[jira] [Commented] (NIFI-2555) NullPointerException in user authentication causes Internal Server Error 500

Thu, 11 Aug 2016 11:47:43 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-2555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15417739#comment-15417739
 ] 

Andy LoPresto commented on NIFI-2555:
-------------------------------------

I don't have the full scenario, but a user sent me the stack trace. Basically, 
a web request with a Kerberos ticket (base 64 encoded and provided as the 
{{Authentication}} header) was generated but the user object did not get 
populated. This is against 1.0.0. 

> NullPointerException in user authentication causes Internal Server Error 500
> ----------------------------------------------------------------------------
>
>                 Key: NIFI-2555
>                 URL: https://issues.apache.org/jira/browse/NIFI-2555
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.0.0
>            Reporter: Andy LoPresto
>            Priority: Minor
>              Labels: authentication, beginner, kerberos, security
>
> In some cases, the {{NiFiUserUtils.getNiFiUser()}} call returns a {{null}} 
> user. In {{AccessDeniedExceptionMapper:46}}, this user object is operated on 
> to determine whether the status is {{UNAUTHORIZED}} or {{FORBIDDEN}} without 
> checking that the reference is null-safe. This throws a NullPointerException 
> which causes an HTTP 500 Internal Server Error response. 
> We should investigate why the user accessor is returning {{null}}, but 
> additionally, the reference should be checked for {{null}} before operating 
> on it and a better response can be displayed. 
> {code}
> 2016-08-11 18:15:02,083 ERROR [NiFi Web Server-208] 
> c.s.j.spi.container.ContainerResponse Mapped exception to response: 500 
> (Internal Server Error)
> java.lang.NullPointerException: null
>         at 
> org.apache.nifi.web.api.config.AccessDeniedExceptionMapper.toResponse(AccessDeniedExceptionMapper.java:46)
>  ~[classes/:na]
>         at 
> org.apache.nifi.web.api.config.AccessDeniedExceptionMapper.toResponse(AccessDeniedExceptionMapper.java:34)
>  ~[classes/:na]
>         at 
> com.sun.jersey.spi.container.ContainerResponse.mapException(ContainerResponse.java:480)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.spi.container.ContainerResponse.mapMappableContainerException(ContainerResponse.java:417)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1477)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
>  [jersey-servlet-1.19.jar:1.19]
>         at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558)
>  [jersey-servlet-1.19.jar:1.19]
>         at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733)
>  [jersey-servlet-1.19.jar:1.19]
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) 
> [javax.servlet-api-3.1.0.jar:3.1.0]
>         at 
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) 
> [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1689)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:51) 
> [jetty-servlets-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.apache.nifi.web.filter.RequestLogger.doFilter(RequestLogger.java:66) 
> [classes/:na]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:207)
>  [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
>         at 
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
>  [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
>         at 
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>  [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
>         at 
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
>  [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51) 
> [classes/:na]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581) 
> [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) 
> [jetty-security-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1174)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511) 
> [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1106)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.server.Server.handle(Server.java:524) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
>  [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) 
> [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:186) 
> [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
>  [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) 
> [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
>  [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to