重新加密域密码

问题描述
域的用户名/密码加密无效导致 JSAFE_PaddingException,从而不允许服务器启动。

快速链接
常见异常
为什么发生此问题?
解决方法
公共解决办法参考
需要更多帮助?
.
常见异常
下列异常已知会在域的用户名/密码加密无效时出现。可能还有其它类似的抛出异常在此并未列出。

JSAFE_PaddingException (WLP 8.1)
<portalServer> <Thread-16> <<anonymous>> <> <BEA-420731>
<Exception [weblogic.security.internal.encryption.EncryptionServiceException - with nested exception:
[com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.]] thrown while trying to do task [handleTimerNotification] in class [co m.bea.wsrp.consumer.management.portlet.ProxyPortletRemoveListener].
java.lang.Throwable
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes([B)[B(JSafeEncryptionServiceImpl.java:77)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString([B)Ljava.lang.String;(JSafeEncryptionServiceImpl.java:93)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(Ljava.lang.String;)Ljava.lang.String;(ClearOrEncryptedService.java:56)
at weblogic.management.EncryptionHelper.decryptString([B)Ljava.lang.String;(EncryptionHelper.java:45)
at com.bea.wsrp.consumer.management.portlet.ProxyPortletRemoveListener$ProxyPortletRemover.getAdminPassword()Ljava.lang.String;(ProxyPortletRemoveListener.java:470)
at com.bea.wsrp.consumer.management.portlet.ProxyPortletRemoveListener$ProxyPortletRemover.run()Ljava.lang.Object;(ProxyPortletRemoveListener.java:252)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedExceptionAction;)Ljava.lang.Object;(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.Authenticated Subject;Ljava.security.PrivilegedExceptionAction;)Ljava.lang.Object;(SecurityManager.java:147)
at com.bea.wsrp.consumer.management.portlet.ProxyPortletRemoveListener.handleNotification(Ljavax.management.Notification;Ljava.lang.Object;)V(ProxyPortletRemoveListener.java:202)
at javax.management.NotificationBroadcasterSupport$Triple.fire(Ljavax.management.Notification;)V(NotificationBroadcasterSupport.java:40)
at javax.management.NotificationBroadcasterSupport.sendNotification(Ljavax.management.Notification;)V(NotificationBroadcasterSupport.java:121)
at javax.management.timer.Timer.sendNotification(Ljava.util.Date;Ljavax.management.timer.TimerNotification;)V(Timer.java:1119)
at javax.management.timer.Timer.notifyAlarmClock(Ljavax.management.timer.TimerAlarmClockNotification;)V(Timer.java:1089)
at javax.management.timer.TimerAlarmClock.run()V(Timer.java:1165)
at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)

返回页首

内嵌 LDAP 中的 JSAFE_PaddingException (WLP 8.1)
<Management> <BEA-140001> <An error occurred while getting attribute Credential on MBean bellcaDomain:Location=portalServer,Name=bellcaDomain,Type=EmbeddedLDAPConfig. Method: null. Exception: com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte..

com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.
at com.rsa.jsafe.JA_PKCS5Padding.performUnpadding(Unknown Source)
at com.rsa.jsafe.JG_BlockCipher.decryptFinal(Unknown Source)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decrypt Bytes(JSafeEncryptionServiceImpl.java:67)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decrypt String(JSafeEncryptionServiceImpl.java:93)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:56)
at weblogic.management.EncryptionHelper.decryptString(EncryptionHelper.java:45)
at weblogic.management.internal.DynamicMBeanImpl.getAttribute(DynamicMBeanImpl.java:624)
at weblogic.management.internal.ConfigurationMBeanImpl.getAttribute(ConfigurationMBeanImpl.java:179)
at com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.java:1186)
at com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.java:1156)
at weblogic.management.internal.RemoteMBeanServerImpl.getAttribute(RemoteMBeanServerImpl.java:288)
at weblogic.management.internal.MBeanProxy.getAttribute(MBeanProxy.java:610)
at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProxy.java:442)
at weblogic.management.configuration.EmbeddedLDAPMBean_Stub.getCredential(EmbeddedLDAPMBean_Stub.java:383)
at weblogic.ldap.EmbeddedLDAP.initServerConfig(EmbeddedLDAP.java:1117)
at weblogic.ldap.EmbeddedLDAP.initialize(EmbeddedLDAP.java:225)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:816)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
at weblogic.Server.main(Server.java:32)

