You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Alex Karasulu (JIRA)" <ji...@apache.org> on 2007/08/24 07:58:30 UTC

[jira] Closed: (DIRSERVER-1002) stopping server without credentials results in NPE after server stops

     [ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alex Karasulu closed DIRSERVER-1002.
------------------------------------

    Resolution: Fixed

closing and opening new issue for 1.5.2 which is "no credentials required to shut down server from in-vm" - will link issues for background info.

> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
>                 Key: DIRSERVER-1002
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.0
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 1.5.1
>
>
> This code:
>         Properties env = new Properties();
>         env.putAll(new ShutdownConfiguration().toJndiEnvironment());
>         env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
>         //Shut it down
>         new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
>             service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
>         Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
> which calls DefaultDirectoryService...
>     public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential, 
>         String authentication, String rootDN ) throws NamingException
>     {
>         checkSecuritySettings( principal, credential, authentication );
>         if ( !started )
>         {
>             return new DeadContext();
>         }
> checkSecuritySettings gets to line 438:
>             if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.