You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by Anil Gangolli <an...@busybuddha.org> on 2005/12/10 17:29:12 UTC
exception on login link (trunk build)
The latest trunk build is giving me a Null Pointer Exception when
clicking the Login link (which leads to login-redirect.jsp).
I'm starting to look at this, but if anyone knows what's going on
already, let me know.
--a
java.lang.NullPointerException
at
org.roller.pojos.WebsiteData.hasUserPermissions(WebsiteData.java:1002)
at
org.apache.jsp.login_002dredirect_jsp._jspService(org.apache.jsp.login_002dredirect_jsp:76)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:99)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:325)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245)
...
Re: exception on login link (trunk build)
Posted by Anil Gangolli <an...@busybuddha.org>.
True. If we eliminate the explicit "login" link entirely then
login-redirect.jsp can go away.
The (useful) function that login-redirect.jsp adds is that it engages in
a bit of logic to decide whether to shunt you straight to your single
weblog (in the case you have only one) or to a menu page with all of
them (in the case that you have more than one).
This seems to work properly now and it seemed worth keeping.
--a.
Matt Raible wrote:
>With the Acegi Security integration, we don't really need the
>login-redirect.jsp anymore. With CMA, you have to request a protected
>resource before you can authenticate - but not so with Acegi Security. In
>reality, we should never be linking directly to a "login" page because users
>should only be prompted to login when they try to access a protected
>resource. That begin said, if you hit login.jsp as your first page, and
>then login - Acegi will take you to the default page/url that you've
>specified.
>
>Another thing we need to look at before we release 2.1 is that the Acegi
>filter is mapped to /*. While this seems to work well with my site - it
>might be a different story for JRoller and blogs.sun.com.
>
>Matt
>
>On 12/11/05, Anil Gangolli <an...@busybuddha.org> wrote:
>
>
>>OK. I resolved this.
>>
>>http://svn.apache.org/viewcvs?rev=355963&view=rev
>>
>>The login-redirect.jsp page does seem to be used as the locus of the
>>selection logic for the multi v. single weblog case, so I don't think it
>>should be cut out, and it is properly expecting to follow authentication.
>>
>>I have checked in the following fix. I added it to the scope of URI's
>>requiring authentication in the security.xml, which appeared to me to be
>>the correct thing (and which seems to work as expected).
>>
>>Matt should probably check this.
>>
>>I never saw any intermittentness in this bug. It happened every time
>>if you were not already logged in and didn't have a "remember me" cookie.
>>
>>--a.
>>
>>Allen Gilliland wrote:
>>
>>
>>
>>>I had just mentioned this one to Dave yesterday, but the strange thing
>>>is that it doesn't happen all of the time, only intermittently.
>>>
>>>I agree, we should be able to get rid of login-redirect.jsp now that
>>>we have Acegi. I say go for it.
>>>
>>>-- Allen
>>>
>>>
>>>Anil Gangolli wrote:
>>>
>>>
>>>
>>>>login-redirect.jsp is calling
>>>>
>>>>UserData user = rollerSession.getAuthenticatedUser();
>>>>
>>>>which is returning null and it's passing it along. It looks like
>>>>it's expecting authentication to have taken place at that point, but
>>>>it didn't.
>>>>
>>>>Should we be eliminating login-redirect.jsp here, and have the
>>>>explicit Login link directly to login.jsp? Is login-redirect
>>>>outmoded now with Acegi?
>>>>
>>>>Anil Gangolli wrote:
>>>>
>>>>
>>>>
>>>>>The latest trunk build is giving me a Null Pointer Exception when
>>>>>clicking the Login link (which leads to login-redirect.jsp).
>>>>>I'm starting to look at this, but if anyone knows what's going on
>>>>>already, let me know.
>>>>>--a
>>>>>
>>>>>
>>>>> java.lang.NullPointerException
>>>>> at
>>>>>org.roller.pojos.WebsiteData.hasUserPermissions(WebsiteData.java:1002)
>>>>> at
>>>>>org.apache.jsp.login_002dredirect_jsp._jspService(
>>>>>
>>>>>
>>org.apache.jsp.login_002dredirect_jsp:76)
>>
>>
>>>>> at
>>>>>org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:99)
>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>> at
>>>>>org.apache.jasper.servlet.JspServletWrapper.service(
>>>>>
>>>>>
>>JspServletWrapper.java:325)
>>
>>
>>>>> at
>>>>>org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
>>>>>
>>>>>
>>:295)
>>
>>
>>>>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java
>>>>>
>>>>>
>>:245)
>>
>>
>>>>>...
