Bugs item #638994, was opened at 2002-11-15 11:43
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=638994&group_id=22866
Category: JBossSOAP
Group: v3.0 Rabbit Hole
Status: Open
>Resolution: Remind
Priority: 5
Submitted By: James Ogura (jogura)
Assigned to: Dr. Christoph Georg Jung (cgjung)
Summary: jboss.net does not handle null passwords
Initial Comment:
Operating System: Windows 2K
JDK Version: 1.4.0_01
JBoss version: 3.0.4
In the case where a valid password maybe null and
exception is thrown (see stacktrace below).
The below is a patch that will fix this problem:
org.jboss.net.axis.server.JBossAuthenicationHandler
/** associates the call context with the given info */
protected Subject associate(Principal userPrincipal,
String passwd) {
// build passchars
char[] passChars = passwd != null ?
passwd.toCharArray() : null;
// pointer comparison, again
if (userPrincipal !=
NobodyPrincipal.NOBODY_PRINCIPAL) {
SecurityAssociation.setPrincipal(userPrincipal);
SecurityAssociation.setCredential(passChars);
} else {
// Jboss security does not like nobody:null
SecurityAssociation.setPrincipal(null);
SecurityAssociation.setCredential(null);
}
return authMgr.getActiveSubject();
}
StackTrace (fault):
AxisFault
faultCode: {http://xml.apache.org/axis/}
Server.userException
faultString: java.lang.NullPointerException
faultActor: null
faultDetail:
stackTrace: java.lang.NullPointerException
at
org.jboss.net.axis.server.JBossAuthenticationHandler.associ
ate(JBossAuthenticationHandler.java:127)
at
org.jboss.net.axis.server.JBossAuthenticationHandler.invoke
(JBossAuthenticationHandler.java:171)
at
org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting
(SimpleChain.java:154)
at org.apache.axis.SimpleChain.invoke
(SimpleChain.java:121)
at org.apache.axis.server.AxisServer.invoke
(AxisServer.java:256)
at
org.apache.axis.transport.http.AxisServlet.doPost
(AxisServlet.java:543)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:853)
at org.mortbay.jetty.servlet.ServletHolder.handle
(ServletHolder.java:366)
at
org.mortbay.jetty.servlet.WebApplicationHandler.dispatch
(WebApplicationHandler.java:293)
at org.mortbay.jetty.servlet.ServletHandler.handle
(ServletHandler.java:581)
at org.mortbay.http.HttpContext.handle
(HttpContext.java:1687)
at
org.mortbay.jetty.servlet.WebApplicationContext.handle
(WebApplicationContext.java:544)
at org.mortbay.http.HttpContext.handle
(HttpContext.java:1637)
at org.mortbay.http.HttpServer.service
(HttpServer.java:875)
at org.jboss.jetty.Jetty.service(Jetty.java:543)
at org.mortbay.http.HttpConnection.service
(HttpConnection.java:806)
at org.mortbay.http.HttpConnection.handleNext
(HttpConnection.java:956)
at org.mortbay.http.HttpConnection.handle
(HttpConnection.java:823)
at
org.mortbay.http.SocketListener.handleConnection
(SocketListener.java:203)
at org.mortbay.util.ThreadedServer.handle
(ThreadedServer.java:290)
at org.mortbay.util.ThreadPool$JobRunner.run
(ThreadPool.java:743)
at java.lang.Thread.run(Thread.java:536)
----------------------------------------------------------------------
>Comment By: James Ogura (jogura)
Date: 2003-01-21 17:41
Message:
Logged In: YES
user_id=642894
Is it possible to put this into the head for 3.2 branch?
Here is the diff of the JBossAuthenicationHandler class:
124c124,126
< // pointer comparison, again
---
> // build passchars
> char[] passChars = passwd != null ? passwd.toCharArray
() : null;
> // pointer comparison, again
127c129
< SecurityAssociation.setCredential(passwd.toCharArray
());
---
> SecurityAssociation.setCredential(passChars);
135a138
>
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=638994&group_id=22866
-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
