Anyone know if there could be any conflict between getting URLConnection
opened to an secure URL (www.cisco.com/warp/customer) and the security
credentials used by a J2EE app server (Orion in this case)?
From an anonymous (non-authenticated) JSP or servlet, the code:
Authenticator.setDefault(new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("foo", "bar".toCharArray());
}
});
URLConnection conn = url.openConnection();
conn.connect();
System.out.println(conn.getHeaderField(0));
prints out "HTTP/1.1 200 OK" or something like that.
But when inside an EJB (Orion application server 1.5.2 is the app server),
the same code results a NullPointerException in the VM:
java.lang.NullPointerException
at
sun.net.www.protocol.http.AuthenticationInfo.getAuth(AuthenticationInfo.java:139)
at
sun.net.www.protocol.http.AuthenticationInfo.getServerAuth(AuthenticationInfo.java:112)
at
sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:221)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:509)
at
sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:828)
at
com.cisco.paws.document.ejb.PAWSDocumentManagerEJB.addFile(PAWSDocumentManagerEJB.java:291)
at
com.cisco.paws.document.ejb.PAWSDocumentManagerEJB.addFile(PAWSDocumentManagerEJB.java:262)
at
PAWSDocumentManager_StatelessSessionBeanWrapper112.addFile(PAWSDocumentManager_StatelessSessionBeanWrapper112.java:1216)
at com.cisco.paws.action.AddFile.execute(AddFile.java:120)
at webwork.servlets.Dispatcher.service(Dispatcher.java:477)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:336)
at com.evermind._eab.doFilter(Unknown Source)
at com.sitemesh.filter.PageFilter.parsePage(PageFilter.java:166)
at com.sitemesh.filter.PageFilter.doFilter(PageFilter.java:99)
at com.evermind._cxb._abe(Unknown Source)
at com.evermind._cxb._uec(Unknown Source)
at com.evermind._io._twc(Unknown Source)
at com.evermind._io._gc(Unknown Source)
at com.evermind._if.run(Unknown Source)
However, when I pick through the URLConnection variable in my debugger, I
do find that the response[] array, index 0, has the value "HTTP/1.1 401
Authentication" or something like that. Basically, from what I can gather,
authentication is failing (don't know why, the same code works in a JSP),
but I can't even tell that in the code since conn.getHeaderFields() throws
an internal exception. :(
I also made sure that the code in the EJB was setting the authenticator,
not the code in my test JSP (since the EJB doesn't have access to a default
authenticator created in a web module). I'm not very familiar with how the
java.net package authenticates, but my only guess is that because it only
fails in the EJB containers, that it there could be a conflict between the
EJB caller identity/security and the Authenticator.
Should I open a bug with the Orion folks (although it doesn't look like
their code is involved in the stack trace)?
Oh, and yeah, I know grabbing URLs is supposed to be a "no-no" in EJB
design, but sometimes you have to bend the rules. :)
-Pat
