[jira] [Commented] (NIFI-2555) NullPointerException in user authentication causes Internal Server Error 500

Matt Gilman (JIRA) Thu, 11 Aug 2016 13:53:34 -0700

    [ 
https://issues.apache.org/jira/browse/NIFI-2555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15417913#comment-15417913
 ]


Matt Gilman commented on NIFI-2555:
-----------------------------------

Thanks [~alopresto]. I see the issue. Since that specific endpoint performs 
authentication the user is indeed null. Because of the extra logic in the 
AccessDeniedExceptionMapper it may make sense to generate the response the 
response manually than relying on the mapper.

> NullPointerException in user authentication causes Internal Server Error 500
> ----------------------------------------------------------------------------
>
>                 Key: NIFI-2555
>                 URL: https://issues.apache.org/jira/browse/NIFI-2555
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.0.0
>            Reporter: Andy LoPresto
>            Priority: Minor
>              Labels: authentication, beginner, kerberos, security
>
> In some cases, the {{NiFiUserUtils.getNiFiUser()}} call returns a {{null}} 
> user. In {{AccessDeniedExceptionMapper:46}}, this user object is operated on 
> to determine whether the status is {{UNAUTHORIZED}} or {{FORBIDDEN}} without 
> checking that the reference is null-safe. This throws a NullPointerException 
> which causes an HTTP 500 Internal Server Error response. 
> We should investigate why the user accessor is returning {{null}}, but 
> additionally, the reference should be checked for {{null}} before operating 
> on it and a better response can be displayed. 
> {code}
> 2016-08-11 18:15:02,083 ERROR [NiFi Web Server-208] 
> c.s.j.spi.container.ContainerResponse Mapped exception to response: 500 
> (Internal Server Error)
> java.lang.NullPointerException: null
>         at 
> org.apache.nifi.web.api.config.AccessDeniedExceptionMapper.toResponse(AccessDeniedExceptionMapper.java:46)
>  ~[classes/:na]
>         at 
> org.apache.nifi.web.api.config.AccessDeniedExceptionMapper.toResponse(AccessDeniedExceptionMapper.java:34)
>  ~[classes/:na]
>         at 
> com.sun.jersey.spi.container.ContainerResponse.mapException(ContainerResponse.java:480)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.spi.container.ContainerResponse.mapMappableContainerException(ContainerResponse.java:417)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1477)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
>  [jersey-server-1.19.jar:1.19]
>         at 
> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
>  [jersey-servlet-1.19.jar:1.19]
>         at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558)
>  [jersey-servlet-1.19.jar:1.19]
>         at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733)
>  [jersey-servlet-1.19.jar:1.19]
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) 
> [javax.servlet-api-3.1.0.jar:3.1.0]
>         at 
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) 
> [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1689)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:51) 
> [jetty-servlets-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.apache.nifi.web.filter.RequestLogger.doFilter(RequestLogger.java:66) 
> [classes/:na]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:207)
>  [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
>         at 
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
>  [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
>         at 
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>  [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
>         at 
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
>  [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51) 
> [classes/:na]
>         at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
>  [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581) 
> [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) 
> [jetty-security-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1174)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511) 
> [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1106)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
>  [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.server.Server.handle(Server.java:524) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253) 
> [jetty-server-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
>  [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) 
> [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:186) 
> [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
>  [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) 
> [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
>  [jetty-io-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
>  [jetty-util-9.3.9.v20160517.jar:9.3.9.v20160517]
>         at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2555) NullPointerException in user authentication causes Internal Server Error 500

Reply via email to