[jboss-jira] [JBoss JIRA] Reopened: (JBAS-7179) NullPointerException because SecurityAssociationValve not invoked for forwarded StandardHostValve.status()

Brian Stansberry (JIRA) jira-events at lists.jboss.org
Tue Feb 9 21:56:11 EST 2010 

     [ https://jira.jboss.org/jira/browse/JBAS-7179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Stansberry reopened JBAS-7179:
------------------------------------



> NullPointerException because SecurityAssociationValve not invoked for forwarded StandardHostValve.status()
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: JBAS-7179
>                 URL: https://jira.jboss.org/jira/browse/JBAS-7179
>             Project: JBoss Application Server
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Web (Tomcat) service
>    Affects Versions: JBossAS-5.1.0.GA
>         Environment: 12:33:11,431 INFO  [ServerInfo] Java version: 1.6.0_14,Sun Microsystems Inc.
> 12:33:11,431 INFO  [ServerInfo] Java Runtime: Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
> 12:33:11,431 INFO  [ServerInfo] Java VM: Java HotSpot(TM) 64-Bit Server VM 14.0-b16,Sun Microsystems Inc.
> 12:33:11,431 INFO  [ServerInfo] OS-System: Linux 2.6.9-22.0.1.ELsmp,amd64
>            Reporter: Juergen
>            Assignee: Anil Saldhana
>             Fix For: JBossAS-6.0.0.M1
>
>         Attachments: jboss-web-service.jar, SecurityAssociationValve.java
>
>
> situation, web request:
> - guest tries to access secured resource
> - guest is challenged by container managed security
> - guest logs in, but does not have permissions to access the requested resource
> - logged in user is forwarded to <error-page> 403 /not-authorized
> - java.lang.NullPointerException in custom Filter:
> -- filter is registered with <dispatcher>REQUEST</dispatcher>,<dispatcher>FORWARD</dispatcher>, <dispatcher>ERROR</dispatcher>
> -- javax.servlet.http.HttpServletRequest.isUserInRole(String) is called, yields NullPointerException because SecurityAssociationValve ThreadLocals not available due to SecurityAssociationValve not invoked in this forwarding/error chain
> 2009-08-17 12:27:25,879:4249013  [ http-0.0.0.0-8680-4]     web].[localhost] ERROR Exception Processing ErrorPage[errorCode=403, location=/not-authorized] @org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]
> java.lang.NullPointerException
>         at org.jboss.web.tomcat.security.JBossWebRealm.hasRole(JBossWebRealm.java:537)
>         at org.apache.catalina.connector.Request.isUserInRole(Request.java:2198)
>         at org.apache.catalina.connector.RequestFacade.isUserInRole(RequestFacade.java:763)
>         at javax.servlet.http.HttpServletRequestWrapper.isUserInRole(HttpServletRequestWrapper.java:164)
>         at UserContextFilter.doFilter(UserContextFilter.java:108)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at TokenGenerationFilter.doFilter(TokenGenerationFilter.java:42)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at SystemStateFilter.doFilter(SystemStateFilter.java:120)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:638)
>         at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:446)
>         at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:382)
>         at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:310)
>         at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:416)
>         at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:342)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
>         at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:905)
>         at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:592)
>         at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2036)
>         at java.lang.Thread.run(Thread.java:619)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list