[jira] [Commented] (SHIRO-615) Refine error message for incorrectly configured rememberMe cipherKey

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Commented] (SHIRO-615) Refine error message for incorrectly configured rememberMe cipherKey

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SHIRO-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15881177#comment-15881177 ]

Rob Young commented on SHIRO-615:
---------------------------------

Attached is another possible error, if the byte is able to be parsed, but not compatible with the cipher suite.

{code}
2017-02-23T15:19:17.989-0500|Info: 15:19:17.988 [http-listener-1(3)] WARN  o.a.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during onSuccessfulLogin.  RememberMe services will not be performed for account [---snip---].
org.apache.shiro.crypto.CryptoException: Unable to init cipher instance.
        at org.apache.shiro.crypto.JcaCipherService.init(JcaCipherService.java:495) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.crypto.JcaCipherService.initNewCipher(JcaCipherService.java:598) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:444) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:324) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:313) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.mgt.AbstractRememberMeManager.encrypt(AbstractRememberMeManager.java:466) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.mgt.AbstractRememberMeManager.convertPrincipalsToBytes(AbstractRememberMeManager.java:352) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.mgt.AbstractRememberMeManager.rememberIdentity(AbstractRememberMeManager.java:336) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.mgt.AbstractRememberMeManager.rememberIdentity(AbstractRememberMeManager.java:311) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.mgt.AbstractRememberMeManager.onSuccessfulLogin(AbstractRememberMeManager.java:287) ~[shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.mgt.DefaultSecurityManager.rememberMeSuccessfulLogin(DefaultSecurityManager.java:206) [shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.mgt.DefaultSecurityManager.onSuccessfulLogin(DefaultSecurityManager.java:291) [shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:285) [shiro-core-1.3.2.jar:1.3.2]
        at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) [shiro-core-1.3.2.jar:1.3.2]
        ---snip---
Caused by: java.security.InvalidKeyException: Invalid AES key length: 15 bytes
        at com.sun.crypto.provider.AESCipher.engineGetKeySize(AESCipher.java:495) ~[sunjce_provider.jar:1.8.0_71]
        at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1067) ~[na:1.8.0_71]
        at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1038) ~[na:1.8.0_71]
        at javax.crypto.Cipher.implInit(Cipher.java:805) ~[na:1.8.0_71]
        at javax.crypto.Cipher.chooseProvider(Cipher.java:864) ~[na:1.8.0_71]
        at javax.crypto.Cipher.init(Cipher.java:1396) ~[na:1.8.0_71]
        at javax.crypto.Cipher.init(Cipher.java:1327) ~[na:1.8.0_71]
{code}

> Refine error message for incorrectly configured rememberMe cipherKey
> --------------------------------------------------------------------
>
>                 Key: SHIRO-615
>                 URL: https://issues.apache.org/jira/browse/SHIRO-615
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Rob Young
>            Priority: Minor
>
> Currently if the shiro configuration key *securityManager.rememberMeManager.cipherKey* is set incorrectly, an error is logged via a stack trace.  Unfortunately, this stack trace and associated error message do not provide much context and could be refined to indicate that the source of the error was the cipherKey.
> h4. Sample Error
> {code}
> ERROR o.a.shiro.web.env.EnvironmentLoader - Shiro environment initialization failed
> java.lang.IllegalArgumentException: Odd number of characters.
> at org.apache.shiro.codec.Hex.decode(Hex.java:128) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.codec.Hex.decode(Hex.java:107) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.toBytes(ReflectionBuilder.java:544) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:711) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203) ~[shiro-web-1.3.2.jar:1.3.2]
> at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99) ~[shiro-web-1.3.2.jar:1.3.2]
> at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92) ~[shiro-web-1.3.2.jar:1.3.2]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
Loading...