CryptoException

Shiro 1.3.0
Jetty9.3.10 or Tomcat7 & 8
Servlet based webapp
Using authc (Form based Auth)

Occasionally on login I get a nasty stackTrace like the following.  I need
help figuring out why.  I am not doing anything with Cryptology myself.
This is down in the Shiro code.  I am using the box stock
FormAuthenticationFilter.  This doesn't happen everytime, and doesn't appear
to cause any known issues with my app, but the nasty log message is not
good.  Any suggestions?

[qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
Delegate RememberMeManager instance of type [org.apache
.shiro.web.mgt.CookieRememberMeManager] threw an exception during
getRememberedPrincipals().
org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with
cipher instance [javax.crypto.Cipher@32d3ab59].
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:479)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)
        at
org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
        at
org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
        at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
        at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
        at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
        at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
        at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
        at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
        at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
        at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
        at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
        at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
        at org.eclipse.jetty.server.Server.handle(Server.java:524)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
        at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
        at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)

        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
        at
com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
        at javax.crypto.Cipher.doFinal(Cipher.java:2165)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
        ... 41 more


Shiro.ini file contents:

#
=============================================================================
# Shiro INI configuration
#
#
=============================================================================

#-----------
# Main
# ----------
[main]

authc.loginUrl = /pre-auth/authentication/login.html
authc.successUrl = /index.html
logout.redirectUrl = /pre-auth/authentication/login.html

myRealm = com.test.auth.VnfMgrCustomRealm

cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

securityManager.realms = $myRealm

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

# Use the configured native session manager:
securityManager.sessionManager = $sessionManager

cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = mgr.cookie
cookie.path = /
sessionManager.sessionIdCookie = $cookie

#
-----------------------------------------------------------------------------
# URLS - followed by Filter Chains.
#
-----------------------------------------------------------------------------
[urls]
/v1/sbc/** = anon
/v1/vnfs/** = anon
/logout = logout
/pre-auth/authentication/img/favicon/favicon.ico = anon
/pre-auth/authentication/ajax/** = anon
/pre-auth/authentication/css/** = anon
/pre-auth/authentication/data/** = anon
/pre-auth/authentication/design-resources/** = anon
/pre-auth/authentication/fonts/** = anon
/pre-auth/authentication/img/** = anon
/pre-auth/authentication/js/** = anon
/pre-auth/authentication/php/** = anon
/pre-auth/authentication/sound/** = anon
/pre-auth/authentication/xml/** = anon
/** = authc




--
View this message in context: http://shiro-user.582556.n2.nabble.com/CryptoException-tp7581223.html
Sent from the Shiro User mailing list archive at Nabble.com.

Do you see this during development? Or in production?

Either way i'm guessing you have not set `securityManager.rememberMeManager.cipherKey` property, for development this is fine, for a pro server, if not set, the rememberme will change on restart.
http://shiro.apache.org/configuration.html#Configuration-ByteArrayValues

We could probably improve the error message a bit, please open a bug for this.

On Tue, Aug 16, 2016 at 3:01 PM, [hidden email] <[hidden email]> wrote:

Shiro 1.3.0
Jetty9.3.10 or Tomcat7 & 8
Servlet based webapp
Using authc (Form based Auth)

Occasionally on login I get a nasty stackTrace like the following.  I need
help figuring out why.  I am not doing anything with Cryptology myself.
This is down in the Shiro code.  I am using the box stock
FormAuthenticationFilter.  This doesn't happen everytime, and doesn't appear
to cause any known issues with my app, but the nasty log message is not
good.  Any suggestions?

[qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
Delegate RememberMeManager instance of type [org.apache
.shiro.web.mgt.CookieRememberMeManager] threw an exception during
getRememberedPrincipals().
org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with
cipher instance [javax.crypto.Cipher@32d3ab59].
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:479)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)
        at
org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
        at
org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
        at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
        at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
        at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
        at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
        at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
        at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
        at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
        at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
        at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
        at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
        at org.eclipse.jetty.server.Server.handle(Server.java:524)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
        at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
        at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)

        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
        at
com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
        at javax.crypto.Cipher.doFinal(Cipher.java:2165)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
        ... 41 more


Shiro.ini file contents:

#
=============================================================================
# Shiro INI configuration
#
#
=============================================================================

#-----------
# Main
# ----------
[main]

authc.loginUrl = /pre-auth/authentication/login.html
authc.successUrl = /index.html
logout.redirectUrl = /pre-auth/authentication/login.html

myRealm = com.test.auth.VnfMgrCustomRealm

cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

securityManager.realms = $myRealm

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

# Use the configured native session manager:
securityManager.sessionManager = $sessionManager

cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = mgr.cookie
cookie.path = /
sessionManager.sessionIdCookie = $cookie

#
-----------------------------------------------------------------------------
# URLS - followed by Filter Chains.
#
-----------------------------------------------------------------------------
[urls]
/v1/sbc/** = anon
/v1/vnfs/** = anon
/logout = logout
/pre-auth/authentication/img/favicon/favicon.ico = anon
/pre-auth/authentication/ajax/** = anon
/pre-auth/authentication/css/** = anon
/pre-auth/authentication/data/** = anon
/pre-auth/authentication/design-resources/** = anon
/pre-auth/authentication/fonts/** = anon
/pre-auth/authentication/img/** = anon
/pre-auth/authentication/js/** = anon
/pre-auth/authentication/php/** = anon
/pre-auth/authentication/sound/** = anon
/pre-auth/authentication/xml/** = anon
/** = authc




--
View this message in context: http://shiro-user.582556.n2.nabble.com/CryptoException-tp7581223.html
Sent from the Shiro User mailing list archive at Nabble.com.

Hi Brian, I just wanted to say thanks, I had been meaning to deal with this in my application, fixed because of your email here!

On Wed, Aug 17, 2016 at 11:13 AM, Brian Demers <[hidden email]> wrote:

Do you see this during development? Or in production?

Either way i'm guessing you have not set `securityManager.rememberMeManager.cipherKey` property, for development this is fine, for a pro server, if not set, the rememberme will change on restart.
http://shiro.apache.org/configuration.html#Configuration-ByteArrayValues

We could probably improve the error message a bit, please open a bug for this.

On Tue, Aug 16, 2016 at 3:01 PM, [hidden email] <[hidden email]> wrote:

Shiro 1.3.0
Jetty9.3.10 or Tomcat7 & 8
Servlet based webapp
Using authc (Form based Auth)

Occasionally on login I get a nasty stackTrace like the following.  I need
help figuring out why.  I am not doing anything with Cryptology myself.
This is down in the Shiro code.  I am using the box stock
FormAuthenticationFilter.  This doesn't happen everytime, and doesn't appear
to cause any known issues with my app, but the nasty log message is not
good.  Any suggestions?

[qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
Delegate RememberMeManager instance of type [org.apache
.shiro.web.mgt.CookieRememberMeManager] threw an exception during
getRememberedPrincipals().
org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with
cipher instance [javax.crypto.Cipher@32d3ab59].
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:479)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)
        at
org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
        at
org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
        at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
        at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
        at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
        at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
        at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
        at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
        at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
        at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
        at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
        at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
        at org.eclipse.jetty.server.Server.handle(Server.java:524)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
        at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
        at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)

        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
        at
com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
        at javax.crypto.Cipher.doFinal(Cipher.java:2165)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
        ... 41 more


Shiro.ini file contents:

#
=============================================================================
# Shiro INI configuration
#
#
=============================================================================

#-----------
# Main
# ----------
[main]

authc.loginUrl = /pre-auth/authentication/login.html
authc.successUrl = /index.html
logout.redirectUrl = /pre-auth/authentication/login.html

myRealm = com.test.auth.VnfMgrCustomRealm

cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

securityManager.realms = $myRealm

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

# Use the configured native session manager:
securityManager.sessionManager = $sessionManager

cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = mgr.cookie
cookie.path = /
sessionManager.sessionIdCookie = $cookie

