Archiva

NPE with rss links

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.1.1
  • Fix Version/s: 1.1.2
  • Component/s: Users/Security, Web Interface
  • Labels:
    None
  • Number of attachments :
    0

Description

With LDAP, I get the following exception when I use the rss icon on the browse page:

java.lang.NullPointerException
	org.apache.maven.archiva.security.DefaultUserRepositories.getObservableRepositoryIds(DefaultUserRepositories.java:76)
	org.apache.maven.archiva.web.rss.RssFeedServlet.getObservableRepos(RssFeedServlet.java:305)
	org.apache.maven.archiva.web.rss.RssFeedServlet.isAllowed(RssFeedServlet.java:267)
	org.apache.maven.archiva.web.rss.RssFeedServlet.doGet(RssFeedServlet.java:124)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:189)
	com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
	com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
	com.opensymphony.webwork.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:88)

My guest user have the global repository observer role but the login isn't 'guest' so securitySystem.getUserManager().findUser( principal ) return null

Rss works fine if I use the repoId parameter on RssFessServlet instead of groupId/artifactId.

Issue Links

This issue is depended upon by:
MRM-926 NPE with search page Major Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Chris Anders added a comment -

i get a similar NPE after setting up AD (LDAP) authentication when a user who is yet to login clicks on browse or attempts a search.

Aug 26, 2008 2:21:02 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet default threw exception
java.lang.NullPointerException
at org.apache.maven.archiva.security.DefaultUserRepositories.getObservableRepositoryIds(DefaultUserRepositories.java:76)
at org.apache.maven.archiva.web.action.BrowseAction.getObservableRepos(BrowseAction.java:131)
at org.apache.maven.archiva.web.action.BrowseAction.browse(BrowseAction.java:65)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)

in security.properties i have defined
redback.default.guest=archiva

This user exists in our LDAP as i can click login and login with this archiva user credentials.

Show
Chris Anders added a comment - i get a similar NPE after setting up AD (LDAP) authentication when a user who is yet to login clicks on browse or attempts a search. Aug 26, 2008 2:21:02 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet default threw exception java.lang.NullPointerException at org.apache.maven.archiva.security.DefaultUserRepositories.getObservableRepositoryIds(DefaultUserRepositories.java:76) at org.apache.maven.archiva.web.action.BrowseAction.getObservableRepos(BrowseAction.java:131) at org.apache.maven.archiva.web.action.BrowseAction.browse(BrowseAction.java:65) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) in security.properties i have defined redback.default.guest=archiva This user exists in our LDAP as i can click login and login with this archiva user credentials.
Hide
Permalink
Maria Odea Ching added a comment -

I can't seem to replicate the NPE, but I'm getting a blank browse page even if I have assigned the 'guest' user the Global Repository Observer role. I get the same blank page in browse even if I'm logged in as admin. I can perform a search though except when I click on a search result, I get an 'Unable to find project model for [org.apache.maven.plugins:maven-clean-plugin:2.2]' error but not NPE.

I have the following configuration in my security.properties:

user.manager.impl=ldap
ldap.user.store.enabled=true
ldap.bind.authenticator.enabled=true
redback.default.admin=admin
redback.default.guest=guest

security.policy.password.expiration.enabled=false
ldap.config.hostname=localhost
ldap.config.port=10389
ldap.config.base.dn=dc=redback,dc=plexus,dc=codehaus,dc=org
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.config.bind.dn=uid=admin,ou=system
ldap.config.password=XXXXX

Do we have the same configuration? Btw, I'm using ApacheDS and running on Linux 7.04.

