You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org> on 2005/08/04 19:48:35 UTC
[jira] Resolved: (GERONIMO-852) NullPointerException in during deploy

     [ http://issues.apache.org/jira/browse/GERONIMO-852?page=all ]
     
Aaron Mulder resolved GERONIMO-852:
-----------------------------------

    Fix Version: 1.0-M5
     Resolution: Fixed

Thanks!

I wasn't able to replicate the stack trace (Linux SuSE 9.3), but it still seems wise to guard against it.  Added a slightly more extensive patch that potentially allows a legitimately null password, and includes tests.

> NullPointerException in during deploy
> -------------------------------------
>
>          Key: GERONIMO-852
>          URL: http://issues.apache.org/jira/browse/GERONIMO-852
>      Project: Geronimo
>         Type: Bug
>   Components: security
>     Versions: 1.0-M5
>     Reporter: Kevan Miller
>     Assignee: Aaron Mulder
>     Priority: Minor
>      Fix For: 1.0-M5
>  Attachments: passwordNPE.patch
>
> While playing around with uri syntax for deploy commands, I ran across a NPE during login processing:
> java.lang.NullPointerException
> 	at java.lang.String.<init>(String.java:166)
> 	at org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule.login(PropertiesFileLoginModule.java:142)
> 	at org.apache.geronimo.security.jaas.JaasLoginService.performServerLogin(JaasLoginService.java:240)
> 	at org.apache.geronimo.security.jaas.JaasLoginService$$FastClassByCGLIB$$1b5fde8c.invoke(<generated>)
> 	at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
> 	at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> 	at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
> 	at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:731)
> 	at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> 	at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
> 	at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:94)
> 	at org.apache.geronimo.security.jaas.JaasLoginServiceMBean$$EnhancerByCGLIB$$5302521b.performServerLogin(<generated>)
> 	at org.apache.geronimo.security.jaas.JaasLoginCoordinator$ServerLoginModule.login(JaasLoginCoordinator.java:230)
> 	at org.apache.geronimo.security.jaas.LoginUtils.computeLogin(LoginUtils.java:34)
> 	at org.apache.geronimo.security.jaas.JaasLoginCoordinator.login(JaasLoginCoordinator.java:101)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:324)
> 	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
> 	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
> 	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
> 	at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
> 	at org.apache.geronimo.jmxremoting.Authenticator.authenticate(Authenticator.java:57)
> 	at javax.management.remote.rmi.RMIServerImpl$1.run(RMIServerImpl.java:141)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.management.remote.rmi.RMIServerImpl.authenticate(RMIServerImpl.java:137)
> 	at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:91)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:324)
> 	at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
> 	at sun.rmi.transport.Transport$1.run(Transport.java:148)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
> 	at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
> 	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
> 	at java.lang.Thread.run(Thread.java:534)
> To reproduce, I started an out-of-the-box Geronimo server and attempted a deploy using the following:
>          java -jar deployer.jar deploy <your-archive-of-choice>
> When prompted for a userName, enter some name. When prompted for a password, ctrl-c the deployment. You should see the NPE at the Server.
> Problem is that  PasswordCallback.getPassword() can return null. In that case, something like "new String(callback.getPassword())" will cause an NPE to be thrown from within the String constructor. The fix is to guard against that case... Same thing could happen in SQLoginModule. I'll post a patch for both, shortly...

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira