You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Alex Karasulu (JIRA)" <ji...@apache.org> on 2007/08/18 05:10:30 UTC
[jira] Commented: (DIRSERVER-1002) stopping server without
credentials results in NPE after server stops
[ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520767 ]
Alex Karasulu commented on DIRSERVER-1002:
------------------------------------------
David didn't you fix this - I thought I saw a commit fly buy from you for this issue. I may be wrong but if this still exists I'll fix it fast before 1.5.1 is cut. Let me know.
> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
> Key: DIRSERVER-1002
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.0
> Reporter: David Jencks
> Fix For: 1.5.1
>
>
> This code:
> Properties env = new Properties();
> env.putAll(new ShutdownConfiguration().toJndiEnvironment());
> env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
> //Shut it down
> new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
> service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
> Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
> which calls DefaultDirectoryService...
> public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
> String authentication, String rootDN ) throws NamingException
> {
> checkSecuritySettings( principal, credential, authentication );
> if ( !started )
> {
> return new DeadContext();
> }
> checkSecuritySettings gets to line 438:
> if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.