You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-dev@jakarta.apache.org by "Fallin, Jonathan A." <jo...@gs.com> on 2004/06/23 18:37:23 UTC

Null Pointer in webdav LogFilter

I've encountered an odd Null Pointer exception in the webdav LogFilter class
working to incorporate a separate authentication mechanism into Slide.
Although I can determine what is causing the exception, looking at the
source code I am baffled as to why it is happening.  I am using the Slide
Server 2.0 source.

I disabled both default authentication and authorization following the steps
listed at http://jakarta.apache.org/slide/howto-acl.html
<http://jakarta.apache.org/slide/howto-acl.html> 
1.  Commented out <security-constraint> and <login-config> elements in
web.xml
2.  Set org.apache.slide.security property to false in slide.properties
file.
When I deploy the rebuilt slide.war to my own tomcat distribution (not the
slide-tomcat bundle) I can see that the changes I made to web.xml and
slide.properties (located in jar /WEB-INF/lib/slide-kernel-2.0.jar) have
been affected.  So I expect no basic auth step and no access controls to be
in place.

However, when I use any WebDAV client to go to my slide app (DAVExplorer or
WinXP Network Place), I get a null pointer expection starting in the webdav
LogFilter class as it attempts to log activity.

Here's the exception

2004-06-22 16:19:53 StandardWrapperValve[webdav]: Servlet.service() for
servlet webdav threw exception
java.lang.NullPointerException
	at java.lang.StringBuffer.replace(StringBuffer.java:717)
	at
org.apache.slide.webdav.filter.LogFilter.logLine(LogFilter.java:178)
	at
org.apache.slide.webdav.filter.LogFilter.doFilter(LogFilter.java:150)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:213)
	.........

Looking at the source for LogFilter its easy to see where the exception is
occuring.

The doFilter method calls getUserPrinciple() method on the Servlet Request
	Principal p = req.getUserPrinciple()

Then, it checks for a null object, and sets the principle string
appropriatly
	String principal = (p != null ? p.getName() : "");

The principal string is passed to the LogLine method along with numerous
other log information, and the principal string is parsed into the
StringBuffer
	if(i >=0 ) b.replace( i, i+2, principal);

The StringBuffer.replace() method is throwing the null pointer exception
because the principle String that is passed to LogLine is null!

With the changes I have made to disable authentication and authorization I
expect the principal string in LogFilter.doFilter() to be set to the empty
string "".  However, the Principal object p that is returned from
getUserPrinciple() is passing the p!=null test (meaing that its not null).
But of course, the p.getName() method which is then called, will return
null.  Thus the String principal is set to null and passed to LogLine()
where the expection eventually occurs.

In trying to test this issue, I added a line
System.out.println(p.toString()) after the getUserPrinciple method in an
attempt to better understand the composition of the principle object.  The
result in the log is simply "null".  But if that's the case, why does the p
!= null check in the doFilter() method pass?

The J2SE javadoc for 1.4.2 says this about the getUserPrinciple() method
	Returns a java.security.Principal object containing the name of the
current authenticated user. If the user has not 	been
authenticated, the method returns null. 

Anyone have any ideas why this seems to not be working?

Jonathan

Re: Null Pointer in webdav LogFilter

Posted by Stefan Lützkendorf <lu...@apache.org>.

Fallin, Jonathan A. wrote:

> In trying to test this issue, I added a line
> System.out.println(p.toString()) after the getUserPrinciple method in an
> attempt to better understand the composition of the principle object.  The
> result in the log is simply "null".  But if that's the case, why does the p
> != null check in the doFilter() method pass?

It seems that req.getUserPrincipal() returns a Principal with an name == null.

p.toString() has to throw an NPE of p is null

so p.tpString() returns the same as p.getName()  i.e. null

we should introduce a check
if (principal == null) principal = "";

Regards, Stefan


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org