directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Created: (DIRSERVER-1002) stopping server without credentials results in NPE after server stops
Date Sun, 22 Jul 2007 00:49:06 GMT
stopping server without credentials results in NPE after server stops

                 Key: DIRSERVER-1002
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: core
    Affects Versions: 1.5.1
            Reporter: David Jencks

This code:

        Properties env = new Properties();
        env.putAll(new ShutdownConfiguration().toJndiEnvironment());
        env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );

        //Shut it down
        new InitialDirContext( env );

results in, in AbstractContextFactory:

line 115:
which successfully shuts down the server without checking anything about authentication/authorization

line 146:
        Context context = service.getJndiContext( principalDn, principal, credential, authentication,
providerUrl );

which calls DefaultDirectoryService...
    public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[]
        String authentication, String rootDN ) throws NamingException
        checkSecuritySettings( principal, credential, authentication );

        if ( !started )
            return new DeadContext();

checkSecuritySettings gets to line 438:
            if ( !startupConfiguration.isAllowAnonymousAccess() )

which throws an NPE since the server is shut down, so startupConfiguration has been reset
to null.

So there are a lot of questions I don't know the answers to that I'd need to know which of
the many ways to fix this would be most appropriate:

- is this AbstractContextFactory accessed before or after all the server interceptors? Or
is it only accessed when no interceptors will be called?
- is it appropriate to check security credentials and authorization to be able to shut down
the server from the same vm?
- If so, what code should be checking this authentication and authorization, because checkSecuritySettings
doesn't check these, ever.

I'd suspect the first step towards a solution would be to remove the checkSecuritySettings
method entirely, since AFAICT it currently serves only to pretend that some security checking
is happening.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message