cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Fiol (JIRA)" <j...@apache.org>
Subject [jira] Commented: (COCOON-1772) [PATCH] AuthenticationContext: NullPointerException
Date Fri, 21 Apr 2006 17:36:06 GMT
    [ http://issues.apache.org/jira/browse/COCOON-1772?page=comments#action_12375608 ] 

Antonio Fiol commented on COCOON-1772:
--------------------------------------

Our usage pattern is always the same:
We need authentication and authorization. We use Cocoon authentication framework for the former,
and a custom flowscript function for the latter. Our sitemap goes more or less like this (I
don't have the code right now, but I am pretty sure of the concept):

- Authentication handler is configured with a name, a redirect URI and an authentication URI,
but with NO APPLICATION.

- Matchers for resources that should trigger A&A are URI wildcard matchers, and they all
contain
    - An auth-protect action, which contains
       - A call function="authorization"

- There are corresponding matchers for the same URIs with a "protected/" prefix, in an internal-only="true"
pipeline

- Function authorization:
   - Gets the authentication context
   - Checks if it is not null (null context would mean not logged in, so in this case we redirect
to a "Not authorized" page, although this should never happen, and never happens, because
all calls to the function are wrapped in auth-protect action)
   - Obtains the XML from it (here we got the NPE)
   - Does custom authorization procedure depending on the resource being accessed. This procedure
does NOT involve any sendPageAndWait, sendForm or any other interaction with the user. It
simply checks the resource being accessed ({0}) against the data in the obtained XML (which
is never empty if the user is logged in).
   - Redirects to either a "Not authorized" page or to the "protected/{0}" resource depending
on the authorization procedure result.

With the attached patch, everything works as expected for us. Otherwise we simply cannot get
the XML because of the NPE.

Maybe the reason of the NPE is not in that code fragment, and so the original code is correct,
but there is incorrect code somewhere else, where the "state" is (not) set.

Does this make sense?

> [PATCH] AuthenticationContext: NullPointerException
> ---------------------------------------------------
>
>          Key: COCOON-1772
>          URL: http://issues.apache.org/jira/browse/COCOON-1772
>      Project: Cocoon
>         Type: Bug

>   Components: Blocks: Authentication Framework
>     Versions: 2.1.8
>     Reporter: Antonio Fiol
>     Assignee: Carsten Ziegeler
>  Attachments: AuthenticationContext.java.patch, AuthenticationContext.java.patch
>
> We got a NullPointerException on AuthenticationContext.
> Apparently, this.getState() is returning null.
> We did not investigate it any further, and supposed that a null RequestState means a
null applicationName, which is reasonable as we have no "application" configured.
> Patched, and it works perfectly here.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message