[magnolia-dev] [JIRA] Created: (MAGNOLIA-2261) Magnolia access failure whit miss-configured bypass in filterchain

Mon, 14 Jul 2008 11:37:15 -0700 

Magnolia access failure whit miss-configured bypass in filterchain 
-------------------------------------------------------------------

                 Key: MAGNOLIA-2261
                 URL: http://jira.magnolia.info/browse/MAGNOLIA-2261
             Project: Magnolia
          Issue Type: Bug
    Affects Versions: 3.5.8
            Reporter: Olivier Marti
            Assignee: Boris Kraft


Reported from Futurelab:

We just wanted to add a bypass rule to the uriSecurity config node. We added 
the class name parameter and wanted to add the pattern parameter next, but 
since the rule was already active, we could not get that far. There is a 
missing null check in some Magnolia code, resulting in an NPE that causes the 
entire request to fail, instead of just the offending rule.

Of course that means we have no way to complete or revert our broken config in 
the JCR so we are effectively locked out and the system is down because every 
request now fails.


ERROR  
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/magnoliaAuthor].[default]
 14.07.2008 15:58:57 -- Servle
t.service() for servlet default threw exception
java.lang.NullPointerException
    at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:97)
    at 
info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:199)
    at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
    at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
    at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
    at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
    at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
    at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
    at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)

This seems to be the offending code:

public void init() {
    if(autoTrueValue){
        if(!isInverse()){
            setTrueValue(pattern.length());
        }
        else{
            setTrueValue(-pattern.length());
        }
    }
}

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------

Reply via email to