[jboss-jira] [JBoss JIRA] Updated: (JBAS-5026) NPE in JvmRouteValve.handleJvmRoute
Brian Stansberry (JIRA)
jira-events at lists.jboss.org
Wed Apr 9 15:41:54 EDT 2008
[ http://jira.jboss.com/jira/browse/JBAS-5026?page=all ]
Brian Stansberry updated JBAS-5026:
-----------------------------------
Summary: NPE in JvmRouteValve.handleJvmRoute (was: NPE in JvmRouteVale.handleJvmRoute)
> NPE in JvmRouteValve.handleJvmRoute
> -----------------------------------
>
> Key: JBAS-5026
> URL: http://jira.jboss.com/jira/browse/JBAS-5026
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Tomcat) service
> Affects Versions: JBossAS-4.2.1.GA
> Environment: https + apache 2.0.52 + mod_jk + jboss + ClusteredSSO
> Reporter: Philippe Sevestre
> Assigned To: Brian Stansberry
> Fix For: JBossAS-5.0.0.CR1, JBossAS-4.2.3.GA
>
>
> Client is a rich app (swing) that does soap calls to an app. Some of those WebServices are secured by a "BASIC" security constraint.
> When client calls the first password protected service, JBoss tries to set SSO and Session cookies. Then client make some more non-restricted calls that work just fine. After that, the first secured call fails with a NPE at JvmRouteValve, detailed bellow:
> 2007-11-30 18:16:36,144 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing
> java.lang.NullPointerException
> at org.jboss.web.tomcat.service.session.JvmRouteValve.handleJvmRoute(JvmRouteValve.java:125)
> at org.jboss.web.tomcat.service.session.JvmRouteValve.checkJvmRoute(JvmRouteValve.java:112)
> at org.jboss.web.tomcat.service.session.JvmRouteValve.invoke(JvmRouteValve.java:81)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
> at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
> at org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn.invoke(ClusteredSingleSignOn.java:637)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
> at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:437)
> at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:381)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:595)
> Checking the code, the only way I see that this could happen is when checkJvmRoute passes a null to handleJvmRoute on its first parameter (oldsessionId). In turn, this implies that getRequestedSessionId() returned null AND getSession(false) didn't.
> What I can see from packet dumps in the APJ connection is that the client is *not* passing a JSESSIONID header along the call, but, somehow (SSL session or some side-effect from SSO?), ithe session manager still "remembers" that it has a session. Therefore, in this scenario, oldessionId == null (since the client didn't send any session cookie) and session !=null, causing this NPE.
> A simple fix would be test oldsessionId for null at line 91, returning if it is.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list