#
-----------------------------------------------------------------------------
# URLS - followed by Filter Chains.
#
-----------------------------------------------------------------------------
[urls]
/v1/sbc/** = anon
/v1/vnfs/** = anon
/logout = logout
/pre-auth/authentication/img/favicon/favicon.ico = anon
/pre-auth/authentication/ajax/** = anon
/pre-auth/authentication/css/** = anon
/pre-auth/authentication/data/** = anon
/pre-auth/authentication/design-resources/** = anon
/pre-auth/authentication/fonts/** = anon
/pre-auth/authentication/img/** = anon
/pre-auth/authentication/js/** = anon
/pre-auth/authentication/php/** = anon
/pre-auth/authentication/sound/** = anon
/pre-auth/authentication/xml/** = anon
/** = authc




--
View this message in context: http://shiro-user.582556.n2.nabble.com/CryptoException-tp7581223.html
Sent from the Shiro User mailing list archive at Nabble.com.

Glad to hear it!, and thanks for letting us know because this further confirms we need a better error message.

On Thu, Aug 18, 2016 at 9:45 AM, Rob Young <[hidden email]> wrote:

Hi Brian, I just wanted to say thanks, I had been meaning to deal with this in my application, fixed because of your email here!

On Wed, Aug 17, 2016 at 11:13 AM, Brian Demers <[hidden email]> wrote:

Do you see this during development? Or in production?

Either way i'm guessing you have not set `securityManager.rememberMeManager.cipherKey` property, for development this is fine, for a pro server, if not set, the rememberme will change on restart.
http://shiro.apache.org/configuration.html#Configuration-ByteArrayValues

We could probably improve the error message a bit, please open a bug for this.

On Tue, Aug 16, 2016 at 3:01 PM, [hidden email] <[hidden email]> wrote:

Shiro 1.3.0
Jetty9.3.10 or Tomcat7 & 8
Servlet based webapp
Using authc (Form based Auth)

Occasionally on login I get a nasty stackTrace like the following.  I need
help figuring out why.  I am not doing anything with Cryptology myself.
This is down in the Shiro code.  I am using the box stock
FormAuthenticationFilter.  This doesn't happen everytime, and doesn't appear
to cause any known issues with my app, but the nasty log message is not
good.  Any suggestions?

[qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
Delegate RememberMeManager instance of type [org.apache
.shiro.web.mgt.CookieRememberMeManager] threw an exception during
getRememberedPrincipals().
org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with
cipher instance [javax.crypto.Cipher@32d3ab59].
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:479)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)
        at
org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
        at
org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
        at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
        at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
        at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
        at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
        at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
        at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
        at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
        at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
        at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
        at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
        at org.eclipse.jetty.server.Server.handle(Server.java:524)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
        at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
        at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)

        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
        at
com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
        at javax.crypto.Cipher.doFinal(Cipher.java:2165)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
        ... 41 more


Shiro.ini file contents:

#
=============================================================================
# Shiro INI configuration
#
#
=============================================================================

#-----------
# Main
# ----------
[main]

authc.loginUrl = /pre-auth/authentication/login.html
authc.successUrl = /index.html
logout.redirectUrl = /pre-auth/authentication/login.html

myRealm = com.test.auth.VnfMgrCustomRealm

cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

securityManager.realms = $myRealm

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

# Use the configured native session manager:
securityManager.sessionManager = $sessionManager

cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = mgr.cookie
cookie.path = /
sessionManager.sessionIdCookie = $cookie

#
-----------------------------------------------------------------------------
# URLS - followed by Filter Chains.
#
-----------------------------------------------------------------------------
[urls]
/v1/sbc/** = anon
/v1/vnfs/** = anon
/logout = logout
/pre-auth/authentication/img/favicon/favicon.ico = anon
/pre-auth/authentication/ajax/** = anon
/pre-auth/authentication/css/** = anon
/pre-auth/authentication/data/** = anon
/pre-auth/authentication/design-resources/** = anon
/pre-auth/authentication/fonts/** = anon
/pre-auth/authentication/img/** = anon
/pre-auth/authentication/js/** = anon
/pre-auth/authentication/php/** = anon
/pre-auth/authentication/sound/** = anon
/pre-auth/authentication/xml/** = anon
/** = authc




--
View this message in context: http://shiro-user.582556.n2.nabble.com/CryptoException-tp7581223.html
Sent from the Shiro User mailing list archive at Nabble.com.

