geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder (JIRA)" <...@geronimo.apache.org>
Subject [jira] Resolved: (GERONIMO-852) NullPointerException in during deploy
Date Thu, 04 Aug 2005 17:48:35 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-852?page=all ]
     
Aaron Mulder resolved GERONIMO-852:
-----------------------------------

    Fix Version: 1.0-M5
     Resolution: Fixed

Thanks!

I wasn't able to replicate the stack trace (Linux SuSE 9.3), but it still seems wise to guard
against it.  Added a slightly more extensive patch that potentially allows a legitimately
null password, and includes tests.

> NullPointerException in during deploy
> -------------------------------------
>
>          Key: GERONIMO-852
>          URL: http://issues.apache.org/jira/browse/GERONIMO-852
>      Project: Geronimo
>         Type: Bug
>   Components: security
>     Versions: 1.0-M5
>     Reporter: Kevan Miller
>     Assignee: Aaron Mulder
>     Priority: Minor
>      Fix For: 1.0-M5
>  Attachments: passwordNPE.patch
>
> While playing around with uri syntax for deploy commands, I ran across a NPE during login
processing:
> java.lang.NullPointerException
> 	at java.lang.String.<init>(String.java:166)
> 	at org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule.login(PropertiesFileLoginModule.java:142)
> 	at org.apache.geronimo.security.jaas.JaasLoginService.performServerLogin(JaasLoginService.java:240)
> 	at org.apache.geronimo.security.jaas.JaasLoginService$$FastClassByCGLIB$$1b5fde8c.invoke(<generated>)
> 	at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
> 	at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> 	at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
> 	at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:731)
> 	at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> 	at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
> 	at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:94)
> 	at org.apache.geronimo.security.jaas.JaasLoginServiceMBean$$EnhancerByCGLIB$$5302521b.performServerLogin(<generated>)
> 	at org.apache.geronimo.security.jaas.JaasLoginCoordinator$ServerLoginModule.login(JaasLoginCoordinator.java:230)
> 	at org.apache.geronimo.security.jaas.LoginUtils.computeLogin(LoginUtils.java:34)
> 	at org.apache.geronimo.security.jaas.JaasLoginCoordinator.login(JaasLoginCoordinator.java:101)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:324)
> 	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
> 	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
> 	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
> 	at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
> 	at org.apache.geronimo.jmxremoting.Authenticator.authenticate(Authenticator.java:57)
> 	at javax.management.remote.rmi.RMIServerImpl$1.run(RMIServerImpl.java:141)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.management.remote.rmi.RMIServerImpl.authenticate(RMIServerImpl.java:137)
> 	at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:91)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:324)
> 	at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
> 	at sun.rmi.transport.Transport$1.run(Transport.java:148)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
> 	at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
> 	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
> 	at java.lang.Thread.run(Thread.java:534)
> To reproduce, I started an out-of-the-box Geronimo server and attempted a deploy using
the following:
>          java -jar deployer.jar deploy <your-archive-of-choice>
> When prompted for a userName, enter some name. When prompted for a password, ctrl-c the
deployment. You should see the NPE at the Server.
> Problem is that  PasswordCallback.getPassword() can return null. In that case, something
like "new String(callback.getPassword())" will cause an NPE to be thrown from within the String
constructor. The fix is to guard against that case... Same thing could happen in SQLoginModule.
I'll post a patch for both, shortly...

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message