[jira] [Updated] (CASSSIDECAR-331) NullPointerException When Authentication Is Enabled but sidecar_internal Schema Is Disabled

Sun, 17 Aug 2025 09:50:01 -0700 


     [ 
https://issues.apache.org/jira/browse/CASSSIDECAR-331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Francisco Guerrero updated CASSSIDECAR-331:
-------------------------------------------
    Reviewers: Francisco Guerrero, Francisco Guerrero
               Francisco Guerrero, Francisco Guerrero  (was: Francisco Guerrero)
       Status: Review In Progress  (was: Patch Available)

> NullPointerException When Authentication Is Enabled but sidecar_internal 
> Schema Is Disabled
> -------------------------------------------------------------------------------------------
>
>                 Key: CASSSIDECAR-331
>                 URL: https://issues.apache.org/jira/browse/CASSSIDECAR-331
>             Project: Sidecar for Apache Cassandra
>          Issue Type: Bug
>          Components: Security
>            Reporter: Isaac Reath
>            Assignee: Saranya Krishnakumar
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> When authentication is enabled but the sidecar_internal schema is disabled, a 
> NullPointerException occurs in Sidecar. This results in a generic 401 
> Unauthorized response:
> {"status":"Unauthorized","code":401,"message":"Unexpected error encountered 
> in handler"}
>  
>  
> The issue originates in 
> {{{}SystemAuthDatabaseAccessor#findRoleFromIdentity{}}}, where 
> {{tableSchema}} is null. The {{SystemAuthDatabaseAccessor.tableSchema}} 
> object initialized through the 
> {{SidecarInternalKeyspace#registerTableSchema}} function on startup. Although 
> {{SidecarInternalKeyspace#registerTableSchema}} is always called on startup, 
> it is a no-op if {{is_enabled}} is set to {{{}false{}}}. As a result, 
> {{tableSchema}} is never initialized, leading to the NPE when we go to use it 
> for authentication. Diagnosing this requires running Sidecar in a debugger, 
> as Vert.x does not log the root exception clearly.
> Since access_control.enabled implicitly depends on {{{}schema.is_enabled{}}}, 
> this should be validated at startup. If {{access_control}} is enabled but 
> {{schema}}  is not, Sidecar should fail fast with a clear error.
> Proposed Fix:
> Add startup validation to check for this config mismatch & fail with a clear 
> error stating that authentication requires sidecar_internal to be enabled.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to