jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: NullPointerException in NodeImpl / ItemImpl in the Security layer
Date Mon, 22 Oct 2012 09:03:50 GMT
hi mathieu

while i can't explain the NPE you are getting in detail, i
could  imagine that it is due to your custom getUserID call.

here some comments:

first of all it looks pretty wired to me that you are
synchronizing the user/groups in SecurityManager#getUserID(),
which is only called after the login in the constructor
of the Session.

is there any particular reason that you don't perform that
sync during the login i.e. in the LoginModule? that would
make much more sense to me. since the jr user is not required
to exists at the time of the jaas login i assume that you
are either using a custom login module that asserts validity
of the login against your spring-auth.

so, what i would rather do is synchronizing the user/groups
upon successful login in the LoginModule#commit(). this would
also make sure that you can properly handle any failure and
don't have a Session instance at hand that doesn't meat your
expectations (i.e. there exists a jr-user for that session)
similarly you could in that case also make sure that the
subject created for the jcr session really matches the outcome
of the login.

the second point affects the usage of the system-session:
in the current setup the system session is shared, which used
to cause a lot of troubles when you use that session for
writing... (and yes those system sessions are a major
pain point imo)... anyway, you could circumvent that by
refactoring the write by something like

Session writingSession = null;
try {
     writingSession = 
systemSession.createSession(systemSession.getWorkspace().getName()
     // TODO: do your write here
} catch (RepositoryException e) {
     // TODO: proper handling of the write exception... for example
     //       let the login fail by calling LoginException or
     //       populat the subject in a different manner or what ever
     //       try again or [...]
} finally {
     if (writingSession != null) {
         writingSession.logout();
     }
}

hope that helps
angela


On 10/13/12 10:51 AM, Mathieu Baudier wrote:
> Hello,
>
> using Jackrabbit 2.2.11, we keep getting errors such as those below on
> Windows 7 with an up-to-date Oracle Java 6 JVM.
> This seems related to the 'state' property of NodeImpl / ItemImpl being null.
>
> It works fine on CentoS 6 with OpenJDK (with comparable hardware) and
> on Windows XP with the same Oracle JVM (but on a much less powerful
> hardware).
>
> Any idea on how we could analyse further?
> Could it be some kind of race condition?
>
> We have a custom SecurityManager with some hacks in the getUserID()
> method, used to synchronize Spring Security and Jackrabbit users and
> groups. This may have side-effects but it has worked fine for years
> since Jackrabbit 2.0 at least:
> https://svn.argeo.org/commons/trunk/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
>
> Please note that for some reasons it is not trivial for us to update
> to the latest Jackrabbit version just in order to analyse (but if we
> have to go through this, we will).
>
> Thanks in advance for your advice/help!
>
> Mathieu
>
> ItemImpl.java:287
>          return state.isTransient()&&  state.getOverlayedState() == null;
>
> ERROR 2012-10-12 23:16:10,542 Failed to instantiate AccessManager
> (org.argeo.security.jackrabbit.ArgeoAccessManager) -
> org.apache.jackrabbit.core.DefaultSecurityManager
> java.lang.NullPointerException
> 	at org.apache.jackrabbit.core.ItemImpl.isNew(ItemImpl.java:297)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.setPrincipal(UserManagerImpl.java:675)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:614)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:587)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:565)
> 	at org.apache.jackrabbit.core.security.user.UserAccessControlProvider.initGroup(UserAccessControlProvider.java:334)
> 	at org.apache.jackrabbit.core.security.user.UserAccessControlProvider.init(UserAccessControlProvider.java:168)
> 	at org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl.createProvider(AccessControlProviderFactoryImpl.java:93)
> 	at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessControlProvider(DefaultSecurityManager.java:582)
> 	at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:268)
> 	at org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:350)
> 	at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:268)
> 	at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:117)
> 	at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1595)
> 	at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:976)
> 	at org.apache.jackrabbit.core.WorkspaceManager.createSession(WorkspaceManager.java:99)
> 	at org.apache.jackrabbit.core.SessionImpl.createSession(SessionImpl.java:401)
> 	at org.apache.jackrabbit.core.DefaultSecurityManager.getUserManager(DefaultSecurityManager.java:319)
> 	at org.apache.jackrabbit.core.SessionImpl.getUserManager(SessionImpl.java:652)
>
>
> or
>
> NodeImpl.java:2665
>         return data.getNodeState().isShareable();
>
> ERROR 2012-10-12 08:22:20,734 Failed to instantiate AccessManager
> (org.argeo.security.jackrabbit.ArgeoAccessManager) -
> org.apache.jackrabbit.core.DefaultSecurityManager
> java.lang.NullPointerException
> 	at org.apache.jackrabbit.core.NodeImpl.isShareable(NodeImpl.java:2665)
> 	at org.apache.jackrabbit.core.NodeImpl.getPrimaryPath(NodeImpl.java:2744)
> 	at org.apache.jackrabbit.core.ItemImpl$2.perform(ItemImpl.java:379)
> 	at org.apache.jackrabbit.core.ItemImpl$2.perform(ItemImpl.java:376)
> 	at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:200)
> 	at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91)
> 	at org.apache.jackrabbit.core.ItemImpl.getPath(ItemImpl.java:376)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:855)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.getAuthorizable(UserManagerImpl.java:741)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.internalGetAuthorizable(UserManagerImpl.java:797)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.getAuthorizable(UserManagerImpl.java:443)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.setPrincipal(UserManagerImpl.java:671)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:614)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:587)
> 	at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:565)
> 	at org.apache.jackrabbit.core.security.user.UserAccessControlProvider.initGroup(UserAccessControlProvider.java:334)
> 	at org.apache.jackrabbit.core.security.user.UserAccessControlProvider.init(UserAccessControlProvider.java:164)
> 	at org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl.createProvider(AccessControlProviderFactoryImpl.java:93)
> 	at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessControlProvider(DefaultSecurityManager.java:582)
> 	at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:268)
> 	at org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:350)
> 	at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:268)
> 	at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:117)
> 	at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1595)
> 	at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:976)
> 	at org.apache.jackrabbit.core.WorkspaceManager.createSession(WorkspaceManager.java:99)
> 	at org.apache.jackrabbit.core.SessionImpl.createSession(SessionImpl.java:401)
> 	at org.apache.jackrabbit.core.DefaultSecurityManager.getUserManager(DefaultSecurityManager.java:319)
> 	at org.apache.jackrabbit.core.SessionImpl.getUserManager(SessionImpl.java:652)

Mime
View raw message