-
1. Re: NPE in ExtendedFormAuthenticator
gdemir Jul 26, 2007 9:32 PM (in response to leegreiner)Hi,
The same thing just happened to me as well. I think the code is buggy. Since the earlier reference had checked session to be not null, I believe at line 104, the same check should be applied too.
I will add the check to the code, and jar uf it.
Gokhan. -
2. Re: NPE in ExtendedFormAuthenticator
anthonyestelita Aug 1, 2007 3:55 PM (in response to leegreiner)Has there been any plans for this to be fixed? We too are experiencing the same exact issue (if a user sits at the login page for a period of time the NPE exception is thrown by the ExtendedFormAuthenticator). I searched the jboss bugs for this issue and I don't see a closed nor open bug for it. :-( Is there a workaround? Right now the user is forced to basically log-in twice (first time throws the NPE and the second time it works).
-
3. Re: NPE in ExtendedFormAuthenticator
leegreiner Aug 1, 2007 8:50 PM (in response to leegreiner)I ended up writing my own authenticator, one that guarded against the NPE.
-
4. Re: NPE in ExtendedFormAuthenticator
anil.saldhana Aug 3, 2007 2:54 PM (in response to leegreiner)http://jira.jboss.com/jira/browse/JBAS-4592
-
5. Re: NPE in ExtendedFormAuthenticator
rmartony Jul 9, 2008 12:29 PM (in response to leegreiner)"leegreiner" wrote:
I ended up writing my own authenticator, one that guarded against the NPE.
Could you share your version of the ExtendedFormAuthenticator?
Thanks,
Rafael -
6. Re: NPE in ExtendedFormAuthenticator
leegreiner Jul 9, 2008 1:34 PM (in response to leegreiner)This was our solution:
package edu.duke.dcri.web.tomcat.security; import java.io.IOException; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.deploy.LoginConfig; public class ExtendedFormAuthenticator extends org.jboss.web.tomcat.security.ExtendedFormAuthenticator { public ExtendedFormAuthenticator() { } public boolean authenticate(Request request, Response response, LoginConfig config) throws IOException { boolean alreadyAuthenticated = false; try { alreadyAuthenticated = super.authenticate(request, response, config); } catch(NullPointerException npe) { } return alreadyAuthenticated; } }
When the NullPointerException is raised there is no session and the authenticator returns false, the desired effect. -
7. Re: NPE in ExtendedFormAuthenticator
rmartony Jul 10, 2008 1:10 PM (in response to leegreiner)That's great leegreiner, thanks.
Another question, how do I install the new authenticator?
Do I have to follow these (http://wiki.jboss.org/wiki/ExternalizeTomcatAuthenticators) instructions?
Currently I'm using the JBoss ExtendedFormAuthenticator via WEB-INF/context.xml descriptor with a Valve element. (http://wiki.jboss.org/wiki/ExtendedFormAuthenticator)
Regards,
Rafael. -
8. Re: NPE in ExtendedFormAuthenticator
leegreiner Jul 10, 2008 5:33 PM (in response to leegreiner)We typically drop a jar containing the authenticator in the default/lib directory so that all application deployed on the server have access to it but are not forced to use it by default.
Each application that wants to use the authenticator will include it as defined in the "Configuring the ExtendedFormAuthenticator for an Application" section of http://wiki.jboss.org/wiki/ExtendedFormAuthenticator.