java.lang.StringIndexOutOfBoundsException: String index out of range: -1

Apereo Issues | David Ordás | 4 years ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    Since the attributes can be populated from different sources (in my problem from a rich html editor embebed in a form) is hard difficult manage if that values have special characters that acts as tokens in the validator. So, I am wondered why, in the TicketValidator 1.0/2.0, the server response is not full handled by a XML parser like in phpCAS client is done to avoid some frustrated situations like multiline valued attributes. That said, I think that all clients should process the response using the same mechanisms because with ones the response works but with others not. Considere the next response fragment: {code:xml} ... <cas:attributes> ... <cas:signature> The sun is shining<br/> <img src="/resources/user/aklshd12kh12/129123.png" /> </cas:signature> ... </cas:attributes> ... {code} When the validator try to detect the attributes name and read the line *{{The sun is shining<br/>}}* a exception is thrown {code} java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.extractCustomAttributes(Cas20ServiceTicketValidator.java:145) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:98) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140) at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) at org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:147) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:662) {code} due to in next code block {code:java} try { while ((line = br.readLine()) != null) { final String trimmedLine = line.trim(); if (trimmedLine.length() > 0) { final int leftPos = trimmedLine.indexOf(":"); final int rightPos = trimmedLine.indexOf(">"); attributeNames.add(trimmedLine.substring(leftPos+1, rightPos)); } } br.close(); } catch (final IOException e) { //ignore } {code} the existence tokens is not verified. Even worse, a false attribute is returned if in the mutiline attribute value has some of that reserved tokens.

    Apereo Issues | 4 years ago | David Ordás
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
  2. 0

    Since the attributes can be populated from different sources (in my problem from a rich html editor embebed in a form) is hard difficult manage if that values have special characters that acts as tokens in the validator. So, I am wondered why, in the TicketValidator 1.0/2.0, the server response is not full handled by a XML parser like in phpCAS client is done to avoid some frustrated situations like multiline valued attributes. That said, I think that all clients should process the response using the same mechanisms because with ones the response works but with others not. Considere the next response fragment: {code:xml} ... <cas:attributes> ... <cas:signature> The sun is shining<br/> <img src="/resources/user/aklshd12kh12/129123.png" /> </cas:signature> ... </cas:attributes> ... {code} When the validator try to detect the attributes name and read the line *{{The sun is shining<br/>}}* a exception is thrown {code} java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.extractCustomAttributes(Cas20ServiceTicketValidator.java:145) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:98) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217) at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140) at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) at org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:147) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:662) {code} due to in next code block {code:java} try { while ((line = br.readLine()) != null) { final String trimmedLine = line.trim(); if (trimmedLine.length() > 0) { final int leftPos = trimmedLine.indexOf(":"); final int rightPos = trimmedLine.indexOf(">"); attributeNames.add(trimmedLine.substring(leftPos+1, rightPos)); } } br.close(); } catch (final IOException e) { //ignore } {code} the existence tokens is not verified. Even worse, a false attribute is returned if in the mutiline attribute value has some of that reserved tokens.

    Apereo Issues | 4 years ago | David Ordás
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
  3. 0

    CAS 4, does not work properly with cas client core 3.1.12

    Stack Overflow | 2 years ago | Stupidfrog
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    CAS 4, does not work properly with cas client core 3.1.12

    Google Groups | 2 years ago | jeffrey tan
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
  6. 0

    [cas-user] Troubles using cas Service and server on same machine

    Google Groups | 3 years ago | ray
    java.lang.StringIndexOutOfBoundsException: String index out of range: -1
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. java.lang.StringIndexOutOfBoundsException

    String index out of range: -1

    at java.lang.String.substring()
  2. Java RT
    String.substring
    1. java.lang.String.substring(String.java:1937)
    1 frame
  3. Jasig CAS Client for Java - Core
    AbstractUrlBasedTicketValidator.validate
    1. org.jasig.cas.client.validation.Cas20ServiceTicketValidator.extractCustomAttributes(Cas20ServiceTicketValidator.java:145)
    2. org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:98)
    3. org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217)
    3 frames
  4. spring-security-cas
    CasAuthenticationProvider.authenticate
    1. org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)
    2. org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)
    2 frames
  5. spring-security-core
    ProviderManager.authenticate
    1. org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
    1 frame
  6. spring-security-cas
    CasAuthenticationFilter.attemptAuthentication
    1. org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242)
    1 frame
  7. Spring Security
    FilterChainProxy.doFilter
    1. org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
    2. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    3. org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    4. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    5. org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    6. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    7. org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
    7 frames
  8. Spring
    DelegatingFilterProxy.doFilter
    1. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    2. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    2 frames
  9. Glassfish Core
    ApplicationFilterChain.doFilter
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    2 frames
  10. Spring ORM
    OpenEntityManagerInViewFilter.doFilterInternal
    1. org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:147)
    1 frame
  11. Spring
    DelegatingFilterProxy.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    2. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    3. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    3 frames
  12. Glassfish Core
    ApplicationFilterChain.doFilter
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    2 frames
  13. Inspektr - Common API
    ClientInfoThreadLocalFilter.doFilter
    1. com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
    1 frame
  14. Glassfish Core
    ApplicationFilterChain.doFilter
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    2 frames
  15. Spring
    DelegatingFilterProxy.doFilter
    1. org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    2. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    3. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    4. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    4 frames
  16. Glassfish Core
    CoyoteAdapter.service
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    3. org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    4. org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    5. org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    6. org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    7. org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    8. org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
    8 frames
  17. Embedded GlassFish Web
    ChannelSocket$SocketConnection.runIt
    1. org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
    2. org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
    3. org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
    4. org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
    5. org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
    5 frames
  18. Tomcat Util
    ThreadPool$ControlRunnable.run
    1. org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
    1 frame
  19. Java RT
    Thread.run
    1. java.lang.Thread.run(Thread.java:662)
    1 frame