5:19 p.m.
Simple example produces NullPointerException in server logs when entering wrong
user/password
---------------------------------------------------------------------------------------------
Key: SEAMSECURITY-39
URL: https://issues.jboss.org/browse/SEAMSECURITY-39
Project: Seam Security
Issue Type: Bug
Affects Versions: 3.0.0.Beta2
Environment: JBoss AS 6
Reporter: Marek Schmidt
Priority: Minor
The "simple" example in examples/simple will produce NPE, because the
SimpleAuthenticator does not call setStatus(AuthenticationStatus.FAILURE) when incorrect
credentials are provided by the user. Since the example is also used in the documentation,
it probably teaches a bad practice of writing custom authenticators.
The example and the docs should probably be updated to contain a call to
setStatus(AuthenticationStatus.FAILURE)
The exception from server logs:
16:52:26,901 ERROR [org.jboss.seam.security.IdentityImpl] Login failed:
java.lang.RuntimeException: java.lang.NullPointerException
at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:328)
[:3.0.0-SNAPSHOT]
at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:229) [:3.0.0-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_18]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[:1.6.0_18]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[:1.6.0_18]
at java.lang.reflect.Method.invoke(Method.java:616) [:1.6.0_18]
at org.apache.el.parser.AstValue.invoke(AstValue.java:196) [:6.0.0.Final]
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
[:6.0.0.Final]
at
org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
[:6.0.0.Final]
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
[:6.0.0.Final]
at
org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
[:6.0.0.Final]
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
[:6.0.0.Final]
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:102)
[:2.0.3-]
at
javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:84)
[:2.0.3-]
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:98)
[:2.0.3-]
at javax.faces.component.UICommand.broadcast(UICommand.java:311) [:2.0.3-]
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:781) [:2.0.3-]
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1246) [:2.0.3-]
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77)
[:2.0.3-]
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97) [:2.0.3-]
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114) [:2.0.3-]
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308) [:2.0.3-]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324)
[:6.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
[:6.0.0.Final]
at
org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67)
[:6.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274)
[:6.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
[:6.0.0.Final]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
[:6.0.0.Final]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[:6.0.0.Final]
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181)
[:6.0.0.Final]
at
org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285)
[:1.1.0.Final]
at
org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261)
[:1.1.0.Final]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88)
[:6.0.0.Final]
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100)
[:6.0.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
[:6.0.0.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[:6.0.0.Final]
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
[:6.0.0.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[:6.0.0.Final]
at
org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53)
[:6.0.0.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362)
[:6.0.0.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
[:6.0.0.Final]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654)
[:6.0.0.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951)
[:6.0.0.Final]
at java.lang.Thread.run(Thread.java:636) [:1.6.0_18]
Caused by: java.lang.NullPointerException
at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:311)
[:3.0.0-SNAPSHOT]
... 43 more
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira