[
http://issues.apache.org/jira/browse/COCOON-1772?page=comments#action_12375608
]
Antonio Fiol commented on COCOON-1772:
--------------------------------------
Our usage pattern is always the same:
We need authentication and authorization. We use Cocoon authentication
framework for the former, and a custom flowscript function for the latter. Our
sitemap goes more or less like this (I don't have the code right now, but I am
pretty sure of the concept):
- Authentication handler is configured with a name, a redirect URI and an
authentication URI, but with NO APPLICATION.
- Matchers for resources that should trigger A&A are URI wildcard matchers, and
they all contain
- An auth-protect action, which contains
- A call function="authorization"
- There are corresponding matchers for the same URIs with a "protected/"
prefix, in an internal-only="true" pipeline
- Function authorization:
- Gets the authentication context
- Checks if it is not null (null context would mean not logged in, so in
this case we redirect to a "Not authorized" page, although this should never
happen, and never happens, because all calls to the function are wrapped in
auth-protect action)
- Obtains the XML from it (here we got the NPE)
- Does custom authorization procedure depending on the resource being
accessed. This procedure does NOT involve any sendPageAndWait, sendForm or any
other interaction with the user. It simply checks the resource being accessed
({0}) against the data in the obtained XML (which is never empty if the user is
logged in).
- Redirects to either a "Not authorized" page or to the "protected/{0}"
resource depending on the authorization procedure result.
With the attached patch, everything works as expected for us. Otherwise we
simply cannot get the XML because of the NPE.
Maybe the reason of the NPE is not in that code fragment, and so the original
code is correct, but there is incorrect code somewhere else, where the "state"
is (not) set.
Does this make sense?
> [PATCH] AuthenticationContext: NullPointerException
> ---------------------------------------------------
>
> Key: COCOON-1772
> URL: http://issues.apache.org/jira/browse/COCOON-1772
> Project: Cocoon
> Type: Bug
> Components: Blocks: Authentication Framework
> Versions: 2.1.8
> Reporter: Antonio Fiol
> Assignee: Carsten Ziegeler
> Attachments: AuthenticationContext.java.patch,
> AuthenticationContext.java.patch
>
> We got a NullPointerException on AuthenticationContext.
> Apparently, this.getState() is returning null.
> We did not investigate it any further, and supposed that a null RequestState
> means a null applicationName, which is reasonable as we have no "application"
> configured.
> Patched, and it works perfectly here.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
