login cookie ( sling.formauth=... ) and send it > via a curl call to a fresh instance of Sling. -- This message was sent by Atlassian Jira (v8.3.4#803005)