Show
Maria Odea Ching added a comment - I can't seem to replicate the NPE, but I'm getting a blank browse page even if I have assigned the 'guest' user the Global Repository Observer role. I get the same blank page in browse even if I'm logged in as admin. I can perform a search though except when I click on a search result, I get an 'Unable to find project model for [org.apache.maven.plugins:maven-clean-plugin:2.2]' error but not NPE. I have the following configuration in my security.properties: user.manager.impl=ldap ldap.user.store.enabled=true ldap.bind.authenticator.enabled=true redback.default.admin=admin redback.default.guest=guest security.policy.password.expiration.enabled=false ldap.config.hostname=localhost ldap.config.port=10389 ldap.config.base.dn=dc=redback,dc=plexus,dc=codehaus,dc=org ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory ldap.config.bind.dn=uid=admin,ou=system ldap.config.password=XXXXX Do we have the same configuration? Btw, I'm using ApacheDS and running on Linux 7.04.
Hide
Permalink
Chris Anders added a comment -

I only get this exception when i am not logged in and attempt to browse or run a search

Server - FreeBSD 6.3-STABLE
java version - diablo-1.5.0_07-b01, mixed mode
tomcat version - tomcat-5.5.26

running the archiva 1.1.1 war package on a default tomcat install with the dependency jars - mail.jar, activation.jar, derby.jar (as per the install docs)

security.properties file:
user.manager.impl=ldap
ldap.user.store.enabled=true
ldap.bind.authenticator.enabled=true
redback.default.admin=canders
redback.default.guest=tuser
security.policy.password.expiration.enabled=false

ldap.config.hostname=10.66.5.7
ldap.config.port=389
ldap.config.base.dn=OU=Users,OU=Velocity,DC=velsys,DC=local
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.config.bind.dn=cn=Predator,cn=Users,dc=velsys,dc=local
ldap.config.password=xxxxxxxxxxxxxxx
ldap.config.mapper.attribute.email=mail
ldap.config.mapper.attribute.fullname=name
ldap.config.mapper.attribute.user.id=mailNickname
ldap.config.mapper.attribute.user.object.class=user

Show
Chris Anders added a comment - I only get this exception when i am not logged in and attempt to browse or run a search Server - FreeBSD 6.3-STABLE java version - diablo-1.5.0_07-b01, mixed mode tomcat version - tomcat-5.5.26 running the archiva 1.1.1 war package on a default tomcat install with the dependency jars - mail.jar, activation.jar, derby.jar (as per the install docs) security.properties file: user.manager.impl=ldap ldap.user.store.enabled=true ldap.bind.authenticator.enabled=true redback.default.admin=canders redback.default.guest=tuser security.policy.password.expiration.enabled=false ldap.config.hostname=10.66.5.7 ldap.config.port=389 ldap.config.base.dn=OU=Users,OU=Velocity,DC=velsys,DC=local ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory ldap.config.bind.dn=cn=Predator,cn=Users,dc=velsys,dc=local ldap.config.password=xxxxxxxxxxxxxxx ldap.config.mapper.attribute.email=mail ldap.config.mapper.attribute.fullname=name ldap.config.mapper.attribute.user.id=mailNickname ldap.config.mapper.attribute.user.object.class=user
Hide
Permalink
Maria Odea Ching added a comment -

Hmm... I wasn't logged in too when I tried the to search & browse, but instead of the NPE I got the 'Unable to find project model...' error when I tried to access a search result and a blank browse page when I clicked on Browse. I was running the standalone though, I'll try deploying the war to tomcat and see if I'll get the NPEs.

Thanks for the quick reply Chris!

Show
Maria Odea Ching added a comment - Hmm... I wasn't logged in too when I tried the to search & browse, but instead of the NPE I got the 'Unable to find project model...' error when I tried to access a search result and a blank browse page when I clicked on Browse. I was running the standalone though, I'll try deploying the war to tomcat and see if I'll get the NPEs. Thanks for the quick reply Chris!
Hide
Permalink
Emmanuel Venisse added a comment -

I don't use ldap for user.manager.impl, but cached. I don't think the problem is there.