返回页首

JSAFE_PaddingException (WLS 8.1)
[java] java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException:
Exception during processing: weblogic81.xml.security.SecurityConfigurationException: Failed adding encryption to request - with nested exception:
[java] [weblogic81.xml.security.SecurityProcessingException: Problem adding encrypted key - with nested exception:
[java] [weblogic81.xml.security.encryption.EncryptionException: The input requires padding, but NoPad was instantiated. - with nested exception:
[java] [com.rsa.jsafe.JSAFE_PaddingException: The input requires padding, but NoPad was instantiated.]]] (see Fault Detail for stacktrace)
[java] Detail:
[java] <detail>
[java] <bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">com.rsa.jsafe.JSAFE_PaddingException: The input requires padding, but NoPad was instantiated.
[java] at com.rsa.jsafe.JA_NoPad.performPadding(JA_NoPad.java:71)
[java] at com.rsa.jsafe.JG_AsymmetricCipher.doEncryptFinal(JG_AsymmetricCipher.java:475)
[java] at com.rsa.jsafe.JSAFE_AsymmetricCipher.encryptFinal(JSAFE_AsymmetricCipher.java:1304)
[java] at com.rsa.jsafe.JSAFE_AsymmetricCipher.encryptFinal(JSAFE_AsymmetricCipher.java:1259)
[java] at weblogic81.xml.security.encryption.CipherWrapper$JSafeCipherWrapper.doFinal(CipherWrapper.java:355)
[java] at weblogic81.xml.security.encryption.CipherWrapper.encrypt(CipherWrapper.java:120)
[java] at weblogic81.xml.security.encryption.KeyWrapRSA.wrap(KeyWrapRSA.java:101)
[java] at weblogic81.xml.security.encryption.EncryptedKey.setWrappedKey(EncryptedKey.java:195)
[java] at weblogic81.xml.security.encryption.EncryptedKey.<init>(EncryptedKey.java:56)
[java] at weblogic81.xml.security.wsse.v200207.SecurityImpl.addEncryption(SecurityImpl.java:191)
[java] at weblogic81.xml.security.wsse.v200207.SecurityImpl.addEncryption(SecurityImpl.java:139)
[java] at weblogic81.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:358)
[java] at weblogic81.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:100)
[java] at weblogic81.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
[java] at weblogic81.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
[java] at weblogic81.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
[java] at weblogic81.webservice.core.rpc.StubImpl._invoke(StubImpl.java:290)
.
.
.
[java] --------------- nested within: ------------------
[java] weblogic81.xml.security.encryption.EncryptionException: The input requires padding, but NoPad was instantiated. - with nested exception:
[java] [com.rsa.jsafe.JSAFE_PaddingException: The input requires padding, but NoPad was instantiated.]
[java] at weblogic81.xml.security.encryption.CipherWrapper$JSafeCipherWrapper.doFinal(CipherWrapper.java:359)
[java] at weblogic81.xml.security.encryption.CipherWrapper.encrypt(CipherWrapper.java:120)
[java] at weblogic81.xml.security.encryption.KeyWrapRSA.wrap(KeyWrapRSA.java:101)
[java] at weblogic81.xml.security.encryption.EncryptedKey.setWrappedKey(EncryptedKey.java:195)
[java] at weblogic81.xml.security.encryption.EncryptedKey.<init>(EncryptedKey.java:56)
[java] at weblogic81.xml.security.wsse.v200207.SecurityImpl.addEncryption(SecurityImpl.java:191)
[java] at weblogic81.xml.security.wsse.v200207.SecurityImpl.addEncryption(SecurityImpl.java:139)
[java] at weblogic81.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:358)
[java] at weblogic81.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:100)
[java] at weblogic81.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
[java] at weblogic81.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
[java] at weblogic81.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
[java] at weblogic81.webservice.core.rpc.StubImpl._invoke(StubImpl.java:290)
.
.
.
[java] --------------- nested within: ------------------
[java] weblogic81.xml.security.SecurityProcessingException: Problem adding encrypted key - with nested exception:
[java] [weblogic81.xml.security.encryption.EncryptionException: The input requires padding, but NoPad was instantiated. - with nested exception:
[java] [com.rsa.jsafe.JSAFE_PaddingException: The input requires padding, but NoPad was instantiated.]]
[java] at weblogic81.xml.security.wsse.v200207.SecurityImpl.addEncryption(SecurityImpl.java:196)
[java] at weblogic81.xml.security.wsse.v200207.SecurityImpl.addEncryption(SecurityImpl.java:139)
[java] at weblogic81.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:358)
[java] at weblogic81.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:100)
[java] at weblogic81.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
[java] at weblogic81.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
[java] at weblogic81.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
[java] at weblogic81.webservice.core.rpc.StubImpl._invoke(StubImpl.java:290)
.
.
.
[java] --------------- nested within: ------------------
[java] weblogic81.xml.security.SecurityConfigurationException: Failed adding encryption to request - with nested exception:
[java] [weblogic81.xml.security.SecurityProcessingException: Problem adding encrypted key - with nested exception:
[java] [weblogic81.xml.security.encryption.EncryptionException: The input requires padding, but NoPad was instantiated. - with nested exception:
[java] [com.rsa.jsafe.JSAFE_PaddingException: The input requires padding, but NoPad was instantiated.]]]
[java] at weblogic81.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:361)
[java] at weblogic81.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:100)
[java] at weblogic81.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
[java] at weblogic81.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
[java] at weblogic81.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
[java] at weblogic81.webservice.core.rpc.StubImpl._invoke(StubImpl.java:290)
.
.
.
[java]
[java] ; nested exception is:
[java] javax.xml.rpc.soap.SOAPFaultException: Exception during processing: weblogic81.xml.security.SecurityConfigurationException: Failed adding encryption to request - with nested exception:
[java] [weblogic81.xml.security.SecurityProcessingException: Problem adding encrypted key - with nested exception:
[java] [weblogic81.xml.security.encryption.EncryptionException: The input requires padding, but NoPad was instantiated. - with nested exception:
[java] [com.rsa.jsafe.JSAFE_PaddingException: The input requires padding, but NoPad was instantiated.]]] (see Fault Detail for stacktrace)
.
.
.
[java] Caused by: javax.xml.rpc.soap.SOAPFaultException: Exception during processing: weblogic81.xml.security.SecurityConfigurationException: Failed adding encryption to request - with nested exception:
[java] [weblogic81.xml.security.SecurityProcessingException: Problem adding encrypted key - with nested exception:
[java] [weblogic81.xml.security.encryption.EncryptionException: The input requires padding, but NoPad was instantiated. - with nested exception:
[java] [com.rsa.jsafe.JSAFE_PaddingException: The input requires padding, but NoPad was instantiated.]]] (see Fault Detail for stacktrace)
[java] at weblogic81.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:313)
[java] at weblogic81.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
[java] at weblogic81.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
[java] at weblogic81.webservice.core.rpc.StubImpl._invoke(StubImpl.java:290)
[java] at com.arch.secprint.client.EBillsSecurePrintServicePort_Stub.print(EBillsSecurePrintServicePort_Stub.java:29)
[java] ... 2 more
[java] Exception in thread "main"

