[jira] Updated: (DERBY-3025) NPE when connecting to database with securityMechanism=8

Sat, 25 Aug 2007 09:34:03 -0700 

     [ 
https://issues.apache.org/jira/browse/DERBY-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Knut Anders Hatlen updated DERBY-3025:
--------------------------------------

    Attachment: d3025.stat
                d3025.diff

Attaching a patch which seems to fix the bug. I haven't run the regression 
tests yet.

When the client driver connects to the server with securityMechanism in the 
connection attributes, the attribute is stripped off by the client driver and 
the security mechanism is specified in a field defined by the DRDA protocol 
instead. On the server, information about the security mechanism is extracted 
and put back into the connection attributes and used when creating an embedded 
connection. The connection attributes used on the server include 
securityMechanism and possibly some internal attributes. The problem is caused 
by the server reusing the attribute name securityMechanism. The authentication 
code (within the embedded driver) should only care about the attribute if it 
was added by the server, but there is no way to figure out whether that was the 
case.

The patch fixes the problem by using an internal attribute name (drdaSecMec) 
instead of securityMechanism to communicate to the embedded driver that a 
security mechanism is used. Of course, this doesn't prevent a user from 
specifying drdaSecMec when connecting to the embedded driver, but it is less 
likely that a user by mistake types an internal attribute name than the name of 
a documented client driver attribute.

> NPE when connecting to database with securityMechanism=8
> --------------------------------------------------------
>
>                 Key: DERBY-3025
>                 URL: https://issues.apache.org/jira/browse/DERBY-3025
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.3.1.4
>         Environment: Solaris x86
>            Reporter: Alan Burlison
>            Assignee: Knut Anders Hatlen
>         Attachments: d3025-test.diff, d3025.diff, d3025.stat
>
>
> If derby.drda.securityMechanism has *not* been set to 
> STRONG_PASSWORD_SUBSTITUTE_SECURITY and the database is opened with the 
> securityMechanism=8 property set, a NPE is thrown:
> // Try opening the database.
> Properties props = new Properties();
> props.put("securityMechanism", "8");
> props.put("user", dbUser);
> props.put("password", dbPass);
> Connection db = null;
> try {
>     StringBuilder sb = new StringBuilder("jdbc:derby:");
>     sb.append(dbName);
>     db = DriverManager.getConnection(sb.toString(), props);
> }
>     // Handle exception
> } 
> java.lang.NullPointerException'. [XJ001]
> Caused by: java.sql.SQLException: Java exception: ': 
> java.lang.NullPointerException'.
>         at 
> org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.Util.javaException(Unknown Source)
>         at 
> org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(Unknown 
> Source)
>         at 
> org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection.handleException(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection40.<init>(Unknown Source)
>         at org.apache.derby.jdbc.Driver40.getNewEmbedConnection(Unknown 
> Source)
>         at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
>         at org.apache.derby.jdbc.AutoloadedDriver.connect(Unknown Source)
>         at java.sql.DriverManager.getConnection(DriverManager.java:582)
>         at java.sql.DriverManager.getConnection(DriverManager.java:154)
>         at org.opensolaris.auth.db.DBManager.openDatabase(DBManager.java:152)
>         ... 1 more
> Caused by: java.sql.SQLException: Java exception: ': 
> java.lang.NullPointerException'.
>         at 
> org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(Unknown Source)
>         at 
> org.apache.derby.impl.jdbc.SQLExceptionFactory40.wrapArgsForTransportAcrossDRDA(Unknown
>  Source)
>         ... 16 more
> Caused by: java.lang.NullPointerException
>         at 
> org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase.substitutePassword(Unknown
>  Source)
>         at 
> org.apache.derby.impl.jdbc.authentication.BasicAuthenticationServiceImpl.authenticateUser(Unknown
>  Source)
>         at 
> org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase.authenticate(Unknown
>  Source)
>         at 
> org.apache.derby.impl.jdbc.EmbedConnection.checkUserCredentials(Unknown 
> Source)
>         ... 10 more 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to