To reproduce this issue, I think you must not use 'guest' for redback.default.guest property

My security.properties:
user.manager.impl=cached
ldap.bind.authenticator.enabled=true
redback.default.admin=adminuser
redback.default.guest=guestuser
security.policy.password.expiration.enabled=false

ldap.config.hostname=ldap_host
ldap.config.port=389
ldap.config.base.dn=o=MyBaseDN
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory

ldap.config.mapper.attribute.email=mail
ldap.config.mapper.attribute.fullname=cn
#ldap.config.mapper.attribute.password=userPassword
ldap.config.mapper.attribute.user.id=uid
#ldap.config.mapper.attribute.user.base.dn=
ldap.config.mapper.attribute.user.object.class=inetOrgPerson
#ldap.config.mapper.attribute.user.filter=(attributeName=value)

Show
Emmanuel Venisse added a comment - I don't use ldap for user.manager.impl, but cached. I don't think the problem is there. To reproduce this issue, I think you must not use 'guest' for redback.default.guest property My security.properties: user.manager.impl=cached ldap.bind.authenticator.enabled=true redback.default.admin=adminuser redback.default.guest=guestuser security.policy.password.expiration.enabled=false ldap.config.hostname=ldap_host ldap.config.port=389 ldap.config.base.dn=o=MyBaseDN ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory ldap.config.mapper.attribute.email=mail ldap.config.mapper.attribute.fullname=cn #ldap.config.mapper.attribute.password=userPassword ldap.config.mapper.attribute.user.id=uid #ldap.config.mapper.attribute.user.base.dn= ldap.config.mapper.attribute.user.object.class=inetOrgPerson #ldap.config.mapper.attribute.user.filter=(attributeName=value)
Hide
Permalink
Maria Odea Ching added a comment -

Ahh.. ok, I'll try that. Thanks Emm!

Show
Maria Odea Ching added a comment - Ahh.. ok, I'll try that. Thanks Emm!
Hide
Permalink
Maria Odea Ching added a comment -

Hmm.. I still did not get the NPE after using a different default guest and admin users. Instead, I got a 'You have access to no repositories. Ask your system administrator for access.' message when I clicked Browse even though my default guest user 'anotherGuest' has Global Repository Observer role.

Anyway, I think the problem is in the ArchivaXworkUser which uses a constant "guest" for the default guest account. It doesn't get it from the security.properties file.

Show
Maria Odea Ching added a comment - Hmm.. I still did not get the NPE after using a different default guest and admin users. Instead, I got a 'You have access to no repositories. Ask your system administrator for access.' message when I clicked Browse even though my default guest user 'anotherGuest' has Global Repository Observer role. Anyway, I think the problem is in the ArchivaXworkUser which uses a constant "guest" for the default guest account. It doesn't get it from the security.properties file.
Hide
Permalink
Chris Anders added a comment -

I can confirm that when i set the redback.default.guest=guest and create a guest user in my OU defined in ldap.config.base.dn=OU=Users,OU=Velocity,DC=velsys,DC=local that I now get 'You have access to no repositories. Ask your system administrator for access.

So i then logged in gave the new guest user the Global Repository Observer role, logged out and now browse and running searchs works!!!

Looks like you are correct with the constant "guest" being set somewhere in the code

good stuff

Show
Chris Anders added a comment - I can confirm that when i set the redback.default.guest=guest and create a guest user in my OU defined in ldap.config.base.dn=OU=Users,OU=Velocity,DC=velsys,DC=local that I now get 'You have access to no repositories. Ask your system administrator for access. So i then logged in gave the new guest user the Global Repository Observer role, logged out and now browse and running searchs works!!! Looks like you are correct with the constant "guest" being set somewhere in the code good stuff
Hide
Permalink
Maria Odea Ching added a comment -

I made some fixes in trunk -r691581. Could you verify if the NPE problem was fixed too? I still wasn't able to replicate the NPE previously, just the 'You have access to no repositories...' message given the guest user has Global Observer role so I was only able to verify that as fixed.

Thanks!

Show
Maria Odea Ching added a comment - I made some fixes in trunk -r691581. Could you verify if the NPE problem was fixed too? I still wasn't able to replicate the NPE previously, just the 'You have access to no repositories...' message given the guest user has Global Observer role so I was only able to verify that as fixed. Thanks!

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.