java.io.CharConversionException: EOF

Spring JIRA | steveneo | 8 years ago
  1. 0

    I am not 100% sure it is SpringSecurity bug as I can not reproduce this bug. It maybe caused by tomcat session management or EHCache... But I put it here just because it is very serious issue. I really need SS expert's help.... For the whole authentication process, very few part of my code is involved, almost all from SS configuration. My site is running on Internet and allow public register and login. Someday, while I login(or maybe remember-me auto login, I forgot detail), my user should be "admin". But I suddenly found my login user is another unknown guy(user name is "alexuser") !!!! I checked log, that guy is latest registered user, last login is 2 hour early than my login. I cannot point out if he chose remeber-me option. Between alexuser and me login, there aren't any login event. There are 2 login success events during my login. Log shows an exception between them, but I don't think this exception is very critical for this bug. The exception is thrown from a customized filter(CaptchaValidationProcessingFilter - see attachment), in line 1 of doFilter(): String captchaResponse = request.getParameter("j_captcha_response"); The attachment is my appliationContext-security.xml. I am using spring security 2.0.3. But my code is upgraded from acegi, so my configuration is still that bloat xml style. Log information as below, the first login event publish success event, but it does not continue - at least log displays "admin" did not continue to load its setting. It looks second login success event replaced first. Basically, I assume the real "alexuser" did not login simultaneously. It likes SpringSecurity API interrupt by that exception then goes somewhere pickup wrong user and do authentication again... Log ---------------------------------------------------------------------------------------- 2008-12-18 06:24:10,750 WARN [LoggerListener] Authentication event AuthenticationSuccessEvent: admin; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 60.242.146.122; SessionId: 1F63337DB300CA25A919E72CF52590C5 2008-12-18 06:24:10,750 WARN [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent: admin; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 60.242.146.122; SessionId: 1F63337DB300CA25A919E72CF52590C5 Dec 18, 2008 6:24:10 AM org.apache.tomcat.util.http.Parameters processParameters WARNING: Parameters: Character decoding failed. Parameter skipped. java.io.CharConversionException: EOF at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:83) at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:49) at org.apache.tomcat.util.http.Parameters.urlDecode(Parameters.java:412) at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:394) at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:346) at org.apache.catalina.connector.Request.parseParameters(Request.java:2470) at org.apache.catalina.connector.Request.getParameter(Request.java:1040) at org.apache.catalina.connector.RequestFacade.getParameter(RequestFacade.java:355) at com.mypackge.wiki.security.acegi.CaptchaValidationProcessingFilter.doFilter(CaptchaValidationProcessingFilter.java:59) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:70) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.mypackage.wiki.webapp.filter.InstallFilter.doFilterInternal(InstallFilter.java:49) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 2008-12-18 06:24:10,821 WARN [LoggerListener] Authentication event AuthenticationSuccessEvent: alexuser; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 60.242.146.122; SessionId: 1F63337DB300CA25A919E72CF52590C5 2008-12-18 06:24:10,822 WARN [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent: alexuser; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 60.242.146.122; SessionId: 1F63337DB300CA25A919E72CF52590C5 2008-12-18 06:24:11,061 WARN [User] User alexuser does not have personal setting, using default one instead. 2008-12-18 06:24:11,463 INFO [MarkupRenderEngineImpl] Render markup content takes: 1ms ----------------------------------------------------------------------------------------

    Spring JIRA | 8 years ago | steveneo
    java.io.CharConversionException: EOF
  2. 0

