What is the remember me cookie payload? That _should_ make it easy to reproduce
(Friendly reminder, I'm assuming that cipherKey is for test purposes and is not used in production) On Mon, Jul 15, 2019 at 8:52 AM jubax <[email protected]> wrote: > Hi, > > I get the an ArrayIndexOutOfBoundsException in CookieRememberMeManager > exception when I'm logging out (tomcat-based web application). See below. > > I also added > > [main] > securityManager.rememberMeManager.cipherKey = > 0xff64f88d526b7bb96b962682b7048d76 > > to the shiro.ini, but no avail. > > Any ideas? > > Thanks, > > Jürgen > > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter - > Current requestURI matches pattern '/logout'. Determining filter chain > execution... > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] PathMatchingFilter - > Filter 'anon' is enabled for the current request under path '/logout' with > config [null]. Delegating to subclass implementation for 'onPre > Handle' check. > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter - > Invoked preHandle method. Continuing chain?: [true] > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] ProxiedFilterChain - > Invoking original filter chain. > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject - > attempting to get session; create = false; session is null = false; session > has id = true > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] DelegatingSubject - > attempting to get session; create = false; session is null = false; session > has id = true > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter - > Successfully invoked postHandle method > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-7] AdviceFilter - > Successfully invoked afterCompletion method. > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] OncePerRequestFilter - > Filter 'ShiroFilter' not yet executed. Executing now. > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager > - Context already contains a SecurityManager instance. Returning. > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager > - No identity (PrincipalCollection) found in the context. Looking for a > remembered identity. > 2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie - > Found 'rememberMe' cookie value > [383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm] > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] > CookieRememberMeManager > - Acquired Base64 encoded identity > [383078EE-A226-47B8-9798-8DDF9E361A9A%%ldapRealm===] > 2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10] > AbstractRememberMeManager - There was a failure while trying to retrieve > remembered principals. This could be due to a configuration problem or > corrupted princi > pals. This could also be due to a recently changed encryption key, if you > are using a shiro.ini file, this property would be > 'securityManager.rememberMeManager.cipherKey' see: > http://shiro.apache.org/web.html#Web-Rememb > erMeServices. The remembered identity will be forgotten and not used for > this request. > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie - > calculated path: /myapplication > 2019-07-15 14:43:40 DEBUG [] [http-nio-8080-exec-10] SimpleCookie - > Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/myapplication; > Max-Age=0; Expires=Sun, 14-Jul-2019 12:43:40 GMT] > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] SimpleCookie - > Removed 'rememberMe' cookie by setting maxAge=0 > 2019-07-15 14:43:40 WARN [] [http-nio-8080-exec-10] DefaultSecurityManager > - *Delegate RememberMeManager instance of type > [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception > during > getRememberedPr > incipals().* > java.lang.ArrayIndexOutOfBoundsException: Index 30 out of bounds for length > 30 > at org.apache.shiro.codec.Base64.decode(Base64.java:470) > at org.apache.shiro.codec.Base64.decode(Base64.java:414) > at > > org.apache.shiro.web.mgt.CookieRememberMeManager.getRememberedSerializedIdentity(CookieRememberMeManager.java:215) > at > > org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:383) > at > > org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604) > at > > org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492) > at > > org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342) > at > org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) > at > > org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) > at > > org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) > at > > org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) > 2019-07-15 14:43:40 TRACE [] [http-nio-8080-exec-10] DefaultSecurityManager > - No remembered identity found. Returning original context. > > > > > -- > Sent from: http://shiro-user.582556.n2.nabble.com/ >
