You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2007/07/22 02:49:06 UTC
[jira] Created: (DIRSERVER-1002) stopping server without
credentials results in NPE after server stops
stopping server without credentials results in NPE after server stops
---------------------------------------------------------------------
Key: DIRSERVER-1002
URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
Project: Directory ApacheDS
Issue Type: Bug
Components: core
Affects Versions: 1.5.1
Reporter: David Jencks
This code:
Properties env = new Properties();
env.putAll(new ShutdownConfiguration().toJndiEnvironment());
env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
//Shut it down
new InitialDirContext( env );
results in, in AbstractContextFactory:
line 115:
service.shutdown();
which successfully shuts down the server without checking anything about authentication/authorization
line 146:
Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
which calls DefaultDirectoryService...
public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
String authentication, String rootDN ) throws NamingException
{
checkSecuritySettings( principal, credential, authentication );
if ( !started )
{
return new DeadContext();
}
checkSecuritySettings gets to line 438:
if ( !startupConfiguration.isAllowAnonymousAccess() )
which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
- is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
- is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
- If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (DIRSERVER-1002) stopping server without
credentials results in NPE after server stops
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks reassigned DIRSERVER-1002:
---------------------------------------
Assignee: Alex Karasulu
Fixed in rev 567242 by immediately returning a DeadContext after shutting down the server. This is definitely not proper security but does avoid the pointless NPE.
Alex, please review, thanks!
> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
> Key: DIRSERVER-1002
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.0
> Reporter: David Jencks
> Assignee: Alex Karasulu
> Fix For: 1.5.1
>
>
> This code:
> Properties env = new Properties();
> env.putAll(new ShutdownConfiguration().toJndiEnvironment());
> env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
> //Shut it down
> new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
> service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
> Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
> which calls DefaultDirectoryService...
> public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
> String authentication, String rootDN ) throws NamingException
> {
> checkSecuritySettings( principal, credential, authentication );
> if ( !started )
> {
> return new DeadContext();
> }
> checkSecuritySettings gets to line 438:
> if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-1002) stopping server without
credentials results in NPE after server stops
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12522259 ]
David Jencks commented on DIRSERVER-1002:
-----------------------------------------
The original problem is solved but maybe the description should be changed to "no credentials required to shut down server from in-vm"? Or closed, I don't know.
> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
> Key: DIRSERVER-1002
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.0
> Reporter: David Jencks
> Assignee: Alex Karasulu
> Fix For: 1.5.1
>
>
> This code:
> Properties env = new Properties();
> env.putAll(new ShutdownConfiguration().toJndiEnvironment());
> env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
> //Shut it down
> new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
> service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
> Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
> which calls DefaultDirectoryService...
> public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
> String authentication, String rootDN ) throws NamingException
> {
> checkSecuritySettings( principal, credential, authentication );
> if ( !started )
> {
> return new DeadContext();
> }
> checkSecuritySettings gets to line 438:
> if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (DIRSERVER-1002) stopping server without
credentials results in NPE after server stops
Posted by "Alex Karasulu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Karasulu reassigned DIRSERVER-1002:
----------------------------------------
Assignee: David Jencks (was: Alex Karasulu)
> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
> Key: DIRSERVER-1002
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.0
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 1.5.1
>
>
> This code:
> Properties env = new Properties();
> env.putAll(new ShutdownConfiguration().toJndiEnvironment());
> env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
> //Shut it down
> new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
> service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
> Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
> which calls DefaultDirectoryService...
> public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
> String authentication, String rootDN ) throws NamingException
> {
> checkSecuritySettings( principal, credential, authentication );
> if ( !started )
> {
> return new DeadContext();
> }
> checkSecuritySettings gets to line 438:
> if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DIRSERVER-1002) stopping server without
credentials results in NPE after server stops
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSERVER-1002:
-----------------------------------------
Affects Version/s: (was: 1.5.1)
1.5.0
Fix Version/s: 1.5.1
Changed the affected version (sadly, there is no 1.5.1-SNAPSHOT item ...), and mark the fix o be delivered in 1.5.1
> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
> Key: DIRSERVER-1002
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.0
> Reporter: David Jencks
> Fix For: 1.5.1
>
>
> This code:
> Properties env = new Properties();
> env.putAll(new ShutdownConfiguration().toJndiEnvironment());
> env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
> //Shut it down
> new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
> service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
> Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
> which calls DefaultDirectoryService...
> public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
> String authentication, String rootDN ) throws NamingException
> {
> checkSecuritySettings( principal, credential, authentication );
> if ( !started )
> {
> return new DeadContext();
> }
> checkSecuritySettings gets to line 438:
> if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (DIRSERVER-1002) stopping server without credentials
results in NPE after server stops
Posted by "Alex Karasulu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Karasulu closed DIRSERVER-1002.
------------------------------------
Resolution: Fixed
closing and opening new issue for 1.5.2 which is "no credentials required to shut down server from in-vm" - will link issues for background info.
> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
> Key: DIRSERVER-1002
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.0
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 1.5.1
>
>
> This code:
> Properties env = new Properties();
> env.putAll(new ShutdownConfiguration().toJndiEnvironment());
> env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
> //Shut it down
> new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
> service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
> Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
> which calls DefaultDirectoryService...
> public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
> String authentication, String rootDN ) throws NamingException
> {
> checkSecuritySettings( principal, credential, authentication );
> if ( !started )
> {
> return new DeadContext();
> }
> checkSecuritySettings gets to line 438:
> if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-1002) stopping server without
credentials results in NPE after server stops
Posted by "Alex Karasulu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520767 ]
Alex Karasulu commented on DIRSERVER-1002:
------------------------------------------
David didn't you fix this - I thought I saw a commit fly buy from you for this issue. I may be wrong but if this still exists I'll fix it fast before 1.5.1 is cut. Let me know.
> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
> Key: DIRSERVER-1002
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.0
> Reporter: David Jencks
> Fix For: 1.5.1
>
>
> This code:
> Properties env = new Properties();
> env.putAll(new ShutdownConfiguration().toJndiEnvironment());
> env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
> //Shut it down
> new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
> service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
> Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
> which calls DefaultDirectoryService...
> public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
> String authentication, String rootDN ) throws NamingException
> {
> checkSecuritySettings( principal, credential, authentication );
> if ( !started )
> {
> return new DeadContext();
> }
> checkSecuritySettings gets to line 438:
> if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-1002) stopping server without
credentials results in NPE after server stops
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12522235 ]
Emmanuel Lecharny commented on DIRSERVER-1002:
----------------------------------------------
Is this ok? Should we close the issue ?
> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
> Key: DIRSERVER-1002
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.5.0
> Reporter: David Jencks
> Assignee: Alex Karasulu
> Fix For: 1.5.1
>
>
> This code:
> Properties env = new Properties();
> env.putAll(new ShutdownConfiguration().toJndiEnvironment());
> env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
> //Shut it down
> new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
> service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
> Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
> which calls DefaultDirectoryService...
> public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
> String authentication, String rootDN ) throws NamingException
> {
> checkSecuritySettings( principal, credential, authentication );
> if ( !started )
> {
> return new DeadContext();
> }
> checkSecuritySettings gets to line 438:
> if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.