qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-7549) [Java Broker] Authentication using SimpleLDAP authentication provider fails with NPE when caching of authentication results is enabled(by default)
Date Thu, 01 Dec 2016 17:38:59 GMT

     [ https://issues.apache.org/jira/browse/QPID-7549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Keith Wall updated QPID-7549:
-----------------------------
    Fix Version/s: qpid-java-6.2

> [Java Broker] Authentication using SimpleLDAP authentication provider fails with NPE
when caching of authentication results is enabled(by default)
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7549
>                 URL: https://issues.apache.org/jira/browse/QPID-7549
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-6.1
>            Reporter: Alex Rudyy
>             Fix For: qpid-java-6.2, qpid-java-6.1.1
>
>
> Authentication with SimpleLDAP authentication provider fails due to the following exception:
> {noformat}
> 2016-11-24 12:59:12,878 WARN  [HttpManagement-testHTTP-158] (o.e.j.s.ServletHandler)
- /service/sasl
> java.lang.NullPointerException: null
>         at org.apache.qpid.server.security.auth.manager.AuthenticationResultCacher.digestCredentials(AuthenticationResultCacher.java:116)
~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.AuthenticationResultCacher.getOrLoad(AuthenticationResultCacher.java:80)
~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.getOrLoadAuthenticationResult(SimpleLDAPAuthenticationManagerImpl.java:410)
~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.access$200(SimpleLDAPAuthenticationManagerImpl.java:83)
~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl$SimpleLDAPPlainCallbackHandler.handle(SimpleLDAPAuthenticationManagerImpl.java:669)
~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:87)
~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.authenticate(SimpleLDAPAuthenticationManagerImpl.java:312)
~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.security.SubjectCreator.authenticate(SubjectCreator.java:115)
~[qpid-broker-core-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.evaluateSaslResponse(SaslServlet.java:213)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.doPostWithSubjectAndActor(SaslServlet.java:135)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:121)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:117)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_74]
>         at javax.security.auth.Subject.doAs(Subject.java:422) ~[na:1.8.0_74]
>         at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doWithSubjectAndActor(AbstractServlet.java:218)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doPost(AbstractServlet.java:115)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) ~[geronimo-servlet_3.0_spec-1.0.jar:1.0]
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:668) ~[geronimo-servlet_3.0_spec-1.0.jar:1.0]
>         at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.apache.qpid.server.management.plugin.filter.ForbiddingAuthorisationFilter.doFilter(ForbiddingAuthorisationFilter.java:94)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter.doFilter(ForbiddingTraceFilter.java:65)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.apache.qpid.server.management.plugin.filter.LoggingFilter.doFilter(LoggingFilter.java:65)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247)
~[jetty-servlets-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210)
~[jetty-servlets-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter.doFilter(ExceptionHandlingFilter.java:56)
~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.Server.handle(Server.java:370) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
>         at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
[jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
> {noformat}
> This issue only impacts authentication via Web Management Console (when SimpleLDAp authentication
provider is configured for HTTP port). Due to NPE the authentication fails and user is not
able to login to Web Management Console. Authentication over AMQP or preemptive authentication
is not impacted by the issue.
> Disabling of the caching allows to work around the issue. The caching can be turned off
by setting to 'null' or '0' or negative value any/all of the following context variables:
> * qpid.auth.cache.size
> * qpid.auth.cache.expiration_time
> * qpid.auth.cache.iteration_count



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message