Hi, I get the an ArrayIndexOutOfBoundsException in CookieRememberMeManager exception when I'm logging out (tomcat-based web application). See below.
I also added [main] securityManager.rememberMeManager.cipherKey = 0xff64f88d526b7bb96b962682b7048d76 to the shiro.ini, but no avail. Any ideas? Thanks, Jürgen 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter - Current requestURI matches pattern '/logout'. Determining filter chain execution... 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter - Filter 'anon' is enabled for the current request under path '/logout' with config [null]. Delegating to subclass implementation for 'onPre Handle' check. 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter - Invoked preHandle method. Continuing chain?: [true] 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] ProxiedFilterChain - Invoking original filter chain. 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject - attempting to get session; create = false; session is null = false; session has id = true 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject - attempting to get session; create = false; session is null = false; session has id = true 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter - Successfully invoked postHandle method 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter - Successfully invoked afterCompletion method. 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] OncePerRequestFilter - Filter 'ShiroFilter' not yet executed. Executing now. 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager - Context already contains a SecurityManager instance. Returning. 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager - No identity (PrincipalCollection) found in the context. Looking for a remembered identity. 2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie - Found 'rememberMe' cookie value [383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm] 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] CookieRememberMeManager - Acquired Base64 encoded identity [383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm===] 2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10] AbstractRememberMeManager - There was a failure while trying to retrieve remembered principals. This could be due to a configuration problem or corrupted princi pals. This could also be due to a recently changed encryption key, if you are using a shiro.ini file, this property would be 'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-Rememb erMeServices. The remembered identity will be forgotten and not used for this request. 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie - calculated path: /myapplication 2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/myapplication; Max-Age=0; Expires=Sun, 14-Jul-2019 12:43:40 GMT] 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie - Removed 'rememberMe' cookie by setting maxAge=0 2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10] DefaultSecurityManager - *Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPr incipals().* java.lang.ArrayIndexOutOfBoundsException: Index 30 out of bounds for length 30 at org.apache.shiro.codec.Base64.decode(Base64.java:470) at org.apache.shiro.codec.Base64.decode(Base64.java:414) at org.apache.shiro.web.mgt.CookieRememberMeManager.getRememberedSerializedIdentity(CookieRememberMeManager.java:215) at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:383) at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604) at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342) at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager - No remembered identity found. Returning original context. -- Sent from: http://shiro-user.582556.n2.nabble.com/
