[
http://jira.magnolia.info/browse/MAGNOLIA-2261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17106#action_17106
]
Gregory Joseph commented on MAGNOLIA-2261:
------------------------------------------
I assume that by "uriSecurity config node", you're talking about the
uriSecurity filter:
http://confluence.magnolia.info/display/WIKI/Repair+broken+bypass+configuration
> Magnolia access failure whit miss-configured bypass in filterchain
> -------------------------------------------------------------------
>
> Key: MAGNOLIA-2261
> URL: http://jira.magnolia.info/browse/MAGNOLIA-2261
> Project: Magnolia
> Issue Type: Bug
> Affects Versions: 3.5.8
> Reporter: Olivier Marti
> Assignee: Boris Kraft
>
> Reported from Futurelab:
> We just wanted to add a bypass rule to the uriSecurity config node. We added
> the class name parameter and wanted to add the pattern parameter next, but
> since the rule was already active, we could not get that far. There is a
> missing null check in some Magnolia code, resulting in an NPE that causes the
> entire request to fail, instead of just the offending rule.
> Of course that means we have no way to complete or revert our broken config
> in the JCR so we are effectively locked out and the system is down because
> every request now fails.
> ERROR
> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/magnoliaAuthor].[default]
> 14.07.2008 15:58:57 -- Servle
> t.service() for servlet default threw exception
> java.lang.NullPointerException
> at
> info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:97)
> at
> info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:199)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
> This seems to be the offending code:
> public void init() {
> if(autoTrueValue){
> if(!isInverse()){
> setTrueValue(pattern.length());
> }
> else{
> setTrueValue(-pattern.length());
> }
> }
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------
