You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by St...@faa.gov on 2014/07/16 21:06:29 UTC

NullPointer in ...sts.event.map.EventMapper

I recently enabled audit logging in my STS (based on 2.7.12-SNAPSHOT), by configuring eventListener in my TokenIssueOperation with  an org.apache.cxf.sts.event.map.EventMapper object. This works great in most cases. But when my incoming RST contains an ActAs element, I get a NullPointerException:

java.lang.NullPointerException
        at org.apache.cxf.sts.event.map.EventMapper.handleEvent(EventMapper.java:106)
        at org.apache.cxf.sts.event.map.EventMapper.handleSTSEvent(EventMapper.java:70)
        at org.apache.cxf.sts.operation.AbstractOperation.publishEvent(AbstractOperation.java:729)
        at org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:233)
        at org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:83)
...

If I de-configure eventListener in my TokenIssueOperation I have no issues. Looking over the handleEvent method, it looks like it is referencing this line:


map.put<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/util/Map.java#Map.put%28java.lang.String%2Cjava.lang.Object%29>(KEYS<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL>.ACTAS_PRINCIPAL<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL>.name<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/lang/Enum.java#Enum.name%28%29>(), params.getTokenRequirements<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/token/provider/TokenProviderParameters.java#TokenProviderParameters.getTokenRequirements%28%29>().getActAs<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/TokenRequirements.java#TokenRequirements.getActAs%28%29>().getPrincipal<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/ReceivedToken.java#ReceivedToken.getPrincipal%28%29>().getName<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/security/Principal.java#Principal.getName%28%29>());

I haven't had a chance to track it much further than this, but it looks like the event handler is either prematurely accessing the ActAs token, or the ActAs token was read in and not parseable. The ActAs element, in my case, contains a SAML 2 assertion previously issued by this STS, so it should certainly be parseable, and in fact when I disable audit logging everything works fine and completes normally. I've been away for a few weeks, but my recollection is that this all worked fine three weeks ago. Has something changed in the snapshot? Any help or insight would be appreciated, thanx!


Stephen W. Chappell

RE: NullPointer in ...sts.event.map.EventMapper

Posted by St...@faa.gov.

Colm -

Thanx for the explanation, now it all makes sense. I'll keep an eye out for 2.7.13 then and see what I can do for a workaround in the meantime.

Thanx again,

Stephen W. Chappell

-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org] 
Sent: Thursday, July 17, 2014 6:01 AM
To: users@cxf.apache.org
Subject: Re: NullPointer in ...sts.event.map.EventMapper

Hi Stephen,

This NPE is due to the fact that we don't validate "ActAs" tokens using a TokenValidator instance in the STS, only "OnBehalfOf" tokens (+ hence no principal is created for the token, causing the NPE). Unfortunately this fix is too late for the current release votes, and so it'll be fixed in the next set of releases:

https://issues.apache.org/jira/browse/CXF-5885

Colm.


On Wed, Jul 16, 2014 at 8:15 PM, <St...@faa.gov> wrote:

