From users-return-19213-apmail-jackrabbit-users-archive=jackrabbit.apache.org@jackrabbit.apache.org Mon Oct 22 09:04:29 2012 Return-Path: X-Original-To: apmail-jackrabbit-users-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5EFA2D75A for ; Mon, 22 Oct 2012 09:04:29 +0000 (UTC) Received: (qmail 53107 invoked by uid 500); 22 Oct 2012 09:04:28 -0000 Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org Received: (qmail 53058 invoked by uid 500); 22 Oct 2012 09:04:27 -0000 Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@jackrabbit.apache.org Delivered-To: mailing list users@jackrabbit.apache.org Received: (qmail 53003 invoked by uid 99); 22 Oct 2012 09:04:25 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Oct 2012 09:04:25 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of anchela@adobe.com designates 64.18.1.29 as permitted sender) Received: from [64.18.1.29] (HELO exprod6og112.obsmtp.com) (64.18.1.29) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Oct 2012 09:04:16 +0000 Received: from outbound-smtp-1.corp.adobe.com ([192.150.11.134]) by exprod6ob112.postini.com ([64.18.5.12]) with SMTP ID DSNKUIUL+gMH1QPY3bL3wXjwiK2BupAHnMZ9@postini.com; Mon, 22 Oct 2012 02:03:55 PDT Received: from inner-relay-1.corp.adobe.com ([153.32.1.51]) by outbound-smtp-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id q9M91B1v025223 for ; Mon, 22 Oct 2012 02:01:11 -0700 (PDT) Received: from nahub02.corp.adobe.com (nahub02.corp.adobe.com [10.8.189.98]) by inner-relay-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id q9M93rNc023689 for ; Mon, 22 Oct 2012 02:03:53 -0700 (PDT) Received: from eurhub01.eur.adobe.com (10.128.4.30) by nahub02.corp.adobe.com (10.8.189.98) with Microsoft SMTP Server (TLS) id 8.3.279.1; Mon, 22 Oct 2012 02:03:53 -0700 Received: from radius.macromedia.com (10.136.135.122) by eurhub01.eur.adobe.com (10.128.4.111) with Microsoft SMTP Server id 8.3.279.1; Mon, 22 Oct 2012 10:03:50 +0100 Message-ID: <50850BF6.9060704@adobe.com> Date: Mon, 22 Oct 2012 11:03:50 +0200 From: Angela Schreiber User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11 MIME-Version: 1.0 To: Subject: Re: NullPointerException in NodeImpl / ItemImpl in the Security layer References: In-Reply-To: Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org hi mathieu while i can't explain the NPE you are getting in detail, i could imagine that it is due to your custom getUserID call. here some comments: first of all it looks pretty wired to me that you are synchronizing the user/groups in SecurityManager#getUserID(), which is only called after the login in the constructor of the Session. is there any particular reason that you don't perform that sync during the login i.e. in the LoginModule? that would make much more sense to me. since the jr user is not required to exists at the time of the jaas login i assume that you are either using a custom login module that asserts validity of the login against your spring-auth. so, what i would rather do is synchronizing the user/groups upon successful login in the LoginModule#commit(). this would also make sure that you can properly handle any failure and don't have a Session instance at hand that doesn't meat your expectations (i.e. there exists a jr-user for that session) similarly you could in that case also make sure that the subject created for the jcr session really matches the outcome of the login. the second point affects the usage of the system-session: in the current setup the system session is shared, which used to cause a lot of troubles when you use that session for writing... (and yes those system sessions are a major pain point imo)... anyway, you could circumvent that by refactoring the write by something like Session writingSession = null; try { writingSession = systemSession.createSession(systemSession.getWorkspace().getName() // TODO: do your write here } catch (RepositoryException e) { // TODO: proper handling of the write exception... for example // let the login fail by calling LoginException or // populat the subject in a different manner or what ever // try again or [...] } finally { if (writingSession != null) { writingSession.logout(); } } hope that helps angela On 10/13/12 10:51 AM, Mathieu Baudier wrote: > Hello, > > using Jackrabbit 2.2.11, we keep getting errors such as those below on > Windows 7 with an up-to-date Oracle Java 6 JVM. > This seems related to the 'state' property of NodeImpl / ItemImpl being null. > > It works fine on CentoS 6 with OpenJDK (with comparable hardware) and > on Windows XP with the same Oracle JVM (but on a much less powerful > hardware). > > Any idea on how we could analyse further? > Could it be some kind of race condition? > > We have a custom SecurityManager with some hacks in the getUserID() > method, used to synchronize Spring Security and Jackrabbit users and > groups. This may