geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: NPE in ContextManager.getCurrentContext
Date Fri, 24 Jul 2009 16:11:10 GMT

On Jul 24, 2009, at 7:24 AM, Juergen Weber wrote:

>
> Hi,
>
> I wanted to test the call chain like this:
>
> Java Client -> as tomcat -> UnSecured3Bean -> as apache ->  
> Secured3Bean
>
> i.e. the first bean should call the second one with another user  
> that the
> first bean is running under:
>
> 	SimpleCallbackHandler handler = new SimpleCallbackHandler(
> 					user, password.toCharArray());
>
> 			LoginContext lc = new LoginContext("geronimo-admin", handler);
> 			lc.login();
>
> 			Subject subject = lc.getSubject();
> 			System.out.println("lc.getSubject: " + subject);
>
> 			Callers oldCallers = ContextManager.pushNextCaller(subject);
> 			try
> 			{
> 				s1 = secured3Bean.secureMethod(input);
> 			}
> 			finally
> 			{
> 				ContextManager.popCallers(oldCallers);
> 			}
>
> But this results in NPE in
> java.lang.NullPointerException
>        at
> org 
> .apache 
> .geronimo 
> .security.ContextManager.getCurrentContext(ContextManager.java:201)
>        at
> org 
> .apache 
> .geronimo 
> .openejb 
> .GeronimoSecurityService 
> .isCallerAuthorized(GeronimoSecurityService.java:102)
>
> ,which is the second line of
>      assert context != null : "No registered context";
>
>        return context.getContext();
>
> so it should never be null.
> Is that a bug or is s.th. wrong with my code? I append the sample  
> project.

Geronimo uses the AccessControlContext for the Subject to evaluate  
security decisions.  So, you need to get Geronimo to compute and store  
this ACC for you.

You can do this by calling ContextManager  login(String realm,  
CallbackHandler callbackHandler, Configuration configuration) or  
login(String realm, CallbackHandler callbackHandler) instead of  
creating your own LoginContext, or by calling  
ContextManager.registerSubject(Subject subject) after logging in.

After you've registered the Subject, setting the callers will result  
in the lookup for the ACC succeeding instead of giving you an NPE.

At the moment I don't recall why we pass Subjects around rather than  
identity objects that have both the Subject and the ACC in them.

thanks
david jencks
>
> Thanks,
> Juergen
>
> http://www.nabble.com/file/p24645453/SecuredEJBGeronimo.zip
> SecuredEJBGeronimo.zip
>
> unsecureMethod called
> callerPrincipal: tomcat
> is caller in role Member_admin: false
> lc.getSubject: Subject:
>        Principal: users
>        Principal: tomcatgroup
>        Principal: apache
>
> java.lang.NullPointerException
>        at
> org 
> .apache 
> .geronimo 
> .security.ContextManager.getCurrentContext(ContextManager.java:201)
>        at
> org 
> .apache 
> .geronimo 
> .openejb 
> .GeronimoSecurityService 
> .isCallerAuthorized(GeronimoSecurityService.java:102)
>        at
> org 
> .apache 
> .openejb 
> .core.stateless.StatelessContainer.invoke(StatelessContainer.java:151)
>        at
> org 
> .apache 
> .openejb 
> .core 
> .ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java: 
> 217)
>        at
> org 
> .apache 
> .openejb 
> .core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:77)
>        at
> org 
> .apache 
> .openejb 
> .core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:281)
>        at $Proxy73.secureMethod(Unknown Source)
>        at ejb3.UnSecured3Bean.unsecureMethod(UnSecured3Bean.java:57)
>
>
> -- 
> View this message in context: http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24645453.html
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>

Mime
View raw message