> Oops, sorry about the mangled source line in my original message. This 
> is the line the exception is referencing...
>
> map.put(KEYS.ONBEHALFOF_PRINCIPAL.name(),
> params.getTokenRequirements().getActAs().getPrincipal().getName());
>
> Stephen W. Chappell
>
>
> -----Original Message-----
> From: Chappell, Stephen CTR (FAA)
> Sent: Wednesday, July 16, 2014 3:06 PM
> To: users@cxf.apache.org
> Subject: NullPointer in ...sts.event.map.EventMapper
>
> I recently enabled audit logging in my STS (based on 2.7.12-SNAPSHOT), 
> by configuring eventListener in my TokenIssueOperation with  an 
> org.apache.cxf.sts.event.map.EventMapper object. This works great in 
> most cases. But when my incoming RST contains an ActAs element, I get 
> a
> NullPointerException:
>
> java.lang.NullPointerException
>         at
> org.apache.cxf.sts.event.map.EventMapper.handleEvent(EventMapper.java:106)
>         at
> org.apache.cxf.sts.event.map.EventMapper.handleSTSEvent(EventMapper.java:70)
>         at
> org.apache.cxf.sts.operation.AbstractOperation.publishEvent(AbstractOperation.java:729)
>         at
> org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:233)
>         at
> org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOpera
> tion.java:83)
> ...
>
> If I de-configure eventListener in my TokenIssueOperation I have no 
> issues. Looking over the handleEvent method, it looks like it is 
> referencing this line:
>
>
> map.put<
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk
> /6-b27/java/util/Map.java#Map.put%28java.lang.String%2Cjava.lang.Objec
> t%29
> >(KEYS<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service
> s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.j
> ava#KEYS.0ACTAS_PRINCIPAL
> >.ACTAS_PRINCIPAL<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service
> s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.j
> ava#KEYS.0ACTAS_PRINCIPAL
> >.name<
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk
> /6-b27/java/lang/Enum.java#Enum.name%28%29>(),
> params.getTokenRequirements<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service
> s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/token/provider/T
> okenProviderParameters.java#TokenProviderParameters.getTokenRequiremen
> ts%28%29
> >().getActAs<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service
> s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/TokenReq
> uirements.java#TokenRequirements.getActAs%28%29
> >().getPrincipal<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service
> s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/Received
> Token.java#ReceivedToken.getPrincipal%28%29
> >().getName<
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk
> /6-b27/java/security/Principal.java#Principal.getName%28%29
> >());
>
> I haven't had a chance to track it much further than this, but it 
> looks like the event handler is either prematurely accessing the ActAs 
> token, or the ActAs token was read in and not parseable. The ActAs 
> element, in my case, contains a SAML 2 assertion previously issued by 
> this STS, so it should certainly be parseable, and in fact when I 
> disable audit logging everything works fine and completes normally. 
> I've been away for a few weeks, but my recollection is that this all worked fine three weeks ago.
> Has something changed in the snapshot? Any help or insight would be 
> appreciated, thanx!
>
>
> Stephen W. Chappell
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: NullPointer in ...sts.event.map.EventMapper

Posted by Colm O hEigeartaigh <co...@apache.org>.

Hi Stephen,

This NPE is due to the fact that we don't validate "ActAs" tokens using a
TokenValidator instance in the STS, only "OnBehalfOf" tokens (+ hence no
principal is created for the token, causing the NPE). Unfortunately this
fix is too late for the current release votes, and so it'll be fixed in the
next set of releases:

https://issues.apache.org/jira/browse/CXF-5885

Colm.


On Wed, Jul 16, 2014 at 8:15 PM, <St...@faa.gov> wrote:

