[jboss-user] [Security & JAAS/JBoss] - Re: NPE in ExtendedFormAuthenticator
We typically drop a jar containing the authenticator in the default/lib directory so that all application deployed on the server have access to it but are not forced to use it by default. Each application that wants to use the authenticator will include it as defined in the "Configuring the ExtendedFormAuthenticator for an Application" section of http://wiki.jboss.org/wiki/ExtendedFormAuthenticator. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163718#4163718 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4163718 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: NPE in ExtendedFormAuthenticator
That's great leegreiner, thanks. Another question, how do I install the new authenticator? Do I have to follow these (http://wiki.jboss.org/wiki/ExternalizeTomcatAuthenticators) instructions? Currently I'm using the JBoss ExtendedFormAuthenticator via WEB-INF/context.xml descriptor with a Valve element. (http://wiki.jboss.org/wiki/ExtendedFormAuthenticator) Regards, Rafael. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163674#4163674 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4163674 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: NPE in ExtendedFormAuthenticator
This was our solution: | package edu.duke.dcri.web.tomcat.security; | | import java.io.IOException; | import org.apache.catalina.connector.Request; | import org.apache.catalina.connector.Response; | import org.apache.catalina.deploy.LoginConfig; | | public class ExtendedFormAuthenticator extends org.jboss.web.tomcat.security.ExtendedFormAuthenticator | { | | public ExtendedFormAuthenticator() | { | } | | public boolean authenticate(Request request, Response response, LoginConfig config) | throws IOException | { | boolean alreadyAuthenticated = false; | try | { | alreadyAuthenticated = super.authenticate(request, response, config); | } | catch(NullPointerException npe) { } | return alreadyAuthenticated; | } | } | When the NullPointerException is raised there is no session and the authenticator returns false, the desired effect. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163364#4163364 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4163364 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: NPE in ExtendedFormAuthenticator
"leegreiner" wrote : I ended up writing my own authenticator, one that guarded against the NPE. Could you share your version of the ExtendedFormAuthenticator? Thanks, Rafael View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163342#4163342 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4163342 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: NPE in ExtendedFormAuthenticator
http://jira.jboss.com/jira/browse/JBAS-4592 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4070756#4070756 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4070756 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: NPE in ExtendedFormAuthenticator
I ended up writing my own authenticator, one that guarded against the NPE. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069852#4069852 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4069852 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: NPE in ExtendedFormAuthenticator
Has there been any plans for this to be fixed? We too are experiencing the same exact issue (if a user sits at the login page for a period of time the NPE exception is thrown by the ExtendedFormAuthenticator). I searched the jboss bugs for this issue and I don't see a closed nor open bug for it. :-( Is there a workaround? Right now the user is forced to basically log-in twice (first time throws the NPE and the second time it works). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069791#4069791 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4069791 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: NPE in ExtendedFormAuthenticator
Hi, The same thing just happened to me as well. I think the code is buggy. Since the earlier reference had checked session to be not null, I believe at line 104, the same check should be applied too. I will add the check to the code, and jar uf it. Gokhan. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4068063#4068063 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4068063 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user