[jira] [Commented] (KNOX-2070) SSOCookieFederationFilter NPE

Mon, 28 Oct 2019 10:55:54 -0700 


    [ 
https://issues.apache.org/jira/browse/KNOX-2070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16961296#comment-16961296
 ] 

Kevin Risden commented on KNOX-2070:
------------------------------------

We only hit this case when XHR is being used and the token is invalid. There 
were not tests for XHR so this is why it wasn't detected before.

> SSOCookieFederationFilter NPE
> -----------------------------
>
>                 Key: KNOX-2070
>                 URL: https://issues.apache.org/jira/browse/KNOX-2070
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: KnoxSSO
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>             Fix For: 1.4.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> SSOCookieFederationFilter has a NPE when the error message is null. This can 
> happen a few different ways if the token is invalid. It prevents the response 
> from being sent correctly.
> {code:java}
> ...
> Caused by: java.lang.NullPointerException
>       at 
> org.apache.knox.gateway.provider.federation.jwt.filter.SSOCookieFederationFilter.handleValidationError(SSOCookieFederationFilter.java:140)
>       at 
> org.apache.knox.gateway.provider.federation.jwt.filter.AbstractJWTFilter.validateToken(AbstractJWTFilter.java:299)
>       at 
> org.apache.knox.gateway.provider.federation.jwt.filter.SSOCookieFederationFilter.doFilter(SSOCookieFederationFilter.java:122)
>       at 
> org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:349)
>       at 
> org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:263)
>       at 
> com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
>       at 
> com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
>       at 
> org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:349)
>       at 
> org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:263)
>       at 
> org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50)
>       at 
> org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:58)
>       ... 52 more
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to