>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>
>>
>
>
>
Re: exception on login link (trunk build)
Posted by Matt Raible <mr...@gmail.com>.
With the Acegi Security integration, we don't really need the
login-redirect.jsp anymore. With CMA, you have to request a protected
resource before you can authenticate - but not so with Acegi Security. In
reality, we should never be linking directly to a "login" page because users
should only be prompted to login when they try to access a protected
resource. That begin said, if you hit login.jsp as your first page, and
then login - Acegi will take you to the default page/url that you've
specified.
Another thing we need to look at before we release 2.1 is that the Acegi
filter is mapped to /*. While this seems to work well with my site - it
might be a different story for JRoller and blogs.sun.com.
Matt
On 12/11/05, Anil Gangolli <an...@busybuddha.org> wrote:
>
> OK. I resolved this.
>
> http://svn.apache.org/viewcvs?rev=355963&view=rev
>
> The login-redirect.jsp page does seem to be used as the locus of the
> selection logic for the multi v. single weblog case, so I don't think it
> should be cut out, and it is properly expecting to follow authentication.
>
> I have checked in the following fix. I added it to the scope of URI's
> requiring authentication in the security.xml, which appeared to me to be
> the correct thing (and which seems to work as expected).
>
> Matt should probably check this.
>
> I never saw any intermittentness in this bug. It happened every time
> if you were not already logged in and didn't have a "remember me" cookie.
>
> --a.
>
> Allen Gilliland wrote:
>
> > I had just mentioned this one to Dave yesterday, but the strange thing
> > is that it doesn't happen all of the time, only intermittently.
> >
> > I agree, we should be able to get rid of login-redirect.jsp now that
> > we have Acegi. I say go for it.
> >
> > -- Allen
> >
> >
> > Anil Gangolli wrote:
> >
> >>
> >> login-redirect.jsp is calling
> >>
> >> UserData user = rollerSession.getAuthenticatedUser();
> >>
> >> which is returning null and it's passing it along. It looks like
> >> it's expecting authentication to have taken place at that point, but
> >> it didn't.
> >>
> >> Should we be eliminating login-redirect.jsp here, and have the
> >> explicit Login link directly to login.jsp? Is login-redirect
> >> outmoded now with Acegi?
> >>
> >> Anil Gangolli wrote:
> >>
> >>>
> >>> The latest trunk build is giving me a Null Pointer Exception when
> >>> clicking the Login link (which leads to login-redirect.jsp).
> >>> I'm starting to look at this, but if anyone knows what's going on
> >>> already, let me know.
> >>> --a
> >>>
> >>>
> >>> java.lang.NullPointerException
> >>> at
> >>> org.roller.pojos.WebsiteData.hasUserPermissions(WebsiteData.java:1002)
> >>> at
> >>> org.apache.jsp.login_002dredirect_jsp._jspService(
> org.apache.jsp.login_002dredirect_jsp:76)
> >>>
> >>> at
> >>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:99)
> >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> >>> at
> >>> org.apache.jasper.servlet.JspServletWrapper.service(
> JspServletWrapper.java:325)
> >>>
> >>> at
> >>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
> :295)
> >>>
> >>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java
> :245)
> >>> ...
> >>>
> >>>
> >>
> >
> >
>
>
Re: exception on login link (trunk build)
Posted by Anil Gangolli <an...@busybuddha.org>.
OK. I resolved this.
http://svn.apache.org/viewcvs?rev=355963&view=rev
The login-redirect.jsp page does seem to be used as the locus of the
selection logic for the multi v. single weblog case, so I don't think it
should be cut out, and it is properly expecting to follow authentication.
I have checked in the following fix. I added it to the scope of URI's
requiring authentication in the security.xml, which appeared to me to be
the correct thing (and which seems to work as expected).