:)  To be honest, it would have probably not been too hard to sort out... I just have a huge task list so I had been putting it off.  This really got to the heart of the matter and sorted me out!

OH, if you specify a cipher key of an incorrect length, you will get a big stack trace when shiro tries to create a remember me key.  Buried within the stack is a message saying it.  At first I had no idea why it failed, but the details are all there in the stack trace.  I ran into this, the test hex key in the shiro docs is of the incorrect length, I had created a new key of a correct length.

On Thu, Aug 18, 2016 at 10:38 AM, Brian Demers <[hidden email]> wrote:

Glad to hear it!, and thanks for letting us know because this further confirms we need a better error message.

On Thu, Aug 18, 2016 at 9:45 AM, Rob Young <[hidden email]> wrote:

Hi Brian, I just wanted to say thanks, I had been meaning to deal with this in my application, fixed because of your email here!

On Wed, Aug 17, 2016 at 11:13 AM, Brian Demers <[hidden email]> wrote:

Do you see this during development? Or in production?

Either way i'm guessing you have not set `securityManager.rememberMeManager.cipherKey` property, for development this is fine, for a pro server, if not set, the rememberme will change on restart.
http://shiro.apache.org/configuration.html#Configuration-ByteArrayValues

We could probably improve the error message a bit, please open a bug for this.

On Tue, Aug 16, 2016 at 3:01 PM, [hidden email] <[hidden email]> wrote:

Shiro 1.3.0
Jetty9.3.10 or Tomcat7 & 8
Servlet based webapp
Using authc (Form based Auth)

Occasionally on login I get a nasty stackTrace like the following.  I need
help figuring out why.  I am not doing anything with Cryptology myself.
This is down in the Shiro code.  I am using the box stock
FormAuthenticationFilter.  This doesn't happen everytime, and doesn't appear
to cause any known issues with my app, but the nasty log message is not
good.  Any suggestions?

[qtp1136503323-30] WARN org.apache.shiro.mgt.DefaultSecurityManager -
Delegate RememberMeManager instance of type [org.apache
.shiro.web.mgt.CookieRememberMeManager] threw an exception during
getRememberedPrincipals().
org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with
cipher instance [javax.crypto.Cipher@32d3ab59].
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
        at
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:479)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)
        at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)
        at
org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
        at
org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
        at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
        at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
        at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
        at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
        at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
        at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
        at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
        at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
        at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
        at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
        at org.eclipse.jetty.server.Server.handle(Server.java:524)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
        at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
        at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)

        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
        at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
        at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
        at
com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
        at javax.crypto.Cipher.doFinal(Cipher.java:2165)
        at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
        ... 41 more


Shiro.ini file contents:

#
=============================================================================
# Shiro INI configuration
#
#
=============================================================================

#-----------
# Main
# ----------
[main]

authc.loginUrl = /pre-auth/authentication/login.html
authc.successUrl = /index.html
logout.redirectUrl = /pre-auth/authentication/login.html

myRealm = com.test.auth.VnfMgrCustomRealm

cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

securityManager.realms = $myRealm

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

# Use the configured native session manager:
securityManager.sessionManager = $sessionManager

cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = mgr.cookie
cookie.path = /
sessionManager.sessionIdCookie = $cookie

#
-----------------------------------------------------------------------------
# URLS - followed by Filter Chains.
#
-----------------------------------------------------------------------------
[urls]
/v1/sbc/** = anon
/v1/vnfs/** = anon
/logout = logout
/pre-auth/authentication/img/favicon/favicon.ico = anon
/pre-auth/authentication/ajax/** = anon
/pre-auth/authentication/css/** = anon
/pre-auth/authentication/data/** = anon
/pre-auth/authentication/design-resources/** = anon
/pre-auth/authentication/fonts/** = anon
/pre-auth/authentication/img/** = anon
/pre-auth/authentication/js/** = anon
/pre-auth/authentication/php/** = anon
/pre-auth/authentication/sound/** = anon
/pre-auth/authentication/xml/** = anon
/** = authc




--
View this message in context: http://shiro-user.582556.n2.nabble.com/CryptoException-tp7581223.html
Sent from the Shiro User mailing list archive at Nabble.com.