java.lang.StringIndexOutOfBoundsException: String index out of range: -1

Apereo Issues | David Ordás | 4 years ago
  1. 0

    Since the attributes can be populated from different sources (in my problem from a rich html editor embebed in a form) is hard difficult manage if that values have special characters that acts as tokens in the validator. So, I am wondered why, in the TicketValidator 1.0/2.0, the server response is not full handled by a XML parser like in phpCAS client is done to avoid some frustrated situations like multiline valued attributes. That said, I think that all clients should process the response using the same mechanisms because with ones the response works but with others not. Considere the next response fragment: {code:xml} ... <cas:attributes> ... <cas:signature> The sun is shining<br/> <img src="/resources/user/aklshd12kh12/129123.png" /> </cas:signature> ... </cas:attributes> ... {code} When the validator try to detect the attributes name and read the line *{{The sun is shining<br/>}}* a exception is thrown {code} java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.extractCustomAttributes(Cas20ServiceTicketValidator.java:145) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:98) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140) at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) at org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:147) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:662) {code} due to in next code block {code:java} try { while ((line = br.readLine()) != null) { final String trimmedLine = line.trim(); if (trimmedLine.length() > 0) { final int leftPos = trimmedLine.indexOf(":"); final int rightPos = trimmedLine.indexOf(">"); attributeNames.add(trimmedLine.substring(leftPos+1, rightPos)); } } br.close(); } catch (final IOException e) { //ignore } {code} the existence tokens is not verified. Even worse, a false attribute is returned if in the mutiline attribute value has some of that reserved tokens.

    Apereo Issues | 4 years ago | David Ordás
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
  2. 0

    Since the attributes can be populated from different sources (in my problem from a rich html editor embebed in a form) is hard difficult manage if that values have special characters that acts as tokens in the validator. So, I am wondered why, in the TicketValidator 1.0/2.0, the server response is not full handled by a XML parser like in phpCAS client is done to avoid some frustrated situations like multiline valued attributes. That said, I think that all clients should process the response using the same mechanisms because with ones the response works but with others not. Considere the next response fragment: {code:xml} ... <cas:attributes> ... <cas:signature> The sun is shining<br/> <img src="/resources/user/aklshd12kh12/129123.png" /> </cas:signature> ... </cas:attributes> ... {code} When the validator try to detect the attributes name and read the line *{{The sun is shining<br/>}}* a exception is thrown {code} java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.extractCustomAttributes(Cas20ServiceTicketValidator.java:145) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:98) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140) at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) at org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:147) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:662) {code} due to in next code block {code:java} try { while ((line = br.readLine()) != null) { final String trimmedLine = line.trim(); if (trimmedLine.length() > 0) { final int leftPos = trimmedLine.indexOf(":"); final int rightPos = trimmedLine.indexOf(">"); attributeNames.add(trimmedLine.substring(leftPos+1, rightPos)); } } br.close(); } catch (final IOException e) { //ignore } {code} the existence tokens is not verified. Even worse, a false attribute is returned if in the mutiline attribute value has some of that reserved tokens.

    Apereo Issues | 4 years ago | David Ordás
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
  3. 0

    CAS 4, does not work properly with cas client core 3.1.12

    Stack Overflow | 2 years ago | Stupidfrog
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    CAS 4, does not work properly with cas client core 3.1.12

    Google Groups | 2 years ago | jeffrey tan
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
  6. 0

    [cas-user] Troubles using cas Service and server on same machine

    Google Groups | 3 years ago | ray
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. java.lang.StringIndexOutOfBoundsException

    String index out of range: -1

    at java.lang.String.substring()
  2. Java RT
    String.substring
    1. java.lang.String.substring(String.java:1937)
    1 frame
  3. Jasig CAS Client for Java - Core
    AbstractUrlBasedTicketValidator.validate
    1. org.jasig.cas.client.validation.Cas20ServiceTicketValidator.extractCustomAttributes(Cas20ServiceTicketValidator.java:145)
    2. org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:98)
    3. org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217)
    3 frames
  4. spring-security-cas
    CasAuthenticationProvider.authenticate
    1. org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)
    2. org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)
    2 frames
  5. spring-security-core
    ProviderManager.authenticate
    1. org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
    1 frame
  6. spring-security-cas
    CasAuthenticationFilter.attemptAuthentication
    1. org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242)
    1 frame
  7. Spring Security
    FilterChainProxy.doFilter
    1. org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
    2. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    3. org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    4. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    5. org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    6. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    7. org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
    7 frames
  8. Spring
    DelegatingFilterProxy.doFilter
    1. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    2. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    2 frames
  9. Glassfish Core
    ApplicationFilterChain.doFilter
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    2 frames
  10. Spring ORM
    OpenEntityManagerInViewFilter.doFilterInternal
    1. org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:147)
    1 frame
  11. Spring
    DelegatingFilterProxy.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    2. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    3. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    3 frames
  12. Glassfish Core
    ApplicationFilterChain.doFilter
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    2 frames
  13. Inspektr - Common API
    ClientInfoThreadLocalFilter.doFilter
    1. com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
    1 frame
  14. Glassfish Core
    ApplicationFilterChain.doFilter
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    2 frames
  15. Spring
    DelegatingFilterProxy.doFilter
    1. org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    2. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    3. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    4. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    4 frames
  16. Glassfish Core
    CoyoteAdapter.service
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    3. org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    4. org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    5. org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    6. org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    7. org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    8. org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
    8 frames
  17. Embedded GlassFish Web
    ChannelSocket$SocketConnection.runIt
    1. org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
    2. org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
    3. org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
    4. org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
    5. org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
    5 frames
  18. Tomcat Util
    ThreadPool$ControlRunnable.run
    1. org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
    1 frame
  19. Java RT
    Thread.run
    1. java.lang.Thread.run(Thread.java:662)
    1 frame