Matt should probably check this.
I never saw any intermittentness in this bug. It happened every time
if you were not already logged in and didn't have a "remember me" cookie.
--a.
Allen Gilliland wrote:
> I had just mentioned this one to Dave yesterday, but the strange thing
> is that it doesn't happen all of the time, only intermittently.
>
> I agree, we should be able to get rid of login-redirect.jsp now that
> we have Acegi. I say go for it.
>
> -- Allen
>
>
> Anil Gangolli wrote:
>
>>
>> login-redirect.jsp is calling
>>
>> UserData user = rollerSession.getAuthenticatedUser();
>>
>> which is returning null and it's passing it along. It looks like
>> it's expecting authentication to have taken place at that point, but
>> it didn't.
>>
>> Should we be eliminating login-redirect.jsp here, and have the
>> explicit Login link directly to login.jsp? Is login-redirect
>> outmoded now with Acegi?
>>
>> Anil Gangolli wrote:
>>
>>>
>>> The latest trunk build is giving me a Null Pointer Exception when
>>> clicking the Login link (which leads to login-redirect.jsp).
>>> I'm starting to look at this, but if anyone knows what's going on
>>> already, let me know.
>>> --a
>>>
>>>
>>> java.lang.NullPointerException
>>> at
>>> org.roller.pojos.WebsiteData.hasUserPermissions(WebsiteData.java:1002)
>>> at
>>> org.apache.jsp.login_002dredirect_jsp._jspService(org.apache.jsp.login_002dredirect_jsp:76)
>>>
>>> at
>>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:99)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>> at
>>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:325)
>>>
>>> at
>>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
>>>
>>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245)
>>> ...
>>>
>>>
>>
>
>
Re: exception on login link (trunk build)
Posted by Allen Gilliland <Al...@Sun.COM>.
I had just mentioned this one to Dave yesterday, but the strange thing
is that it doesn't happen all of the time, only intermittently.
I agree, we should be able to get rid of login-redirect.jsp now that we
have Acegi. I say go for it.
-- Allen
Anil Gangolli wrote:
>
> login-redirect.jsp is calling
>
> UserData user = rollerSession.getAuthenticatedUser();
>
> which is returning null and it's passing it along. It looks like it's
> expecting authentication to have taken place at that point, but it
> didn't.
>
> Should we be eliminating login-redirect.jsp here, and have the
> explicit Login link directly to login.jsp? Is login-redirect outmoded
> now with Acegi?
>
> Anil Gangolli wrote:
>
>>
>> The latest trunk build is giving me a Null Pointer Exception when
>> clicking the Login link (which leads to login-redirect.jsp).
>> I'm starting to look at this, but if anyone knows what's going on
>> already, let me know.
>> --a
>>
>>
>> java.lang.NullPointerException
>> at
>> org.roller.pojos.WebsiteData.hasUserPermissions(WebsiteData.java:1002)
>> at
>> org.apache.jsp.login_002dredirect_jsp._jspService(org.apache.jsp.login_002dredirect_jsp:76)
>>
>> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:99)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>> at
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:325)
>>
>> at
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245)
>> ...
>>
>>
>
Re: exception on login link (trunk build)
Posted by Anil Gangolli <an...@busybuddha.org>.
login-redirect.jsp is calling
UserData user = rollerSession.getAuthenticatedUser();
which is returning null and it's passing it along. It looks like it's
expecting authentication to have taken place at that point, but it didn't.
Should we be eliminating login-redirect.jsp here, and have the explicit
Login link directly to login.jsp? Is login-redirect outmoded now with
Acegi?
Anil Gangolli wrote:
>
> The latest trunk build is giving me a Null Pointer Exception when
> clicking the Login link (which leads to login-redirect.jsp).
> I'm starting to look at this, but if anyone knows what's going on
> already, let me know.
> --a
>
>
> java.lang.NullPointerException
> at
> org.roller.pojos.WebsiteData.hasUserPermissions(WebsiteData.java:1002)
> at
> org.apache.jsp.login_002dredirect_jsp._jspService(org.apache.jsp.login_002dredirect_jsp:76)
>
> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:99)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:325)
>
> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245)
> ...
>
>