Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-7179

NullPointerException because SecurityAssociationValve not invoked for forwarded StandardHostValve.status()

    Details

    • Type: Feature Request
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: JBossAS-5.1.0.GA
    • Fix Version/s: 6.0.0.M1
    • Component/s: Web (Tomcat) service
    • Labels:
      None
    • Environment:

      Description

      situation, web request:

      • guest tries to access secured resource
      • guest is challenged by container managed security
      • guest logs in, but does not have permissions to access the requested resource
      • logged in user is forwarded to <error-page> 403 /not-authorized
      • java.lang.NullPointerException in custom Filter:
        • filter is registered with <dispatcher>REQUEST</dispatcher>,<dispatcher>FORWARD</dispatcher>, <dispatcher>ERROR</dispatcher>
        • javax.servlet.http.HttpServletRequest.isUserInRole(String) is called, yields NullPointerException because SecurityAssociationValve ThreadLocals not available due to SecurityAssociationValve not invoked in this forwarding/error chain

      2009-08-17 12:27:25,879:4249013 [ http-0.0.0.0-8680-4] web].[localhost] ERROR Exception Processing ErrorPage[errorCode=403, location=/not-authorized] @org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]
      java.lang.NullPointerException
      at org.jboss.web.tomcat.security.JBossWebRealm.hasRole(JBossWebRealm.java:537)
      at org.apache.catalina.connector.Request.isUserInRole(Request.java:2198)
      at org.apache.catalina.connector.RequestFacade.isUserInRole(RequestFacade.java:763)
      at javax.servlet.http.HttpServletRequestWrapper.isUserInRole(HttpServletRequestWrapper.java:164)
      at UserContextFilter.doFilter(UserContextFilter.java:108)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at TokenGenerationFilter.doFilter(TokenGenerationFilter.java:42)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at SystemStateFilter.doFilter(SystemStateFilter.java:120)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:638)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:446)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:382)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:310)
      at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:416)
      at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:342)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:905)
      at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:592)
      at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2036)
      at java.lang.Thread.run(Thread.java:619)

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                anil.saldhana Anil Saldanha
                Reporter:
                work_registries Juergen H
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: