I've encountered an odd Null Pointer exception in the webdav LogFilter class working to incorporate a separate authentication mechanism into Slide. Although I can determine what is causing the exception, looking at the source code I am baffled as to why it is happening. I am using the Slide Server 2.0 source.
I disabled both default authentication and authorization following the steps listed at http://jakarta.apache.org/slide/howto-acl.html <http://jakarta.apache.org/slide/howto-acl.html> 1. Commented out <security-constraint> and <login-config> elements in web.xml 2. Set org.apache.slide.security property to false in slide.properties file. When I deploy the rebuilt slide.war to my own tomcat distribution (not the slide-tomcat bundle) I can see that the changes I made to web.xml and slide.properties (located in jar /WEB-INF/lib/slide-kernel-2.0.jar) have been affected. So I expect no basic auth step and no access controls to be in place. However, when I use any WebDAV client to go to my slide app (DAVExplorer or WinXP Network Place), I get a null pointer expection starting in the webdav LogFilter class as it attempts to log activity. Here's the exception 2004-06-22 16:19:53 StandardWrapperValve[webdav]: Servlet.service() for servlet webdav threw exception java.lang.NullPointerException at java.lang.StringBuffer.replace(StringBuffer.java:717) at org.apache.slide.webdav.filter.LogFilter.logLine(LogFilter.java:178) at org.apache.slide.webdav.filter.LogFilter.doFilter(LogFilter.java:150) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:213) ......... Looking at the source for LogFilter its easy to see where the exception is occuring. The doFilter method calls getUserPrinciple() method on the Servlet Request Principal p = req.getUserPrinciple() Then, it checks for a null object, and sets the principle string appropriatly String principal = (p != null ? p.getName() : ""); The principal string is passed to the LogLine method along with numerous other log information, and the principal string is parsed into the StringBuffer if(i >=0 ) b.replace( i, i+2, principal); The StringBuffer.replace() method is throwing the null pointer exception because the principle String that is passed to LogLine is null! With the changes I have made to disable authentication and authorization I expect the principal string in LogFilter.doFilter() to be set to the empty string "". However, the Principal object p that is returned from getUserPrinciple() is passing the p!=null test (meaing that its not null). But of course, the p.getName() method which is then called, will return null. Thus the String principal is set to null and passed to LogLine() where the expection eventually occurs. In trying to test this issue, I added a line System.out.println(p.toString()) after the getUserPrinciple method in an attempt to better understand the composition of the principle object. The result in the log is simply "null". But if that's the case, why does the p != null check in the doFilter() method pass? The J2SE javadoc for 1.4.2 says this about the getUserPrinciple() method Returns a java.security.Principal object containing the name of the current authenticated user. If the user has not been authenticated, the method returns null. Anyone have any ideas why this seems to not be working? Jonathan
