Jetty
  1. Jetty
  2. JETTY-201

ServletInitialization fails with NullPointerException in JBossUserRealm

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 6.1.0
    • Fix Version/s: 6.1.0rc2
    • Component/s: JBoss
    • Labels:
      None
    • Environment:
      FC5 Sun's java 1.5.0_09 jboss-4.0.5.GA jetty-6.1-jboss-SNAPSHOT
    • Number of attachments :
      0

      Description

      ERROR [org.mortbay.log] failed InitializationServlet
      java.lang.NullPointerException
      at org.jboss.jetty.security.JBossUserRealm.pushRole(JBossUserRealm.java:430)
      at org.mortbay.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:419)

      Small investigation gives:

      ServerHolder.initServlet
      Principal user=null;
      try {
      // Handle run as
      if (_runAs!=null && _realm!=null)
      419: user=_realm.pushRole(null,_runAs);
      ^^^^-------- So at some point it invokes pushRole with NULL
      and JBossUserRealm.pushRole
      public Principal pushRole(Principal user, String role)

      { ((JBossUserPrincipal)user).push(role); <--- and here of course it throws NullPointerException return user; }

      Same situation in org.mortbay.jetty.security.HashUserRealm.class haled in a following way:
      public Principal pushRole(Principal user, String role)

      { if (user==null) <----------- it checks for NULL user=new User(); return new WrappedUser(user,role); }

      So I am wondering if we are missing something in JBossUserRealm.

      I was trying to move working webapp from jboss4.0.2 with jetty5.1.11 to jboss4.0.5 with jetty-6.1-SNAPSHOT

        Activity

        Hide
        Jan Bartel added a comment -

        Fixed null pointer by ensuring there is always a user - created a JBossNobodyUserPrincipal which is always present and has the run-as role pushed onto it.

        Also added code to set up the SecurityAssocation with the pushed role so that the role is propagated during ejb calls in jboss.

        I haven't been able to test that ejb calls will use the run-as role correctly, so if someone could verify that, and update this issue with the results I'd be grateful.

        The fix is in svn trunk at rev 1436, and will shortly be released as 6.1.0rc2.

        Show
        Jan Bartel added a comment - Fixed null pointer by ensuring there is always a user - created a JBossNobodyUserPrincipal which is always present and has the run-as role pushed onto it. Also added code to set up the SecurityAssocation with the pushed role so that the role is propagated during ejb calls in jboss. I haven't been able to test that ejb calls will use the run-as role correctly, so if someone could verify that, and update this issue with the results I'd be grateful. The fix is in svn trunk at rev 1436, and will shortly be released as 6.1.0rc2.
        Hide
        Alexander Maslov added a comment -

        I did some small testing assigning different roles to servlet.
        Seems like it works like it should :
        throws SecurityException if role does not the same as in needed to be able access to EJB and goes through in case correct role specified.
        Thx

        Show
        Alexander Maslov added a comment - I did some small testing assigning different roles to servlet. Seems like it works like it should : throws SecurityException if role does not the same as in needed to be able access to EJB and goes through in case correct role specified. Thx
        Hide
        Jan Bartel added a comment -

        Alexander,

        thanks for testing that so promptly!

        I'll close the issue now.

        regards
        Jan

        Show
        Jan Bartel added a comment - Alexander, thanks for testing that so promptly! I'll close the issue now. regards Jan

          People

          • Assignee:
            Jan Bartel
            Reporter:
            Alexander Maslov
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: