Jetty

ServletInitialization fails with NullPointerException in JBossUserRealm

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Blocker Blocker
  • Resolution: Fixed
  • Affects Version/s: 6.1.0
  • Fix Version/s: 6.1.0rc2
  • Component/s: JBoss
  • Labels:
    None
  • Environment:
    FC5 Sun's java 1.5.0_09 jboss-4.0.5.GA jetty-6.1-jboss-SNAPSHOT
  • Number of attachments :
    0

Description

ERROR [org.mortbay.log] failed InitializationServlet
java.lang.NullPointerException
at org.jboss.jetty.security.JBossUserRealm.pushRole(JBossUserRealm.java:430)
at org.mortbay.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:419)

Small investigation gives:

ServerHolder.initServlet
Principal user=null;
try {
// Handle run as
if (_runAs!=null && _realm!=null)
419: user=_realm.pushRole(null,_runAs);
^^^^-------- So at some point it invokes pushRole with NULL
and JBossUserRealm.pushRole
public Principal pushRole(Principal user, String role)

{ ((JBossUserPrincipal)user).push(role); <--- and here of course it throws NullPointerException return user; }

Same situation in org.mortbay.jetty.security.HashUserRealm.class haled in a following way:
public Principal pushRole(Principal user, String role)

{ if (user==null) <----------- it checks for NULL user=new User(); return new WrappedUser(user,role); }

So I am wondering if we are missing something in JBossUserRealm.

I was trying to move working webapp from jboss4.0.2 with jetty5.1.11 to jboss4.0.5 with jetty-6.1-SNAPSHOT

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Jan Bartel added a comment -

Fixed null pointer by ensuring there is always a user - created a JBossNobodyUserPrincipal which is always present and has the run-as role pushed onto it.

Also added code to set up the SecurityAssocation with the pushed role so that the role is propagated during ejb calls in jboss.

I haven't been able to test that ejb calls will use the run-as role correctly, so if someone could verify that, and update this issue with the results I'd be grateful.

The fix is in svn trunk at rev 1436, and will shortly be released as 6.1.0rc2.

Show
Jan Bartel added a comment - Fixed null pointer by ensuring there is always a user - created a JBossNobodyUserPrincipal which is always present and has the run-as role pushed onto it. Also added code to set up the SecurityAssocation with the pushed role so that the role is propagated during ejb calls in jboss. I haven't been able to test that ejb calls will use the run-as role correctly, so if someone could verify that, and update this issue with the results I'd be grateful. The fix is in svn trunk at rev 1436, and will shortly be released as 6.1.0rc2.
Hide
Permalink
Alexander Maslov added a comment -

I did some small testing assigning different roles to servlet.
Seems like it works like it should :
throws SecurityException if role does not the same as in needed to be able access to EJB and goes through in case correct role specified.
Thx

Show
Alexander Maslov added a comment - I did some small testing assigning different roles to servlet. Seems like it works like it should : throws SecurityException if role does not the same as in needed to be able access to EJB and goes through in case correct role specified. Thx
Hide
Permalink
Jan Bartel added a comment -

Alexander,

thanks for testing that so promptly!

I'll close the issue now.

regards
Jan

Show
Jan Bartel added a comment - Alexander, thanks for testing that so promptly! I'll close the issue now. regards Jan

People

  • Assignee:
    Jan Bartel
    Reporter:
    Alexander Maslov
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: