[jira] Resolved: (GERONIMO-852) NullPointerException in during deploy

Thu, 04 Aug 2005 10:48:59 -0700 

     [ http://issues.apache.org/jira/browse/GERONIMO-852?page=all ]
     
Aaron Mulder resolved GERONIMO-852:
-----------------------------------

    Fix Version: 1.0-M5
     Resolution: Fixed

Thanks!

I wasn't able to replicate the stack trace (Linux SuSE 9.3), but it still seems 
wise to guard against it.  Added a slightly more extensive patch that 
potentially allows a legitimately null password, and includes tests.

> NullPointerException in during deploy
> -------------------------------------
>
>          Key: GERONIMO-852
>          URL: http://issues.apache.org/jira/browse/GERONIMO-852
>      Project: Geronimo
>         Type: Bug
>   Components: security
>     Versions: 1.0-M5
>     Reporter: Kevan Miller
>     Assignee: Aaron Mulder
>     Priority: Minor
>      Fix For: 1.0-M5
>  Attachments: passwordNPE.patch
>
> While playing around with uri syntax for deploy commands, I ran across a NPE 
> during login processing:
> java.lang.NullPointerException
>       at java.lang.String.<init>(String.java:166)
>       at 
> org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule.login(PropertiesFileLoginModule.java:142)
>       at 
> org.apache.geronimo.security.jaas.JaasLoginService.performServerLogin(JaasLoginService.java:240)
>       at 
> org.apache.geronimo.security.jaas.JaasLoginService$$FastClassByCGLIB$$1b5fde8c.invoke(<generated>)
>       at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>       at 
> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
>       at 
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
>       at 
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:731)
>       at 
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>       at 
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
>       at 
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:94)
>       at 
> org.apache.geronimo.security.jaas.JaasLoginServiceMBean$$EnhancerByCGLIB$$5302521b.performServerLogin(<generated>)
>       at 
> org.apache.geronimo.security.jaas.JaasLoginCoordinator$ServerLoginModule.login(JaasLoginCoordinator.java:230)
>       at 
> org.apache.geronimo.security.jaas.LoginUtils.computeLogin(LoginUtils.java:34)
>       at 
> org.apache.geronimo.security.jaas.JaasLoginCoordinator.login(JaasLoginCoordinator.java:101)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>       at java.lang.reflect.Method.invoke(Method.java:324)
>       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
>       at 
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
>       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
>       at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
>       at 
> org.apache.geronimo.jmxremoting.Authenticator.authenticate(Authenticator.java:57)
>       at 
> javax.management.remote.rmi.RMIServerImpl$1.run(RMIServerImpl.java:141)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> javax.management.remote.rmi.RMIServerImpl.authenticate(RMIServerImpl.java:137)
>       at 
> javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:91)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>       at java.lang.reflect.Method.invoke(Method.java:324)
>       at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
>       at sun.rmi.transport.Transport$1.run(Transport.java:148)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
>       at 
> sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
>       at 
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
>       at java.lang.Thread.run(Thread.java:534)
> To reproduce, I started an out-of-the-box Geronimo server and attempted a 
> deploy using the following:
>          java -jar deployer.jar deploy <your-archive-of-choice>
> When prompted for a userName, enter some name. When prompted for a password, 
> ctrl-c the deployment. You should see the NPE at the Server.
> Problem is that  PasswordCallback.getPassword() can return null. In that 
> case, something like "new String(callback.getPassword())" will cause an NPE 
> to be thrown from within the String constructor. The fix is to guard against 
> that case... Same thing could happen in SQLoginModule. I'll post a patch for 
> both, shortly...

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to