db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3025) NPE when connecting to database with securityMechanism=8
Date Sat, 25 Aug 2007 16:33:31 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Knut Anders Hatlen updated DERBY-3025:

    Attachment: d3025.stat

Attaching a patch which seems to fix the bug. I haven't run the regression tests yet.

When the client driver connects to the server with securityMechanism in the connection attributes,
the attribute is stripped off by the client driver and the security mechanism is specified
in a field defined by the DRDA protocol instead. On the server, information about the security
mechanism is extracted and put back into the connection attributes and used when creating
an embedded connection. The connection attributes used on the server include securityMechanism
and possibly some internal attributes. The problem is caused by the server reusing the attribute
name securityMechanism. The authentication code (within the embedded driver) should only care
about the attribute if it was added by the server, but there is no way to figure out whether
that was the case.

The patch fixes the problem by using an internal attribute name (drdaSecMec) instead of securityMechanism
to communicate to the embedded driver that a security mechanism is used. Of course, this doesn't
prevent a user from specifying drdaSecMec when connecting to the embedded driver, but it is
less likely that a user by mistake types an internal attribute name than the name of a documented
client driver attribute.

> NPE when connecting to database with securityMechanism=8
> --------------------------------------------------------
>                 Key: DERBY-3025
>                 URL: https://issues.apache.org/jira/browse/DERBY-3025
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions:
>         Environment: Solaris x86
>            Reporter: Alan Burlison
>            Assignee: Knut Anders Hatlen
>         Attachments: d3025-test.diff, d3025.diff, d3025.stat
> If derby.drda.securityMechanism has *not* been set to STRONG_PASSWORD_SUBSTITUTE_SECURITY
and the database is opened with the securityMechanism=8 property set, a NPE is thrown:
> // Try opening the database.
> Properties props = new Properties();
> props.put("securityMechanism", "8");
> props.put("user", dbUser);
> props.put("password", dbPass);
> Connection db = null;
> try {
>     StringBuilder sb = new StringBuilder("jdbc:derby:");
>     sb.append(dbName);
>     db = DriverManager.getConnection(sb.toString(), props);
> }
>     // Handle exception
> } 
> java.lang.NullPointerException'. [XJ001]
> Caused by: java.sql.SQLException: Java exception: ': java.lang.NullPointerException'.
>         at org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(Unknown Source)
>         at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
>         at org.apache.derby.impl.jdbc.Util.javaException(Unknown Source)
>         at org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(Unknown
>         at org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(Unknown
>         at org.apache.derby.impl.jdbc.EmbedConnection.handleException(Unknown Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection40.<init>(Unknown Source)
>         at org.apache.derby.jdbc.Driver40.getNewEmbedConnection(Unknown Source)
>         at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
>         at org.apache.derby.jdbc.AutoloadedDriver.connect(Unknown Source)
>         at java.sql.DriverManager.getConnection(DriverManager.java:582)
>         at java.sql.DriverManager.getConnection(DriverManager.java:154)
>         at org.opensolaris.auth.db.DBManager.openDatabase(DBManager.java:152)
>         ... 1 more
> Caused by: java.sql.SQLException: Java exception: ': java.lang.NullPointerException'.
>         at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(Unknown Source)
>         at org.apache.derby.impl.jdbc.SQLExceptionFactory40.wrapArgsForTransportAcrossDRDA(Unknown
>         ... 16 more
> Caused by: java.lang.NullPointerException
>         at org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase.substitutePassword(Unknown
>         at org.apache.derby.impl.jdbc.authentication.BasicAuthenticationServiceImpl.authenticateUser(Unknown
>         at org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase.authenticate(Unknown
>         at org.apache.derby.impl.jdbc.EmbedConnection.checkUserCredentials(Unknown Source)
>         ... 10 more 

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message