Session Timeout. Please login again at login page

[slikk...@gmail.com]

Hi,

I used to try to login to the webpasswordsafe after deploying the code, I got Session Timeout. Please login again  message.  I checked the database and I see the "admin" user is created in the users table. My understanding is that the "admin" user password is created when the login page is displayed.    When I checked the passwords and password_data tables I see no values for the admin password.

Any suggestion on what I am missing?  This was working before in another machine.

Where in the code I can find the insertion of the admin password in the database?

Thanks,

[Gordon Tetlow]

Whenever there is an exception that invalidates the session (even at the login prompt), it'll show "Session Timeout." Check your tomcat logs.

--
You received this message because you are subscribed to the Google Groups "webpasswordsafe" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webpasswordsa...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[slikk...@gmail.com]

I verified that I have the most recent JCE for java 7.  This working before, so I am not sure change could cause this to stop working.

Do you know when the admin password is created in the database?  I thought it was created when the login page was displayed.

I checked webpasswordsafe.log and I saw this exception:

class org.jasypt.exception.EncryptionOperationNotPossibleException persistence is false.

Then I checked the tomcat log:

org.gwtwidgets.server.spring.gilead.GileadRPCServiceExporter.encodeResponseForFailure(GileadRPCServiceExporter.java:169)
 at org.gwtwidgets.server.spring.GWTRPCServiceExporter.handleInvocationTargetException(GWTRPCServiceExporter.java:256)
 at org.gwtwidgets.server.spring.GWTRPCServiceExporter.processCall(GWTRPCServiceExporter.java:344)
 ... 33 more
Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException
 at org.jasypt.digest.StandardByteDigester.matches(StandardByteDigester.java:1107)
 at org.jasypt.digest.StandardStringDigester.matches(StandardStringDigester.java:1052)
 at org.jasypt.util.password.StrongPasswordEncryptor.checkPassword(StrongPasswordEncryptor.java:99)
 at net.webpasswordsafe.server.plugin.encryption.JasyptDigester.check(JasyptDigester.java:48)
 at net.webpasswordsafe.server.plugin.authentication.LocalAuthenticator.authenticate(LocalAuthenticator.java:48)
 at net.webpasswordsafe.server.plugin.authentication.CompositeAuthenticator.authenticate(CompositeAuthenticator.java:69)
 at net.webpasswordsafe.server.plugin.authentication.UserLockoutAuthenticator.authenticate(UserLockoutAuthenticator.java:58)
 at net.webpasswordsafe.server.plugin.authentication.IPLockoutAuthenticator.authenticate(IPLockoutAuthenticator.java:72)
 at net.webpasswordsafe.server.service.LoginServiceImpl.login(LoginServiceImpl.java:109)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
 at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
 at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
 at com.sun.proxy.$Proxy29.login(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at org.gwtwidgets.server.spring.gilead.GileadRPCServiceExporter.invokeMethodOnService(GileadRPCServiceExporter.java:149)
 at org.gwtwidgets.server.spring.GWTRPCServiceExporter.processCall(GWTRPCServiceExporter.java:338)
 ... 33 more

Thanks for you help!!

[Gordon Tetlow]

Can't say for sure, but my guess is the database is messed up. It doesn't seem to be able to do the password verification.

Gordon

[slikk...@gmail.com]

That was my first thought. so I deleted the database and created new one.

1) Created the database and the user
        mysql> create database webpasswordsafe;

        mysql> create user wps@localhost identified by 'mysql_wps_password';

        mysql> grant all privileges on webpasswordsafe.* to wps@localhost;

        mysql> grant usage on webpasswordsafe.* to wps@localhost;

        mysql> flush privileges;

        mysql> exit

 

2) Verified the grants

mysql> show grants for wps@localhost;

+-----------------------------------------------------------------------+

| Grants for wps@localhost                                              |

+-----------------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'wps'@'localhost' IDENTIFIED BY PASSWORD 'xxxx' |

| GRANT ALL PRIVILEGES ON `webpasswordsafe`.* TO 'wps'@'localhost'      |

+-----------------------------------------------------------------------+

3) Restarted tomcat.

4) Loaded the application

5) The "admin" account was created in the "users" table at 2015-12-12 2:58:03  ( so the connection to the database is good and permissions are setup correctly)

I saw this exception in the tomcat log which is very generic.

When I built the code the unit test for encryption passed without failure.

I am not sure what changed, given that it was working last week.

Any thoughts.  Thanks for your help!!

-----------

12-Dec-2015 20:54:24.374 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log ContextListener: contextInitialized()
12-Dec-2015 20:54:24.374 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log SessionListener: contextInitialized()
12-Dec-2015 20:58:46.745 SEVERE [http-nio-8080-exec-10] org.apache.catalina.core.ApplicationContext.log Exception while dispatching incoming RPC call
 java.lang.RuntimeException: com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract boolean net.webpasswordsafe.client.remote.LoginService.login(java.lang.String,java.lang.String)' threw an unexpected exception: org.jasypt.exceptions.EncryptionOperationNotPossibleException
        at org.gwtwidgets.server.spring.GWTRPCServiceExporter.handleExporterProcessingException(GWTRPCServiceExporter.java:384)
        at org.gwtwidgets.server.spring.GWTRPCServiceExporter.processCall(GWTRPCServiceExporter.java:353)
        at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
        at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
        at org.gwtwidgets.server.spring.GWTRPCServiceExporter.handleRequest(GWTRPCServiceExporter.java:407)
        at org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:49)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:900)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:827)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at net.webpasswordsafe.server.filter.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:64)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract boolean net.webpasswordsafe.client.remote.LoginService.login(java.lang.String,java.lang.String)' threw an unexpected exception: org.jasypt.exceptions.EncryptionOperationNotPossibleException
        at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:389)
        at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:374)

       at org.gwtwidgets.server.spring.GWTRPCServiceExporter.encodeResponseForFailure(GWTRPCServiceExporter.java:223)
        at org.gwtwidgets.server.spring.gilead.GileadRPCServiceExporter.encodeResponseForFailure(GileadRPCServiceExporter.java:169)

        at org.gwtwidgets.server.spring.GWTRPCServiceExporter.handleInvocationTargetException(GWTRPCServiceExporter.java:256)
        at org.gwtwidgets.server.spring.GWTRPCServiceExporter.processCall(GWTRPCServiceExporter.java:344)

        ... 34 more

Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException
        at org.jasypt.digest.StandardByteDigester.matches(StandardByteDigester.java:1107)
        at org.jasypt.digest.StandardStringDigester.matches(StandardStringDigester.java:1052)
        at org.jasypt.util.password.StrongPasswordEncryptor.checkPassword(StrongPasswordEncryptor.java:99)
        at net.webpasswordsafe.server.plugin.encryption.JasyptDigester.check(JasyptDigester.java:48)
        at net.webpasswordsafe.server.plugin.authentication.LocalAuthenticator.authenticate(LocalAuthenticator.java:48)
        at net.webpasswordsafe.server.plugin.authentication.CompositeAuthenticator.authenticate(CompositeAuthenticator.java:69)
        at net.webpasswordsafe.server.plugin.authentication.UserLockoutAuthenticator.authenticate(UserLockoutAuthenticator.java:58)
        at net.webpasswordsafe.server.plugin.authentication.IPLockoutAuthenticator.authenticate(IPLockoutAuthenticator.java:72)
        at net.webpasswordsafe.server.service.LoginServiceImpl.login(LoginServiceImpl.java:109)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)

        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)

        at com.sun.proxy.$Proxy30.login(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)

        at org.gwtwidgets.server.spring.gilead.GileadRPCServiceExporter.invokeMethodOnService(GileadRPCServiceExporter.java:149)
        at org.gwtwidgets.server.spring.GWTRPCServiceExporter.processCall(GWTRPCServiceExporter.java:338)

        ... 34 more

----------