返回页首

JSAFE_PaddingException (WLS 8.1/7.0)
<Critical> <WebLogicServer> <000364> <Server failed during initialization.
Exception:weblogic.management.configuration.ConfigurationException: Error parsing the configuration file:
Could not perform unpadding: invalid pad byte. - with nested exception:
[com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.]
com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.
at com.rsa.jsafe.JA_PKCS5Padding.performUnpadding(JA_PKCS5Padding.java:111)
at com.rsa.jsafe.JG_BlockCipher.decryptFinal(JG_BlockCipher.java:1112)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:67)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:93)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:53)
at weblogic.management.internal.EncryptedData.decrypt(EncryptedData.java:45)
at weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.parseMBeanAttributes(ConfigurationParser.java:652)
at weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.startElement(ConfigurationParser.java:322)
at weblogic.apache.xerces.parsers.SAXParser.startElement(SAXParser.java:1348)
at weblogic.apache.xerces.validators.common.XMLValidator.callStartElement(XMLValidator.java:1299)
at weblogic.apache.xerces.framework.XMLDocumentScanner.scanElement(XMLDocumentScanner.java:1838)
at weblogic.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispatch(XMLDocumentScanner.java:1207)
at weblogic.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentScanner.java:399)
at weblogic.apache.xerces.framework.XMLParser.parse(XMLParser.java:1138)
at weblogic.management.internal.xml.ConfigurationParser.parse(ConfigurationParser.java:227)
at weblogic.management.internal.xml.XmlFileRepository.createOrLoadDomain(XmlFileRepository.java:483)
at weblogic.management.internal.xml.XmlFileRepository.bootStrapAndLoadActiveDomain(XmlFileRepository.java:354)
at weblogic.management.AdminServer.configureFromRepository(AdminServer.java:217)
at weblogic.management.AdminServer.configureFromRepository(AdminServer.java:202)
at weblogic.management.AdminServer.configure(AdminServer.java:196)
at weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:111)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:664)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
--------------- nested within: ------------------
weblogic.management.configuration.ConfigurationException: Error parsing the configuration file:
Could not perform unpadding: invalid pad byte. - with nested exception:
[com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.]
at weblogic.management.internal.xml.ConfigurationParser.parse(ConfigurationParser.java:243)
at weblogic.management.internal.xml.XmlFileRepository.createOrLoadDomain(XmlFileRepository.java:483)
at weblogic.management.internal.xml.XmlFileRepository.bootStrapAndLoadActiveDomain(XmlFileRepository.java:354)
at weblogic.management.AdminServer.configureFromRepository(AdminServer.java:217)
at weblogic.management.AdminServer.configureFromRepository(AdminServer.java:202)
at weblogic.management.AdminServer.configure(AdminServer.java:196)
at weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:111)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:664)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)

