2

启动我的应用程序时,我在 Apache 日志中收到以下错误

我发现BCrypt.checkpw() Invalid salt version exception 但这不匹配,因为我的用户存储在数据库中的密码已经过哈希处理,并且此错误出现在启动时,我在 99.99% 的登录中都没有问题时间。

29-Oct-2017 22:12:32.242 SEVERE [http-nio-8084-exec-1] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for     servlet [UserController] in context with path [/medsched] threw exception
 java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.lang.String.charAt(String.java:658)
at org.mindrot.jbcrypt.BCrypt.hashpw(BCrypt.java:658)
at org.mindrot.jbcrypt.BCrypt.checkpw(BCrypt.java:764)
at medsched.data.UserDB.loginUser(UserDB.java:216)
at medsched.controllers.UserController.logInToSite(UserController.java:165)
at medsched.controllers.UserController.doPost(UserController.java:41)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:213)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at medsched.filters.SecPageFilter.doFilter(SecPageFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:217)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

它似乎几乎没有像我可以登录的大部分时间那样影响应用程序,或者如果我显示密码不匹配,我将返回到我的应用程序中定义的登录错误 jsp。我做了几次,但是收到一个 500 错误页面

java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.lang.String.charAt(String.java:658)
at org.mindrot.jbcrypt.BCrypt.hashpw(BCrypt.java:658)
at org.mindrot.jbcrypt.BCrypt.checkpw(BCrypt.java:764)
at medsched.data.UserDB.loginUser(UserDB.java:216)
at   medsched.controllers.UserController.logInToSite(UserController.java:165)
at medsched.controllers.UserController.doPost(UserController.java:41)

这可能是我使用 BCrypt.checkpw 的方式吗?如果我尝试登录,但不是在 Netbeans 中启动应用程序时,我会理解出现的错误。

public static User loginUser(String phnum,String passw) {
    ConnectionPool pool = ConnectionPool.getInstance();
    Connection connection = pool.getConnection();
    PreparedStatement ps = null;
    ResultSet rs = null;
    String hpwd="";

    //Get the key 
    String key=confUtil.encDeckey();

     String query = "SELECT userid,fName,pwd FROM users "
           + "WHERE  phone = AES_ENCRYPT(?,?) AND active=1";
    try {
        ps = connection.prepareStatement(query);
        ps.setString(1, phnum);
        ps.setString(2, key);
        rs = ps.executeQuery();
        User user = null;
        if (rs.next()) {
            user = new User();
            user.setUserID(rs.getLong("userid"));
            user.setFName(rs.getString("fName"));
            user.setPwd(rs.getString("pwd"));
           hpwd=user.getPwd();
        }
        if(hpwd!=null || !hpwd.isEmpty()){
            if(!BCrypt.checkpw(passw,hpwd)){
            user=null;
            }
        }

    } catch (SQLException e) {
        //System.err.println(e);
        log.error("Exception when trying to log in",e);

        return null;
    } finally {
        DBUtil.closeResultSet(rs);
        DBUtil.closePreparedStatement(ps);
        pool.freeConnection(connection);
    }
}

今天再次出现问题,发布我收到的 500 错误

HTTP 状态 500 - 字符串索引超出范围:0 类型异常报告

message String index out of range: 0

description The server encountered an internal error that prevented it from fulfilling this request.

exception
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
java.lang.String.charAt(String.java:658)
org.mindrot.jbcrypt.BCrypt.hashpw(BCrypt.java:658)
org.mindrot.jbcrypt.BCrypt.checkpw(BCrypt.java:764)
medsched.data.UserDB.loginUser(UserDB.java:190)
medsched.controllers.UserController.logInToSite(UserController.java:169)
medsched.controllers.UserController.doPost(UserController.java:41)
javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
  org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
 org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:213)
 medsched.filters.SecPageFilter.doFilter(SecPageFilter.java:61)
        org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)

 note The full stack trace of the root cause is available in the Apache Tomcat/8.0.27 logs.
4

1 回答 1

0

我刚刚遇到了类似的问题:

Bcrypt 抛出java.lang.StringIndexOutOfBoundsException: String index out of range: 0.

就我而言,我发现散列密码为空。

在没有看到更多代码的情况下,我无法说出为什么在应用程序启动时出现此错误。

于 2018-02-01T14:59:44.130 回答