    I am not 100% sure it is SpringSecurity bug as I can not reproduce this bug. It maybe caused by tomcat session management or EHCache... But I put it here just because it is very serious issue. I really need SS expert's help.... For the whole authentication process, very few part of my code is involved, almost all from SS configuration. My site is running on Internet and allow public register and login. Someday, while I login(or maybe remember-me auto login, I forgot detail), my user should be "admin". But I suddenly found my login user is another unknown guy(user name is "alexuser") !!!! I checked log, that guy is latest registered user, last login is 2 hour early than my login. I cannot point out if he chose remeber-me option. Between alexuser and me login, there aren't any login event. There are 2 login success events during my login. Log shows an exception between them, but I don't think this exception is very critical for this bug. The exception is thrown from a customized filter(CaptchaValidationProcessingFilter - see attachment), in line 1 of doFilter(): String captchaResponse = request.getParameter("j_captcha_response"); The attachment is my appliationContext-security.xml. I am using spring security 2.0.3. But my code is upgraded from acegi, so my configuration is still that bloat xml style. Log information as below, the first login event publish success event, but it does not continue - at least log displays "admin" did not continue to load its setting. It looks second login success event replaced first. Basically, I assume the real "alexuser" did not login simultaneously. It likes SpringSecurity API interrupt by that exception then goes somewhere pickup wrong user and do authentication again... Log ---------------------------------------------------------------------------------------- 2008-12-18 06:24:10,750 WARN [LoggerListener] Authentication event AuthenticationSuccessEvent: admin; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 60.242.146.122; SessionId: 1F63337DB300CA25A919E72CF52590C5 2008-12-18 06:24:10,750 WARN [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent: admin; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 60.242.146.122; SessionId: 1F63337DB300CA25A919E72CF52590C5 Dec 18, 2008 6:24:10 AM org.apache.tomcat.util.http.Parameters processParameters WARNING: Parameters: Character decoding failed. Parameter skipped. java.io.CharConversionException: EOF at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:83) at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:49) at org.apache.tomcat.util.http.Parameters.urlDecode(Parameters.java:412) at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:394) at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:346) at org.apache.catalina.connector.Request.parseParameters(Request.java:2470) at org.apache.catalina.connector.Request.getParameter(Request.java:1040) at org.apache.catalina.connector.RequestFacade.getParameter(RequestFacade.java:355) at com.mypackge.wiki.security.acegi.CaptchaValidationProcessingFilter.doFilter(CaptchaValidationProcessingFilter.java:59) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371) at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:70) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.mypackage.wiki.webapp.filter.InstallFilter.doFilterInternal(InstallFilter.java:49) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 2008-12-18 06:24:10,821 WARN [LoggerListener] Authentication event AuthenticationSuccessEvent: alexuser; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 60.242.146.122; SessionId: 1F63337DB300CA25A919E72CF52590C5 2008-12-18 06:24:10,822 WARN [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent: alexuser; details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 60.242.146.122; SessionId: 1F63337DB300CA25A919E72CF52590C5 2008-12-18 06:24:11,061 WARN [User] User alexuser does not have personal setting, using default one instead. 2008-12-18 06:24:11,463 INFO [MarkupRenderEngineImpl] Render markup content takes: 1ms ----------------------------------------------------------------------------------------

    Spring JIRA | 8 years ago | steveneo
    java.io.CharConversionException: EOF
  3. 0

    Why % is not allowed

    Stack Overflow | 4 years ago | Prateek
    java.io.CharConversionException: EOF
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

    3 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.io.CharConversionException

      EOF

      at org.apache.tomcat.util.buf.UDecoder.convert()
    2. Tomcat Util
      UDecoder.convert
      1. org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:83)
      2. org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:49)
      2 frames
    3. Grizzly HTTP
      Parameters.processParameters
      1. org.apache.tomcat.util.http.Parameters.urlDecode(Parameters.java:412)
      2. org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:394)
      3. org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:346)
      3 frames
    4. Glassfish Core
      RequestFacade.getParameter
      1. org.apache.catalina.connector.Request.parseParameters(Request.java:2470)
      2. org.apache.catalina.connector.Request.getParameter(Request.java:1040)
      3. org.apache.catalina.connector.RequestFacade.getParameter(RequestFacade.java:355)
      3 frames
    5. com.mypackge.wiki
      CaptchaValidationProcessingFilter.doFilter
      1. com.mypackge.wiki.security.acegi.CaptchaValidationProcessingFilter.doFilter(CaptchaValidationProcessingFilter.java:59)
      1 frame
    6. spring-security-core
      FilterChainProxy$VirtualFilterChain.doFilter
      1. org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      1 frame
    7. Spring Security - Portlet support
      HttpSessionContextIntegrationFilter.doFilterHttp
      1. org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
      1 frame
    8. org.springframework.security
      SpringSecurityFilter.doFilter
      1. org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      1 frame
    9. spring-security-core
      FilterChainProxy.doFilter
      1. org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      2. org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174)
      2 frames
    10. Spring
      DelegatingFilterProxy.doFilter
      1. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
      2. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
      2 frames
    11. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    12. Spring
      OncePerRequestFilter.doFilter
      1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:70)
      1 frame
    13. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    14. Hibernate
      OpenSessionInViewFilter.doFilterInternal
      1. org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
      1 frame
    15. Spring
      OncePerRequestFilter.doFilter
      1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
      1 frame
    16. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    17. com.mypackage.wiki
      InstallFilter.doFilterInternal
      1. com.mypackage.wiki.webapp.filter.InstallFilter.doFilterInternal(InstallFilter.java:49)
      1 frame
    18. Spring
      OncePerRequestFilter.doFilter
      1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
      1 frame
    19. Glassfish Core
      CoyoteAdapter.service
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      3. org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      4. org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      5. org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      6. org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      7. org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
      8. org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      9. org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
      9 frames
    20. Grizzly HTTP
      JIoEndpoint$Worker.run
      1. org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
      2. org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
      3. org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      3 frames
    21. Java RT
      Thread.run
      1. java.lang.Thread.run(Thread.java:619)
      1 frame