[jira] [Reopened] (FEDIZ-96) Nullpointer exception if logout is called before login

Jan Bernhardt (JIRA) Thu, 12 Mar 2015 01:27:01 -0700

     [ 
https://issues.apache.org/jira/browse/FEDIZ-96?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jan Bernhardt reopened FEDIZ-96:
--------------------------------

Unfortunately this issue is not completely solved. If I refresh the logout page 
(by resending the submitted form) everything looks ok now. But if I just 
refresh the page by calling the signout URL again 
(https://localhost:9443/fediz-idp/federation?wa=wsignout1.0), I still get a 
Nullpointer Exception:

{code}
java.lang.NullPointerException
        
org.apache.jsp.WEB_002dINF.signoutconfirmationresponse_jsp._jspService(signoutconfirmationresponse_jsp.java:97)
        org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
        org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
        org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        
org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
        
org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:263)
        
org.springframework.webflow.mvc.servlet.ServletMvcView.doRender(ServletMvcView.java:55)
        
org.springframework.webflow.mvc.view.AbstractMvcView.render(AbstractMvcView.java:187)
        org.springframework.webflow.engine.ViewState.render(ViewState.java:296)
        org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:186)
        org.springframework.webflow.engine.State.enter(State.java:194)
        
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
        
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
        org.springframework.webflow.engine.State.enter(State.java:194)
        
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
        
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
        org.springframework.webflow.engine.State.enter(State.java:194)
        org.springframework.webflow.engine.Flow.start(Flow.java:535)
        
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:366)
        
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222)
        
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
        
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)
        
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
        
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
        
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)
        
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
        
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
        
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements.doFilter(GrantedAuthorityEntitlements.java:99)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter.java:70)
        
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
        
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
        
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
        
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
{code}

Just try to invoke the logout URL before any login. Then you will see the error.

> Nullpointer exception if logout is called before login
> ------------------------------------------------------
>
>                 Key: FEDIZ-96
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-96
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: IDP
>    Affects Versions: 1.1.2
>            Reporter: Jan Bernhardt
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 1.2.0
>
>
> If you invoke the logout URL twice or if your session has timed out, you will 
> get a NullPointerException instead of a logout page.
> According to the WS-Federation standard, a logout request should be 
> idempotent, thus it should be possible to invoke logout on a non existing 
> session without causing an exception.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Reopened] (FEDIZ-96) Nullpointer exception if logout is called before login

Reply via email to