java - jBCrypt文字列インデックスが範囲外:Netbeansでアプリを起動すると0エラー

Question

アプリケーションを起動すると、Apache ログに次のエラーが表示されます。

BCrypt.checkpw() 無効なソルト バージョンの例外が見つかりまし たが、DB に保存されているユーザーのパスワードがハッシュされており、起動時にこのエラーが表示され、99.99% のログインに問題がないため、これは一致しません。時間。

29-Oct-2017 22:12:32.242 SEVERE [http-nio-8084-exec-1] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for     servlet [UserController] in context with path [/medsched] threw exception
 java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.lang.String.charAt(String.java:658)
at org.mindrot.jbcrypt.BCrypt.hashpw(BCrypt.java:658)
at org.mindrot.jbcrypt.BCrypt.checkpw(BCrypt.java:764)
at medsched.data.UserDB.loginUser(UserDB.java:216)
at medsched.controllers.UserController.logInToSite(UserController.java:165)
at medsched.controllers.UserController.doPost(UserController.java:41)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:213)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at medsched.filters.SecPageFilter.doFilter(SecPageFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:217)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

ほとんどの場合、ログインできるか、パスワードの不一致を提示すると、アプリケーションで定義されたログイン エラー jsp に戻ります。時々そうしますが、500エラーページが表示されます

java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.lang.String.charAt(String.java:658)
at org.mindrot.jbcrypt.BCrypt.hashpw(BCrypt.java:658)
at org.mindrot.jbcrypt.BCrypt.checkpw(BCrypt.java:764)
at medsched.data.UserDB.loginUser(UserDB.java:216)
at   medsched.controllers.UserController.logInToSite(UserController.java:165)
at medsched.controllers.UserController.doPost(UserController.java:41)

それは私がBCrypt.checkpwを使用している方法でしょうか?? ログインしようとするとエラーが表示されることは理解できますが、Netbeans でアプリケーションを起動すると表示されることはありません。

public static User loginUser(String phnum,String passw) {
    ConnectionPool pool = ConnectionPool.getInstance();
    Connection connection = pool.getConnection();
    PreparedStatement ps = null;
    ResultSet rs = null;
    String hpwd="";

    //Get the key 
    String key=confUtil.encDeckey();

     String query = "SELECT userid,fName,pwd FROM users "
           + "WHERE  phone = AES_ENCRYPT(?,?) AND active=1";
    try {
        ps = connection.prepareStatement(query);
        ps.setString(1, phnum);
        ps.setString(2, key);
        rs = ps.executeQuery();
        User user = null;
        if (rs.next()) {
            user = new User();
            user.setUserID(rs.getLong("userid"));
            user.setFName(rs.getString("fName"));
            user.setPwd(rs.getString("pwd"));
           hpwd=user.getPwd();
        }
        if(hpwd!=null || !hpwd.isEmpty()){
            if(!BCrypt.checkpw(passw,hpwd)){
            user=null;
            }
        }

    } catch (SQLException e) {
        //System.err.println(e);
        log.error("Exception when trying to log in",e);

        return null;
    } finally {
        DBUtil.closeResultSet(rs);
        DBUtil.closePreparedStatement(ps);
        pool.freeConnection(connection);
    }
}

今日も問題が発生し、500 エラーが表示されました

HTTP ステータス 500 - 範囲外の文字列インデックス: 0 タイプの例外レポート

message String index out of range: 0

description The server encountered an internal error that prevented it from fulfilling this request.

exception
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
java.lang.String.charAt(String.java:658)
org.mindrot.jbcrypt.BCrypt.hashpw(BCrypt.java:658)
org.mindrot.jbcrypt.BCrypt.checkpw(BCrypt.java:764)
medsched.data.UserDB.loginUser(UserDB.java:190)
medsched.controllers.UserController.logInToSite(UserController.java:169)
medsched.controllers.UserController.doPost(UserController.java:41)
javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
  org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
 org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:213)
 medsched.filters.SecPageFilter.doFilter(SecPageFilter.java:61)
        org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)

 note The full stack trace of the root cause is available in the Apache Tomcat/8.0.27 logs.