You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/03/09 19:35:55 UTC

[Bug 59154] New: JAASMemoryLoginModule: NullPointerException in MemoryRealm after upgrading to Tomcat 8.0.32 from 7.0.26

https://bz.apache.org/bugzilla/show_bug.cgi?id=59154

            Bug ID: 59154
           Summary: JAASMemoryLoginModule: NullPointerException in
                    MemoryRealm after upgrading to Tomcat 8.0.32 from
                    7.0.26
           Product: Tomcat 8
           Version: 8.0.32
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: jasonoverland@gmail.com

We're using JAAS authentication and after upgrading to Tomcat 8.0.32 from
7.0.26, I'm getting a NullPointerException:

Authentication failed: java.lang.NullPointerException
at org.apache.catalina.realm.MemoryRealm.authenticate(MemoryRealm.java:127)
at
org.apache.catalina.realm.JAASMemoryLoginModule.login(JAASMemoryLoginModule.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at com.lizardtech.es.adminui.vaadin.jaas.LoginController.onLogin(Unknown
Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.vaadin.event.ListenerMethod.receiveEvent(ListenerMethod.java:510)
at com.vaadin.event.EventRouter.fireEvent(EventRouter.java:164)
at com.vaadin.ui.AbstractComponent.fireEvent(AbstractComponent.java:1219)
at com.vaadin.ui.LoginForm$2.handleParameters(LoginForm.java:103)
at com.vaadin.ui.Window.handleParameters(Window.java:515)
at
com.vaadin.terminal.gwt.server.AbstractApplicationServlet.service(AbstractApplicationServlet.java:528)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)

While using the following configuration:

server.xml:

  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource auth="Container" description="User database that can be
updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase" pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase"/>
  </GlobalNamingResources>

  ...

  <Realm className="org.apache.catalina.realm.MemoryRealm" digest="SHA">
    <CredentialHandler algorithm="SHA"
className="org.apache.catalina.realm.MessageDigestCredentialHandler"/>
  </Realm>


jaas.config:
/** JAAS Login Configuration for the Application **/

JAASTomcat {
   org.apache.catalina.realm.JAASMemoryLoginModule required debug=true;
};


The problem appears to be as follows:

JAASMemoryLoginModule implements MemoryRealm.  In Tomcat 8, realms are required
to have a CredentialHandler.  However there is currently no way to configure
JAASMemoryLoginModule to set a CredentialHandler.  A solution proposed by
Christopher Schultz is to add a "digest=SHA" option to jaas.config and handle
it in the JAASMemoryLoginModule's initializer.

For reference, this is discussed in more depth on the tomcat user mailing list
in the thread "NullPointerException in MemoryRealm after upgrading to Tomcat
8.0.32 from 7.0.26".

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 59154] JAASMemoryLoginModule: NullPointerException in MemoryRealm after upgrading to Tomcat 8.0.32 from 7.0.26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59154

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Fixed in trunk for 9.0.0.M4 onwards and 8.0.x for 8.0.33 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org