返回页首

为什么发生此问题?
此问题通常在将域从一台机器移动到另一台机器时出现。在此情况下,用户名/密码加密将不起作用,因为此加密对于每个域/机器组合都是唯一的。

返回页首

解决方法
有几种方法可解决此问题:
  1. 将加密密码更改为明文密码。可通过将加密值更改为明文值并重新启动服务器的方法重新生成域/机器组合的用户名/密码加密。

    需要更改的文件包括:

    在域目录中:

    boot.properties(boot.properties 可能不存在。如果不存在,则不必进行任何操作)
    config.xml

    boot.properties 中的值类似以下内容:

    username={3DES}pxyIL8dxDy1JnDPs+i3dDA==
    password={3DES}pxyIL8dxDy1JnDPs+i3dDA==

    将将更改为明文用户名/密码,类似以下内容:

    username=user1
    password=password1

    config.xml 的值将类似以下内容:

    PasswordEncrypted="{3DES}pxyIL8dxDy1JnDPs+i3dDA=="

    将其更改为:

    Password="password1"

    如果您的 application-config.xml 文件内包含密码值,则可能也需进行更改。只在 config.xml 和 boot.properties 文件内查找您所更改的相同 {3DES} 加密值,如果存在,则同样将这些值更改为明文。这些值是否存在视您的应用程序而定。Application-config.xml 文件位于 /user_projects/applications//META-INF 目录下。

    例如,密码可能类似以下内容:

    AdminPassword="{3DES}pxyIL8dxDy1JnDPs+i3dDA=="
    将其更改为:

    AdminPassword="password1"

    确保在进行任何这些更改后重新启动服务器。

  2. 重设内嵌的 LDAP 认证。如果收到内嵌的 LDAP JSAFE_PaddingException,则需要在 WebLogic Server 控制台内重设内嵌的 LDAP 认证。在域的控制台内,转到“Security”并单击“Embedded LDAP”选项卡。根据需要设置认证并进行确认。应用更改并重新启动服务器。

  3. 使用 Configuration Wizard(配置向导)在新机器上创建新域


  4. 使用 EncryptDomainString 实用程序生成新的加密密码。参考 Encrypting Passwords(加密密码)。

返回页首

公共解决办法参考
请参阅下列公共解决办法来获取相关信息:

S-28835 (WLP 8.1)
S-12933 (WLS 6.1)
S-12576 (WLS 6.1)
S-11820 (WLS 6.1)
S-10843 (WLP 4.0)

返回页首

需要更多帮助?
如果您已经理解这个模式,但仍需要更多帮助,您可以:
  1. http://support.bea.com/ 上查询 AskBEA(例如使用“Why do you get a JSAFE exception”),以查找其它已发布的解决方案。技术支持合同客户:确保已经登录,可以访问提供的与 CR 有关的信息。
  2. http://forums.bea.com 上,向 BEA 的某个新闻组提出更详细具体的问题
如果这还不能解决您的问题,并且您拥有有效的技术支持合同,您可以通过登录以下网站来打开支持案例:http://support.bea.com/

反馈

请给我们提供您的意见,说明此支持诊断模式“重新加密域密码”一文是否有所帮助、您需要的任何解释,以及对支持诊断模式的新主题的任何要求。

免责声明:

依据 BEA 与您签署的维护和支持协议条款,BEA Systems, Inc. 在本网站上提供技术技巧和补丁供您使用。虽然您可以将这些信息和代码与您获得 BEA 授权的软件一起使用,但 BEA 并不对所提供的技术技巧和修补程序做任何形式的担保,无论是明确的还是隐含的。

本文档中引用的任何商标是其各自所有者的财产。有关完整的商标信息,请参考您的产品手册。