[jira] Created: (GERONIMO-852) NullPointerException in during deploy

Thu, 04 Aug 2005 10:16:25 -0700 

NullPointerException in during deploy
-------------------------------------

         Key: GERONIMO-852
         URL: http://issues.apache.org/jira/browse/GERONIMO-852
     Project: Geronimo
        Type: Bug
  Components: security  
    Versions: 1.0-M5    
    Reporter: Kevan Miller
    Priority: Minor
 Attachments: passwordNPE.patch

While playing around with uri syntax for deploy commands, I ran across a NPE 
during login processing:

java.lang.NullPointerException
        at java.lang.String.<init>(String.java:166)
        at 
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule.login(PropertiesFileLoginModule.java:142)
        at 
org.apache.geronimo.security.jaas.JaasLoginService.performServerLogin(JaasLoginService.java:240)
        at 
org.apache.geronimo.security.jaas.JaasLoginService$$FastClassByCGLIB$$1b5fde8c.invoke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at 
org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at 
org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at 
org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:731)
        at 
org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at 
org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at 
org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:94)
        at 
org.apache.geronimo.security.jaas.JaasLoginServiceMBean$$EnhancerByCGLIB$$5302521b.performServerLogin(<generated>)
        at 
org.apache.geronimo.security.jaas.JaasLoginCoordinator$ServerLoginModule.login(JaasLoginCoordinator.java:230)
        at 
org.apache.geronimo.security.jaas.LoginUtils.computeLogin(LoginUtils.java:34)
        at 
org.apache.geronimo.security.jaas.JaasLoginCoordinator.login(JaasLoginCoordinator.java:101)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
        at 
javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
        at 
org.apache.geronimo.jmxremoting.Authenticator.authenticate(Authenticator.java:57)
        at 
javax.management.remote.rmi.RMIServerImpl$1.run(RMIServerImpl.java:141)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
javax.management.remote.rmi.RMIServerImpl.authenticate(RMIServerImpl.java:137)
        at 
javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:91)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
        at sun.rmi.transport.Transport$1.run(Transport.java:148)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
        at 
sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
        at 
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
        at java.lang.Thread.run(Thread.java:534)

To reproduce, I started an out-of-the-box Geronimo server and attempted a 
deploy using the following:
         java -jar deployer.jar deploy <your-archive-of-choice>
When prompted for a userName, enter some name. When prompted for a password, 
ctrl-c the deployment. You should see the NPE at the Server.

Problem is that  PasswordCallback.getPassword() can return null. In that case, 
something like "new String(callback.getPassword())" will cause an NPE to be 
thrown from within the String constructor. The fix is to guard against that 
case... Same thing could happen in SQLoginModule. I'll post a patch for both, 
shortly...

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to