[jira] Commented: (SHIRO-183) Unable to correctly extract the Initialization Vector or ciphertext

Thu, 15 Jul 2010 11:06:18 -0700 

    [ 
https://issues.apache.org/jira/browse/SHIRO-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12888871#action_12888871
 ] 

Les Hazlewood commented on SHIRO-183:
-------------------------------------

Hi there,

It is quite possible this is not be a bug - this can happen if a remember me 
cookie was created before upgrading to Shiro 1.0.0 and then the same cookie was 
read during a request after the upgrade.  Or it can happen if a remember me 
cookie was created when 
securityManager.rememberMeManager.cipherService.generateInitializationVectors = 
false and then it was set to true at a later time, the read cookie would fail 
to be decrypted.

Odds are very high the first scenario occurred and caused you to see these 
warning messages.  If so,  you can completely ignore these warnings - the next 
time a user logs in, the faulty cookie will be deleted and reset with a new 
(correct) one.

Setting a cipherKey is recommended to ensure that no-one else can decrypt your 
data (instead of using the default cipherKey which can known since Shiro's 
source code is readily available).  The cipherKey itself has nothing to do with 
how the initialization vector is generated or read, so setting the key, while 
still a good thing to do, won't make this warning go away.

If you still think this is a bug, do you have a test case to verify the issue?  
It is impossible for us to track down the issue unless we can re-create it.

> Unable to correctly extract the Initialization Vector or ciphertext
> -------------------------------------------------------------------
>
>                 Key: SHIRO-183
>                 URL: https://issues.apache.org/jira/browse/SHIRO-183
>             Project: Shiro
>          Issue Type: Bug
>          Components: Subject
>    Affects Versions: 1.0.0
>         Environment: GNU/Linux Debian Lenny, Java 1.6
>            Reporter: RynekMedyczny.pl
>
> I obtain following exception while entering the secure page:
>   [java] 101637 [http-8080-1] WARN 
> org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager 
> instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an 
> exception during getRememberedPrincipals().
>      [java] org.apache.shiro.crypto.CryptoException: Unable to correctly 
> extract the Initialization Vector or ciphertext.
>      [java]   at 
> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:381)
>      [java]   at 
> org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:491)
>      [java]   at 
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
>      [java]   at 
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
>      [java]   at 
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:567)
>      [java]   at 
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:434)
>      [java]   at 
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:335)
>      [java]   at 
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
>      [java]   at 
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:149)
>      [java]   at 
> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:202)
>      [java]   at 
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:269)
>      [java]   at 
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
>      [java]   at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>      [java]   at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>      [java]   at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>      [java]   at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>      [java]   at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>      [java]   at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>      [java]   at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>      [java]   at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
>      [java]   at 
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
>      [java]   at 
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
>      [java]   at 
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>      [java]   at java.lang.Thread.run(Thread.java:619)
>      [java] Caused by: java.lang.ArrayIndexOutOfBoundsException
>      [java]   at java.lang.System.arraycopy(Native Method)
>      [java]   at 
> org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:373)
>      [java]   ... 23 more
> Of course I have set the "securityManager.rememberMeManager.cipherKey" in 
> shiro.ini but it did not help.
> kind regards.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to