Application Server 3  4  5 and 6
  1. Application Server 3 4 5 and 6
  2. JBAS-7179

NullPointerException because SecurityAssociationValve not invoked for forwarded StandardHostValve.status()

    Details

    • Type: Feature Request Feature Request
    • Status: Closed Closed (View Workflow)
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: JBossAS-5.1.0.GA
    • Fix Version/s: 6.0.0.M1
    • Component/s: Web (Tomcat) service
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Environment:
    • Similar Issues:
      Show 10 results 

      Description

      situation, web request:

      • guest tries to access secured resource
      • guest is challenged by container managed security
      • guest logs in, but does not have permissions to access the requested resource
      • logged in user is forwarded to <error-page> 403 /not-authorized
      • java.lang.NullPointerException in custom Filter:
        • filter is registered with <dispatcher>REQUEST</dispatcher>,<dispatcher>FORWARD</dispatcher>, <dispatcher>ERROR</dispatcher>
        • javax.servlet.http.HttpServletRequest.isUserInRole(String) is called, yields NullPointerException because SecurityAssociationValve ThreadLocals not available due to SecurityAssociationValve not invoked in this forwarding/error chain

      2009-08-17 12:27:25,879:4249013 [ http-0.0.0.0-8680-4] web].[localhost] ERROR Exception Processing ErrorPage[errorCode=403, location=/not-authorized] @org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]
      java.lang.NullPointerException
      at org.jboss.web.tomcat.security.JBossWebRealm.hasRole(JBossWebRealm.java:537)
      at org.apache.catalina.connector.Request.isUserInRole(Request.java:2198)
      at org.apache.catalina.connector.RequestFacade.isUserInRole(RequestFacade.java:763)
      at javax.servlet.http.HttpServletRequestWrapper.isUserInRole(HttpServletRequestWrapper.java:164)
      at UserContextFilter.doFilter(UserContextFilter.java:108)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at TokenGenerationFilter.doFilter(TokenGenerationFilter.java:42)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at SystemStateFilter.doFilter(SystemStateFilter.java:120)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:638)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:446)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:382)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:310)
      at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:416)
      at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:342)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:905)
      at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:592)
      at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2036)
      at java.lang.Thread.run(Thread.java:619)

      1. SecurityAssociationValve.java
        1 kB
        Juergen H

        Activity

        Hide
        Anil Saldhana
        added a comment -

        Should be resolved due to sub-task JBAS-7311

        Both the upcoming JBAS 5.2 as well as in AS6.

        Show
        Anil Saldhana
        added a comment - Should be resolved due to sub-task JBAS-7311 Both the upcoming JBAS 5.2 as well as in AS6.
        Hide
        Anil Saldhana
        added a comment -

        The attached file may fix the issue in JBAS 5.1 but no guarantees.

        Show
        Anil Saldhana
        added a comment - The attached file may fix the issue in JBAS 5.1 but no guarantees.
        Hide
        Juergen H
        added a comment -

        Can we expect a fix for jboss-4.2.3.GA as well?

        It's the same behaviour, ExtendedFormAuthenticator.forwardToLoginPage will not invoke SecurityAssociationValve, so calls to WebAutentication will result in java.lang.IllegalStateException: request is null

        Show
        Juergen H
        added a comment - Can we expect a fix for jboss-4.2.3.GA as well? It's the same behaviour, ExtendedFormAuthenticator.forwardToLoginPage will not invoke SecurityAssociationValve, so calls to WebAutentication will result in java.lang.IllegalStateException: request is null
        Hide
        Juergen H
        added a comment -

        As a workaround, I created a simple Valve to be registered on <Host> or <Engine> element in server.xml, that simply sets/unsets jboss-4.2.3.GA org.jboss.web.tomcat.security.SecurityAssociationValve threadlocals no matter if the SecurityAssociationValve will later be invoked or not.

        Show
        Juergen H
        added a comment - As a workaround, I created a simple Valve to be registered on <Host> or <Engine> element in server.xml, that simply sets/unsets jboss-4.2.3.GA org.jboss.web.tomcat.security.SecurityAssociationValve threadlocals no matter if the SecurityAssociationValve will later be invoked or not.

          People

          • Assignee:
            Anil Saldhana
            Reporter:
            Juergen H
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: