Basic Auth Exception (Intermittent)

[Vaibhav Dhawan]

Hello, 

Currently on Dropwizard 1.0.0. While scanning my logs yesterday, i see few occurrences of

 java.lang.IllegalArgumentException: com.google.common.io.BaseEncoding$DecodingException: Invalid input length 9

in my logs. Currently, there is only one consumer for my service and it is sending me static user name and password as basic auth creds. 

Again, this doesnt occur every time, which makes it all the more difficult to debug. The password for basic auth is 2dff92c1-81c5-44e0-a2a8-66686b0a8e66 (not sure if this could be the reason). 

The full exception trace is :

 i.d.a.b.BasicCredentialAuthFilter -  Error decoding credentials

java.lang.IllegalArgumentException: com.google.common.io.BaseEncoding$DecodingException: Invalid input length 9

        at com.google.common.io.BaseEncoding.decode(BaseEncoding.java:212)

        at io.dropwizard.auth.basic.BasicCredentialAuthFilter.getCredentials(BasicCredentialAuthFilter.java:58)

        at io.dropwizard.auth.basic.BasicCredentialAuthFilter.filter(BasicCredentialAuthFilter.java:27)

        at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:132)

        at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:68)

        at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)

        at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:318)

        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)

        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)

        at org.glassfish.jersey.internal.Errors.process(Errors.java:315)

        at org.glassfish.jersey.internal.Errors.process(Errors.java:297)

        at org.glassfish.jersey.internal.Errors.process(Errors.java:267)

        at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)

        at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)

        at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)

        at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:473)

        at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:427)

        at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:388)

        at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:341)

        at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:228)

        at io.dropwizard.jetty.NonblockingServletHolder.handle(NonblockingServletHolder.java:49)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1689)

        at io.dropwizard.servlets.ThreadNameFilter.doFilter(ThreadNameFilter.java:34)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)

        at io.dropwizard.jersey.filter.AllowedMethodsFilter.handle(AllowedMethodsFilter.java:50)

        at io.dropwizard.jersey.filter.AllowedMethodsFilter.doFilter(AllowedMethodsFilter.java:44)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1174)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1106)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)

        at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:240)

        at io.dropwizard.jetty.RoutingHandler.handle(RoutingHandler.java:51)

        at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:459)

        at io.dropwizard.jetty.BiDiGzipHandler.handle(BiDiGzipHandler.java:68)

        at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:56)

        at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:169)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)

        at org.eclipse.jetty.server.Server.handle(Server.java:524)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)

        at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)

        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)

        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)

        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)

        at java.lang.Thread.run(Thread.java:745)

Caused by: com.google.common.io.BaseEncoding$DecodingException: Invalid input length 9

        at com.google.common.io.BaseEncoding$Base64Encoding.decodeTo(BaseEncoding.java:872)

        at com.google.common.io.BaseEncoding.decodeChecked(BaseEncoding.java:226)

        at com.google.common.io.BaseEncoding.decode(BaseEncoding.java:210)

Thanks

[Jonne Jyrylä]

Hi

Basic auth credentials need to be Base64 encoded[1]. Maybe your API consumer is sometimes sending the credentials with ASCII encoding?

The "Invalid input length 9" error message suggests that the input is not properly Base64 encoded, because the length of Base64 encoded text must be an integer multiple of 4[2].

[1] http://stackoverflow.com/questions/5597086/base-64-encoding-in-http-basic-auth

[2] http://stackoverflow.com/questions/4080988/why-does-base64-encoding-requires-padding-if-the-input-length-is-not-divisible-b

--
You received this message because you are subscribed to the Google Groups "dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-user+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Jonne Jyrylä
jaa...@gmail.com