You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2016/12/01 17:38:59 UTC

[jira] [Updated] (QPID-7549) [Java Broker] Authentication using SimpleLDAP authentication provider fails with NPE when caching of authentication results is enabled(by default)

     [ https://issues.apache.org/jira/browse/QPID-7549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Keith Wall updated QPID-7549:
-----------------------------
    Fix Version/s: qpid-java-6.2

> [Java Broker] Authentication using SimpleLDAP authentication provider fails with NPE when caching of authentication results is enabled(by default)
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7549
>                 URL: https://issues.apache.org/jira/browse/QPID-7549
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-6.1
>            Reporter: Alex Rudyy
>             Fix For: qpid-java-6.2, qpid-java-6.1.1
>
>
> Authentication with SimpleLDAP authentication provider fails due to the following exception:
> {noformat}
> 2016-11-24 12:59:12,878 WARN  [HttpManagement-testHTTP-158] (o.e.j.s.ServletHandler) - /service/sasl
> java.lang.NullPointerException: null
>         at org.apache.qpid.server.security.auth.manager.AuthenticationResultCacher.digestCredentials(AuthenticationResultCacher.java:116) ~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.AuthenticationResultCacher.getOrLoad(AuthenticationResultCacher.java:80) ~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.getOrLoadAuthenticationResult(SimpleLDAPAuthenticationManagerImpl.java:410) ~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.access$200(SimpleLDAPAuthenticationManagerImpl.java:83) ~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl$SimpleLDAPPlainCallbackHandler.handle(SimpleLDAPAuthenticationManagerImpl.java:669) ~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:87) ~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.authenticate(SimpleLDAPAuthenticationManagerImpl.java:312) ~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.SubjectCreator.authenticate(SubjectCreator.java:115) ~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.evaluateSaslResponse(SaslServlet.java:213) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.doPostWithSubjectAndActor(SaslServlet.java:135) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:121) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:117) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_74]
>         at javax.security.auth.Subject.doAs(Subject.java:422) ~[na:1.8.0_74]
>         at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doWithSubjectAndActor(AbstractServlet.java:218) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doPost(AbstractServlet.java:115) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) ~[geronimo-servlet_3.0_spec-1.0.jar:1.0]
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:668) ~[geronimo-servlet_3.0_spec-1.0.jar:1.0]
>         at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.apache.qpid.server.management.plugin.filter.ForbiddingAuthorisationFilter.doFilter(ForbiddingAuthorisationFilter.java:94) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter.doFilter(ForbiddingTraceFilter.java:65) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.apache.qpid.server.management.plugin.filter.LoggingFilter.doFilter(LoggingFilter.java:65) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247) ~[jetty-servlets-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210) ~[jetty-servlets-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter.doFilter(ExceptionHandlingFilter.java:56) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501) [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429) [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.Server.handle(Server.java:370) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
> {noformat}
> This issue only impacts authentication via Web Management Console (when SimpleLDAp authentication provider is configured for HTTP port). Due to NPE the authentication fails and user is not able to login to Web Management Console. Authentication over AMQP or preemptive authentication is not impacted by the issue.
> Disabling of the caching allows to work around the issue. The caching can be turned off by setting to 'null' or '0' or negative value any/all of the following context variables:
> * qpid.auth.cache.size
> * qpid.auth.cache.expiration_time
> * qpid.auth.cache.iteration_count



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org