All geek questions in one place

Spring Security java.lang.IllegalArgumentException: character without hex input

I deployed an existing Maven project on my Tomcat server in a Windows7 environment. I am using tomcat7, spring-security-core 3.1.0.

However, every time I log in to my webapp, I received an error message

java.lang.IllegalArgumentException: Non-hex character in input

On Linux, the code works fine. So I thought about it because I use windows7 in my local environment. When I look on the Internet, I saw that this is a coding problem between linux and windows.

I tried to configure

JAVA_TOOL_OPTIONS -Dfile.encoding = UTF8

but failed. Please help me. Thanks in advance!

+5
source share
3 answers

Most likely, when you log in, events occur: this order:

  • Spring selects an entity from the database by username.
  • Spring should check the entered password to match the stored encoded password.

To verify compliance, Spring uses the PasswordEncoder , which you most likely configured.

Your password encoder expects the stored encoded password to be a hexadecimal char sequence (pre-encoded by this PasswordEncoder). Thus, it tries to decode CharSequence to byte [], but fails ( source ).

The solution is to save users with a previously encoded password, for example. by BCryptPasswordEncoder.

+1
source

Answer Alex Derkach is suitable for me!
In my case, I have a database with a direct storage password (development) that looks like User = roor, psw = root.
Therefore, when I comment (delete) .passwordEncoder(new StandardPasswordEncoder("53c433t")); ! .passwordEncoder(new StandardPasswordEncoder("53c433t")); ! his work
!! But wrong, the password must be stored in encrypted form !!!

0
source

A possible reason for this is mixing password encoders. There are various options for PasswordEncoder . And, for example, if you use SymmetricPasswordEncoder for encoding and StandardPasswordEncoder for decoding, you can get this exception.

0
source

Source: https://habr.com/ru/post/1238631/

More articles:


All Articles