okay, so it means the max. length Kylin supports is 15, right? Berry, could you please report a JIRA to Kylin in https://issues.apache.org/jira/secure/Dashboard.jspa? We use JIRA to track the issues; Thank you!
2017-01-24 20:57 GMT+08:00 Österlund Berry <[email protected]>: > Got the result > > > > java org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES > 123456789012345 > > AES encrypted password is: > > pLKuoHlKbRg+55tny8n2YA== > > If I put this string into ldap.password, Kylin starts up without errors (I > can ofc not login, because the password is wrong.) > > > > java org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES > 1234567890123456 > > AES encrypted password is: > > RSvxLxIHAugtd/LBQFpGF+9fW0wb6YVnsEYgogo9w/w= > > If I put this string into ldap.password, Kylin failes to start with the > error I posted previously > > > > //Berry > > > > > > *From:* Österlund Berry [mailto:[email protected]] > *Sent:* den 24 januari 2017 13:42 > *To:* [email protected] > *Subject:* RE: Password decrypting and LDAP > > > > Let me try different passwords, and different length and I’ll get back > with the result. > > > > *From:* ShaoFeng Shi [mailto:[email protected] > <[email protected]>] > *Sent:* den 24 januari 2017 13:39 > *To:* user <[email protected]> > *Subject:* Re: Password decrypting and LDAP > > > > In your password is there some non-ascii character? I'm wondering what can > cause its encrypted values be different with others; This post ( > https://stackoverflow.com/questions/17234359/javax-crypto- > illegalblocksizeexception-input-length-must-be-multiple-of-16-whe) > mentioned: "you are only able to encrypt data in blocks of 128 bits or 16 > bytes. That's why you are getting that IllegalBlockSizeException > exception." > > > > Besides, there should be a way to bypass this in Kylin; If you still don't > have progress, we can try that. > > > > 2017-01-24 17:26 GMT+08:00 Österlund Berry <[email protected]>: > > Hi > > > > I also tried (sorry for not writing that) to run with a correct JAVA_HOME, > but it still picks the 1.8 version from HBase. I’m sure that I can force it > to use 1.7, but I found another interesting thing that I look into now. > > > > If I use my own account and password as the serviceaccount for Kylin (my > password is 9 chars long), I get passed that error. Now, I don’t have the > correct permissions in the AD so I can’t use my account for that. But it’s > interesting that it looks like it’s the password length that affects this. > I have ordered a new account with a 15 char long password to test it out. > Once I get it, I’ll update with more information. > > > > Best Regards > > Berry > > > > *From:* ShaoFeng Shi [mailto:[email protected]] > *Sent:* den 24 januari 2017 09:47 > *To:* user <[email protected]> > *Subject:* Re: Password decrypting and LDAP > > > > Hi Berry, > > > > Did you try to start Kylin with java 1.7? Yes by default Kylin uses the > HBase's java to startup; You can add "export JAVA_HOME= > /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.x86_64/" in > $KYLIN_HOME/bin/setenv.sh, and then HBase should use the specifiied java. > > > > We use SUN JDK in most environments, not get much feedback on OpenJDK 1.8; > For the ClassNotFound exception, do you have the detail stacktrace? > > > > 2017-01-24 14:38 GMT+08:00 Österlund Berry <[email protected]>: > > Hello > > > > I’m trying to connect out Kylin installation to an LDAP server, as we are > required to have that before we put any solution into production. But I’m > facing a problem. When I start Kylin, this is what I get in the log. > > > > 2017-01-24 07:12:06,110 WARN [localhost-startStop-1] > support.XmlWebApplicationContext:487 > : Exception encountered during context initialization - cancelling refresh > attempt: org.springframework.beans.factory.BeanDefinitionStoreException: > Invalid bean definition with name 'ldapSource' defined in class path > resource [kylinSecurity.xml]: Input length must be multiple of 16 when > decrypting with padded cipher; nested exception is > java.lang.RuntimeException: Input length must be multiple of 16 when > decrypting with padded cipher > > 2017-01-24 07:12:06,111 ERROR [localhost-startStop-1] > context.ContextLoader:331 : Context initialization failed > > org.springframework.beans.factory.BeanDefinitionStoreException: Invalid > bean definition with name 'ldapSource' defined in class path resource > [kylinSecurity.xml]: Input length must be multiple of 16 when decrypting > with padded cipher; nested exception is java.lang.RuntimeException: Input > length must be multiple of 16 when decrypting with padded cipher > > at org.springframework.beans.factory.config. > PlaceholderConfigurerSupport.doProcessProperties( > PlaceholderConfigurerSupport.java:209) > > at org.springframework.beans.factory.config. > PropertyPlaceholderConfigurer.processProperties( > PropertyPlaceholderConfigurer.java:222) > > at org.springframework.beans.factory.config. > PropertyResourceConfigurer.postProcessBeanFactory( > PropertyResourceConfigurer.java:84) > > at org.springframework.context.support.AbstractApplicationContext. > invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:699) > > at org.springframework.context.support.AbstractApplicationContext. > invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:674) > > at