cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Bernhardt (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (FEDIZ-96) Nullpointer exception if logout is called before login
Date Thu, 12 Mar 2015 08:26:38 GMT

     [ https://issues.apache.org/jira/browse/FEDIZ-96?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jan Bernhardt reopened FEDIZ-96:
--------------------------------

Unfortunately this issue is not completely solved. If I refresh the logout page (by resending
the submitted form) everything looks ok now. But if I just refresh the page by calling the
signout URL again (https://localhost:9443/fediz-idp/federation?wa=wsignout1.0), I still get
a Nullpointer Exception:

{code}
java.lang.NullPointerException
	org.apache.jsp.WEB_002dINF.signoutconfirmationresponse_jsp._jspService(signoutconfirmationresponse_jsp.java:97)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
	org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:263)
	org.springframework.webflow.mvc.servlet.ServletMvcView.doRender(ServletMvcView.java:55)
	org.springframework.webflow.mvc.view.AbstractMvcView.render(AbstractMvcView.java:187)
	org.springframework.webflow.engine.ViewState.render(ViewState.java:296)
	org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:186)
	org.springframework.webflow.engine.State.enter(State.java:194)
	org.springframework.webflow.engine.Transition.execute(Transition.java:227)
	org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
	org.springframework.webflow.engine.State.enter(State.java:194)
	org.springframework.webflow.engine.Transition.execute(Transition.java:227)
	org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
	org.springframework.webflow.engine.State.enter(State.java:194)
	org.springframework.webflow.engine.Flow.start(Flow.java:535)
	org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:366)
	org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222)
	org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
	org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)
	org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
	org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
	org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)
	org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
	org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
	org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements.doFilter(GrantedAuthorityEntitlements.java:99)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter.java:70)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
{code}

Just try to invoke the logout URL before any login. Then you will see the error.

> Nullpointer exception if logout is called before login
> ------------------------------------------------------
>
>                 Key: FEDIZ-96
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-96
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: IDP
>    Affects Versions: 1.1.2
>            Reporter: Jan Bernhardt
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 1.2.0
>
>
> If you invoke the logout URL twice or if your session has timed out, you will get a NullPointerException
instead of a logout page.
> According to the WS-Federation standard, a logout request should be idempotent, thus
it should be possible to invoke logout on a non existing session without causing an exception.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message