> Oops, sorry about the mangled source line in my original message. This is
> the line the exception is referencing...
>
> map.put(KEYS.ONBEHALFOF_PRINCIPAL.name(),
> params.getTokenRequirements().getActAs().getPrincipal().getName());
>
> Stephen W. Chappell
>
>
> -----Original Message-----
> From: Chappell, Stephen CTR (FAA)
> Sent: Wednesday, July 16, 2014 3:06 PM
> To: users@cxf.apache.org
> Subject: NullPointer in ...sts.event.map.EventMapper
>
> I recently enabled audit logging in my STS (based on 2.7.12-SNAPSHOT), by
> configuring eventListener in my TokenIssueOperation with  an
> org.apache.cxf.sts.event.map.EventMapper object. This works great in most
> cases. But when my incoming RST contains an ActAs element, I get a
> NullPointerException:
>
> java.lang.NullPointerException
>         at
> org.apache.cxf.sts.event.map.EventMapper.handleEvent(EventMapper.java:106)
>         at
> org.apache.cxf.sts.event.map.EventMapper.handleSTSEvent(EventMapper.java:70)
>         at
> org.apache.cxf.sts.operation.AbstractOperation.publishEvent(AbstractOperation.java:729)
>         at
> org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:233)
>         at
> org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:83)
> ...
>
> If I de-configure eventListener in my TokenIssueOperation I have no
> issues. Looking over the handleEvent method, it looks like it is
> referencing this line:
>
>
> map.put<
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/util/Map.java#Map.put%28java.lang.String%2Cjava.lang.Object%29
> >(KEYS<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL
> >.ACTAS_PRINCIPAL<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL
> >.name<
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/lang/Enum.java#Enum.name%28%29>(),
> params.getTokenRequirements<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/token/provider/TokenProviderParameters.java#TokenProviderParameters.getTokenRequirements%28%29
> >().getActAs<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/TokenRequirements.java#TokenRequirements.getActAs%28%29
> >().getPrincipal<
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/ReceivedToken.java#ReceivedToken.getPrincipal%28%29
> >().getName<
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/security/Principal.java#Principal.getName%28%29
> >());
>
> I haven't had a chance to track it much further than this, but it looks
> like the event handler is either prematurely accessing the ActAs token, or
> the ActAs token was read in and not parseable. The ActAs element, in my
> case, contains a SAML 2 assertion previously issued by this STS, so it
> should certainly be parseable, and in fact when I disable audit logging
> everything works fine and completes normally. I've been away for a few
> weeks, but my recollection is that this all worked fine three weeks ago.
> Has something changed in the snapshot? Any help or insight would be
> appreciated, thanx!
>
>
> Stephen W. Chappell
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

RE: NullPointer in ...sts.event.map.EventMapper

Posted by St...@faa.gov.

Oops, sorry about the mangled source line in my original message. This is the line the exception is referencing...

map.put(KEYS.ONBEHALFOF_PRINCIPAL.name(), params.getTokenRequirements().getActAs().getPrincipal().getName());

Stephen W. Chappell


-----Original Message-----
From: Chappell, Stephen CTR (FAA) 
Sent: Wednesday, July 16, 2014 3:06 PM
To: users@cxf.apache.org
Subject: NullPointer in ...sts.event.map.EventMapper

I recently enabled audit logging in my STS (based on 2.7.12-SNAPSHOT), by configuring eventListener in my TokenIssueOperation with  an org.apache.cxf.sts.event.map.EventMapper object. This works great in most cases. But when my incoming RST contains an ActAs element, I get a NullPointerException:

java.lang.NullPointerException
        at org.apache.cxf.sts.event.map.EventMapper.handleEvent(EventMapper.java:106)
        at org.apache.cxf.sts.event.map.EventMapper.handleSTSEvent(EventMapper.java:70)
        at org.apache.cxf.sts.operation.AbstractOperation.publishEvent(AbstractOperation.java:729)
        at org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:233)
        at org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:83)
...

If I de-configure eventListener in my TokenIssueOperation I have no issues. Looking over the handleEvent method, it looks like it is referencing this line:


map.put<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/util/Map.java#Map.put%28java.lang.String%2Cjava.lang.Object%29>(KEYS<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL>.ACTAS_PRINCIPAL<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL>.name<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/lang/Enum.java#Enum.name%28%29>(), params.getTokenRequirements<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/token/provider/TokenProviderParameters.java#TokenProviderParameters.getTokenRequirements%28%29>().getActAs<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/TokenRequirements.java#TokenRequirements.getActAs%28%29>().getPrincipal<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/ReceivedToken.java#ReceivedToken.getPrincipal%28%29>().getName<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/security/Principal.java#Principal.getName%28%29>());

I haven't had a chance to track it much further than this, but it looks like the event handler is either prematurely accessing the ActAs token, or the ActAs token was read in and not parseable. The ActAs element, in my case, contains a SAML 2 assertion previously issued by this STS, so it should certainly be parseable, and in fact when I disable audit logging everything works fine and completes normally. I've been away for a few weeks, but my recollection is that this all worked fine three weeks ago. Has something changed in the snapshot? Any help or insight would be appreciated, thanx!


Stephen W. Chappell