[jira] [Commented] (SHIRO-615) Refine error message for incorrectly configured rememberMe cipherKey

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (SHIRO-615) Refine error message for incorrectly configured rememberMe cipherKey

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SHIRO-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15883434#comment-15883434 ]

Rob Young commented on SHIRO-615:
---------------------------------

Things are starting to make sense.  There are really two separate issues here.  The first one, I think the method ReflectionBuilder.applyProperty could decorate the thrown exception something like this:

{code}
    protected void applyProperty(Object object, String propertyName, String stringValue) {
        try
        {
            Object value;

            if (NULL_VALUE_TOKEN.equals(stringValue)) {
                value = null;
            } else if (EMPTY_STRING_VALUE_TOKEN.equals(stringValue)) {
                value = StringUtils.EMPTY_STRING;
            } else if (isIndexedPropertyAssignment(propertyName)) {
                String checked = checkForNullOrEmptyLiteral(stringValue);
                value = resolveValue(checked);
            } else if (isTypedProperty(object, propertyName, Set.class)) {
                value = toSet(stringValue);
            } else if (isTypedProperty(object, propertyName, Map.class)) {
                value = toMap(stringValue);
            } else if (isTypedProperty(object, propertyName, List.class)) {
                value = toList(stringValue);
            } else if (isTypedProperty(object, propertyName, Collection.class)) {
                value = toCollection(stringValue);
            } else if (isTypedProperty(object, propertyName, byte[].class)) {
                value = toBytes(stringValue);
            } else if (isTypedProperty(object, propertyName, ByteSource.class)) {
                byte[] bytes = toBytes(stringValue);
                value = ByteSource.Util.bytes(bytes);
            } else {
                String checked = checkForNullOrEmptyLiteral(stringValue);
                value = resolveValue(checked);
            }

            applyProperty(object, propertyName, value);
        }
        catch(IllegalArgumentException ex)
        {
            throw new IllegalArgumentException("The property key " + propertyName + " could not be parsed.  Invalid value \"" + stringValue + "\"", ex);
        }
    }
{code}

The second issue I think could be addressed with some clever logging in the DefaultSecurityManager.java rememberMe methods.  I don't really have a handle on how you guys structure your code but I'll try to get something checked into github at some point.

> Refine error message for incorrectly configured rememberMe cipherKey
> --------------------------------------------------------------------
>
>                 Key: SHIRO-615
>                 URL: https://issues.apache.org/jira/browse/SHIRO-615
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Rob Young
>            Priority: Minor
>
> Currently if the shiro configuration key *securityManager.rememberMeManager.cipherKey* is set incorrectly, an error is logged via a stack trace.  Unfortunately, this stack trace and associated error message do not provide much context and could be refined to indicate that the source of the error was the cipherKey.
> h4. Sample Error
> {code}
> ERROR o.a.shiro.web.env.EnvironmentLoader - Shiro environment initialization failed
> java.lang.IllegalArgumentException: Odd number of characters.
> at org.apache.shiro.codec.Hex.decode(Hex.java:128) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.codec.Hex.decode(Hex.java:107) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.toBytes(ReflectionBuilder.java:544) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:711) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) ~[shiro-core-1.3.2.jar:1.3.2]
> at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203) ~[shiro-web-1.3.2.jar:1.3.2]
> at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99) ~[shiro-web-1.3.2.jar:1.3.2]
> at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92) ~[shiro-web-1.3.2.jar:1.3.2]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)