the default cipher instance for the RememberMe Manager is set in the AbstractRememberMeManager's constructor:
AesCipherService cipherService = new AesCipherService();
Now, AesCipherService sets the Algorithm to AES and OperationMode to GCM in its constructor, but it inherits it's parents PaddingMode. Since the parent is "DefaultBlockCipherService" which is a block cipher service (as the name suggests), a padding is set and defaults to PKCS5.
This results in the method call javax.crypto.Cipher.getInstance( "AES/GCM/PKCS5Padding" ). Most JVMs can handle this well and will use javax.crypto.Cipher.getInstance( "AES/GCM/NoPadding" ) internally, but some do not, because Padding with a streaming cipher does not seem specified.
Therefore, the default shiro setup will not work on such JVMs, which is a regression:
java.security.NoSuchAlgorithmException: Cannot find any provider supporting AES/GCM/PKCS5Padding
Use this configuration in shiro.ini.
Note that you would not gain from security updates this way which is a big drawback!
In AesCipherService, add this line to the constructor:
I also added 1.5.0 as affected, becaue I guess it might not make it. Remove this version from the affected versions list if applicable.