Spring Security java.lang.IllegalArgumentException: Non-hex character in input

Question

I deployed an existing Maven project in my Tomcat Server on Windows7 environment. I'm using tomcat7 , spring-security-core 3.1.0 .

However, everytime I'm logging in my webapp, I received an error

java.lang.IllegalArgumentException: Non-hex character in input

The code is working perfectly fine in Linux environment. So I was thinking it's because I'm using windows7 in my local environment. When I look into the internet I saw that's it's a encoding issue between linux and windows.

I tried setting up

JAVA_TOOL_OPTIONS -Dfile.encoding=UTF8

but haven't succeeded. Please help me out. Thanks in advance!

Answer 1

Most likely, when you login, events happen is such order:

1. Spring selects an entity from DB by username.
2. Spring must check inputted password for match with stored encoded password.

To check for a match, Spring uses PasswordEncoder, which you have most likely configured.

Your password encoder expects that stored encoded password is a hexidecimal char sequence (previously encoded by this PasswordEncoder). Thus, it tries to decode CharSequence into byte[], but fails (source).

The solution is to persist users with previously encoded password, e.g. by BCryptPasswordEncoder.