org.springframework.context.support.AbstractApplicationContext. > refresh(AbstractApplicationContext.java:461) > > at org.springframework.web.context.ContextLoader. > configureAndRefreshWebApplicationContext(ContextLoader.java:410) > > at org.springframework.web.context.ContextLoader. > initWebApplicationContext(ContextLoader.java:306) > > at org.springframework.web.context.ContextLoaderListener. > contextInitialized(ContextLoaderListener.java:112) > > at org.apache.catalina.core.StandardContext.listenerStart( > StandardContext.java:5068) > > at org.apache.catalina.core.StandardContext.startInternal( > StandardContext.java:5584) > > at org.apache.catalina.util.LifecycleBase.start( > LifecycleBase.java:147) > > at org.apache.catalina.core.ContainerBase.addChildInternal( > ContainerBase.java:899) > > at org.apache.catalina.core.ContainerBase.addChild( > ContainerBase.java:875) > > at org.apache.catalina.core.StandardHost.addChild( > StandardHost.java:652) > > at org.apache.catalina.startup.HostConfig.deployWAR( > HostConfig.java:1092) > > at org.apache.catalina.startup.HostConfig$DeployWar.run( > HostConfig.java:1984) > > at java.util.concurrent.Executors$RunnableAdapter. > call(Executors.java:511) > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > > at java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1142) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:617) > > at java.lang.Thread.run(Thread.java:745) > > Caused by: java.lang.RuntimeException: Input length must be multiple of 16 > when decrypting with padded cipher > > at org.apache.kylin.rest.security.PasswordPlaceholderConfigurer. > decrypt(PasswordPlaceholderConfigurer.java:84) > > at org.apache.kylin.rest.security.PasswordPlaceholderConfigurer. > resolvePlaceholder(PasswordPlaceholderConfigurer.java:90) > > at org.springframework.beans.factory.config. > PropertyPlaceholderConfigurer.resolvePlaceholder( > PropertyPlaceholderConfigurer.java:162) > > at org.springframework.beans.factory.config. > PropertyPlaceholderConfigurer$PropertyPlaceholderConfigurerR > esolver.resolvePlaceholder(PropertyPlaceholderConfigurer.java:272) > > at org.springframework.util.PropertyPlaceholderHelper. > parseStringValue(PropertyPlaceholderHelper.java:146) > > at org.springframework.util.PropertyPlaceholderHelper. > replacePlaceholders(PropertyPlaceholderHelper.java:125) > > at org.springframework.beans.factory.config. > PropertyPlaceholderConfigurer$PlaceholderResolvingStringValu > eResolver.resolveStringValue(PropertyPlaceholderConfigurer.java:257) > > at org.springframework.beans.factory.config.BeanDefinitionVisitor. > resolveStringValue(BeanDefinitionVisitor.java:282) > > at org.springframework.beans.factory.config.BeanDefinitionVisitor. > resolveValue(BeanDefinitionVisitor.java:204) > > at org.springframework.beans.factory.config.BeanDefinitionVisitor. > visitPropertyValues(BeanDefinitionVisitor.java:141) > > at org.springframework.beans.factory.config.BeanDefinitionVisitor. > visitBeanDefinition(BeanDefinitionVisitor.java:82) > > at org.springframework.beans.factory.config. > PlaceholderConfigurerSupport.doProcessProperties( > PlaceholderConfigurerSupport.java:206) > > ... 21 more > > Caused by: javax.crypto.IllegalBlockSizeException: Input length must be > multiple of 16 when decrypting with padded cipher > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:934) > > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845) > > at com.sun.crypto.provider.AESCipher.engineDoFinal( > AESCipher.java:446) > > at javax.crypto.Cipher.doFinal(Cipher.java:2165) > > at org.apache.kylin.rest.security.PasswordPlaceholderConfigurer. > decrypt(PasswordPlaceholderConfigurer.java:81) > > > > > > > > This is the ldap part of the configuration file > > ldap.server=ldap://<FULL HOSTNAME>:389 > > ldap.username=<FULL DN TO USER> > > ldap.password=70tIoIdndG4eYPU5XWsqxNZZ9VlKAwKj19JR6vfEphw= > > > > # LDAP user account directory; > > ldap.user.searchBase=<VALID DN> > > ldap.user.searchPattern=(memberOf=<VALID GROUP>) > > ldap.user.groupSearchBase=<GROUP SEARCH BASE> > > > > All parameters are used in other LDAP integrations (Like SSSD, Ambari, > Ranger, Atlas….) so I know that those are right. I got the hashed password > by running this command. By the way, the > org.apache.kylin.rest.security.PasswordPlaceholderConfigurer > class gets classNotFound exception if I run it with Java 1.8. Just so you > know…. 1.7 works better > > > > cd /opt/kylin-1.6.0/tomcat/webapps/kylin/WEB-INF/lib > > /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2.x86_64/bin/java > -classpath kylin-server-base-1.6.0.jar:spring-beans-3.2.17.RELEASE. > jar:spring-core-3.2.17.RELEASE.jar:commons-codec-1.7.jar > org.apache.kylin.rest.security.PasswordPlaceholderConfigurer AES > <PASSWORD 18 CHARS LONG> > > > > If I understand everything correctly, Kylin is executed with the Java > versions that HBase is running. And the version I have is 1.8.0_112 > > Can anybody give me some info on how to solve this problem? I really like > to install Kylin on our production servers so I can play with real data > > > > Best Regards > > Berry Österlund > > Sweden > > > > > > > > > > > > > > -- > > Best regards, > > > > Shaofeng Shi 史少锋 > > > > > > > > -- > > Best regards, > > > > Shaofeng Shi 史少锋 > > > -- Best regards, Shaofeng Shi 史少锋
