(Fixed) String index out of range on Base64.decode

Aug 2, 2011 at 9:50 PM

I keep getting a reoccurring error for some users:

warning [axis] Stack Trace: class java.lang.StringIndexOutOfBoundsException: String index out of range: 3710    at java.lang.String.charAt(String.java:444)
    at waffle.util.Base64.decode(Base64.java:69)
    at waffle.util.AuthorizationHeader.getTokenBytes(AuthorizationHeader.java:78)
    at waffle.servlet.spi.NegotiateSecurityFilterProvider.doFilter(NegotiateSecurityFilterProvider.java:90)
    at waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(SecurityFilterProviderCollection.java:120)
    at waffle.servlet.NegotiateSecurityFilter.doFilter(NegotiateSecurityFilter.java:124)
    at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
    at jrun.servlet.FilterChain.service(FilterChain.java:101)
    at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:91)
    at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
    at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:249)
    at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:527)
    at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:192)
    at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:451)
    at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)


Any ideas as to why this would be occurring?  Or how I can debug it?

I appreciate the help!

Aug 2, 2011 at 9:53 PM

The only thing I can think of is that it has something to do with http://waffle.codeplex.com/discussions/222438, the max size of a header is set to something too small and it truncates it?

Aug 3, 2011 at 12:36 AM

Thanks for the fast reply... It looks like you're onto something here.

I'm using JRun 4 Update 5 (or earlier, don't recall currently).  The most up-to-date version is JRun 4 Update 7.

Apparently, in previous versions/updates of JRun (before Update 7), the header size limit was a max of 4K.  With JRun 4 Update 7, they've increased the header size limit to 8K.

I'm going to update JRun 4 and see if that works.

Thanks again for the quick response!

Aug 9, 2011 at 8:54 PM

So, I haven't been able to successfully install the necessary patch for JRun.

Since it seems that the header being sent (when I receive this StringIndexOutOfBoundsException) is over the max header size set on my server, is this due to Kerberos authentication or NTLM?

I'm asking, because, maybe the fix could be just sending "WWW-Authenticate: NTLM" and "WWW-Authenticate: Basic" without the "Negotiate" option.

Would this work you think?

And if so, what would I have to set to only enable NTLM and Basic (no negotiate)?


Thanks again dblock!

Aug 11, 2011 at 12:17 PM

Negotiate was my issue.  After disabling Negotiate, and only allowing NTLM and Basic, I was able to successfully allow the users who were experiencing the problem to login properly.

In our web.xml file, we set the following init-param for our Filter (for anyone else who is interested):


Upon doing that, our filter only replied back to the client with a 401-Unauthorized error and WWW-Authenticate: NTLM WWW-Authenticate: Basic

We'll be replacing JRun with JBoss sometime in the future, so when that happens, we'll be able to re-enable Negotiate (and hopefully won't have this problem anymore).