have side-effects but it has worked fine for years > since Jackrabbit 2.0 at least: > https://svn.argeo.org/commons/trunk/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java > > Please note that for some reasons it is not trivial for us to update > to the latest Jackrabbit version just in order to analyse (but if we > have to go through this, we will). > > Thanks in advance for your advice/help! > > Mathieu > > ItemImpl.java:287 > return state.isTransient()&& state.getOverlayedState() == null; > > ERROR 2012-10-12 23:16:10,542 Failed to instantiate AccessManager > (org.argeo.security.jackrabbit.ArgeoAccessManager) - > org.apache.jackrabbit.core.DefaultSecurityManager > java.lang.NullPointerException > at org.apache.jackrabbit.core.ItemImpl.isNew(ItemImpl.java:297) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.setPrincipal(UserManagerImpl.java:675) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:614) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:587) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:565) > at org.apache.jackrabbit.core.security.user.UserAccessControlProvider.initGroup(UserAccessControlProvider.java:334) > at org.apache.jackrabbit.core.security.user.UserAccessControlProvider.init(UserAccessControlProvider.java:168) > at org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl.createProvider(AccessControlProviderFactoryImpl.java:93) > at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessControlProvider(DefaultSecurityManager.java:582) > at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:268) > at org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:350) > at org.apache.jackrabbit.core.SessionImpl.(SessionImpl.java:268) > at org.apache.jackrabbit.core.XASessionImpl.(XASessionImpl.java:117) > at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1595) > at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:976) > at org.apache.jackrabbit.core.WorkspaceManager.createSession(WorkspaceManager.java:99) > at org.apache.jackrabbit.core.SessionImpl.createSession(SessionImpl.java:401) > at org.apache.jackrabbit.core.DefaultSecurityManager.getUserManager(DefaultSecurityManager.java:319) > at org.apache.jackrabbit.core.SessionImpl.getUserManager(SessionImpl.java:652) > > > or > > NodeImpl.java:2665 > return data.getNodeState().isShareable(); > > ERROR 2012-10-12 08:22:20,734 Failed to instantiate AccessManager > (org.argeo.security.jackrabbit.ArgeoAccessManager) - > org.apache.jackrabbit.core.DefaultSecurityManager > java.lang.NullPointerException > at org.apache.jackrabbit.core.NodeImpl.isShareable(NodeImpl.java:2665) > at org.apache.jackrabbit.core.NodeImpl.getPrimaryPath(NodeImpl.java:2744) > at org.apache.jackrabbit.core.ItemImpl$2.perform(ItemImpl.java:379) > at org.apache.jackrabbit.core.ItemImpl$2.perform(ItemImpl.java:376) > at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:200) > at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91) > at org.apache.jackrabbit.core.ItemImpl.getPath(ItemImpl.java:376) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:855) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.getAuthorizable(UserManagerImpl.java:741) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.internalGetAuthorizable(UserManagerImpl.java:797) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.getAuthorizable(UserManagerImpl.java:443) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.setPrincipal(UserManagerImpl.java:671) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:614) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:587) > at org.apache.jackrabbit.core.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:565) > at org.apache.jackrabbit.core.security.user.UserAccessControlProvider.initGroup(UserAccessControlProvider.java:334) > at org.apache.jackrabbit.core.security.user.UserAccessControlProvider.init(UserAccessControlProvider.java:164) > at org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl.createProvider(AccessControlProviderFactoryImpl.java:93) > at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessControlProvider(DefaultSecurityManager.java:582) > at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:268) > at org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:350) > at org.apache.jackrabbit.core.SessionImpl.(SessionImpl.java:268) > at org.apache.jackrabbit.core.XASessionImpl.(XASessionImpl.java:117) > at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1595) > at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:976) > at org.apache.jackrabbit.core.WorkspaceManager.createSession(WorkspaceManager.java:99) > at org.apache.jackrabbit.core.SessionImpl.createSession(SessionImpl.java:401) > at org.apache.jackrabbit.core.DefaultSecurityManager.getUserManager(DefaultSecurityManager.java:319) > at org.apache.jackrabbit.core.SessionImpl.getUserManager(SessionImpl.java:652)