5 Replies Latest reply on Oct 12, 2011 6:22 AM by Mehul Kapadia

    SPNEGOLoginModule : NullPointerException - Unable to authenticate

    Mehul Kapadia Newbie

      Hello Everyone,

       

      I have Configured JBOSS and My Application to enable Kerberos SSO Using JBOSS  SPNEGO. Its working fine as expected. I have also tested the JBOSS Negotiation Toolkit and all test are passed successfully.


      But sometimes I am getting NullPointerException in SPNEGOLoginModule Class as given below. (I have enabled the Debug Log on JBoss)

       

       

      2011-10-11 20:05:29,270 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-172.19.102.45-8080-2) Logged in 'host' LoginContext

      2011-10-11 20:05:29,270 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-172.19.102.45-8080-2) Creating new GSSContext.

      2011-10-11 20:05:29,270 ERROR [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-172.19.102.45-8080-2) Unable to authenticate

      java.lang.NullPointerException

      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)

      at java.security.AccessController.doPrivileged(Native Method)

      at javax.security.auth.Subject.doAs(Unknown Source)

      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

      at java.lang.reflect.Method.invoke(Unknown Source)

      at javax.security.auth.login.LoginContext.invoke(Unknown Source)

      at javax.security.auth.login.LoginContext.access$000(Unknown Source)

      at javax.security.auth.login.LoginContext$4.run(Unknown Source)

      at java.security.AccessController.doPrivileged(Native Method)

      at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)

      at javax.security.auth.login.LoginContext.login(Unknown Source)

      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)

      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)

      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)

      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)

      at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)

      at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)

      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)

      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)

      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

      at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:402)

      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)

      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

      at java.lang.Thread.run(Unknown Source)

      2011-10-11 20:05:29,286 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-172.19.102.45-8080-1) Header - Negotiate YIIEyAYGKwYBBQUCoIIEvDCCBLigJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBI4EggSKYIIEhgYJKoZIhvcSAQICAQBuggR1MIIEcaADAgEFoQMCAQ6iBwMFACAAAACjggOhYYIDnTCCA5mgAwIBBaENGwtET01BSU4xLkNPTaIpMCegAwIBAqEgMB4bBEhUVFAbFjAxaHcxMTM4NTguZG9tYWluMS5jb22jggNWMIIDUqADAgEDoQMCASGiggNEBIIDQAgbBfizpfTPLx21eq57h8tv8mOuu72J6uaqaLcw2CB9YSxIxckSs12XyrB7AUrD5VgGOKIXxW1rlQbWOMDFeFll6ntBoNlu71pA4kpAARGSb1Ec+wbreHK6aHRhxHwFTQDnXst78GwAJKropAuNmhEJvbHiqIcZGFomsKfkbWgVWqUwYtmifuNpEjpzCMpEgUunpthp3hZKFQ9o9WgHEiwNilWHzN5Dv6IoxKOgZ5yWXTcJER/zp7L3BYLg0APWT3ONfCVO09hE0Xi46uYoJpYkkU+2NcA9cM+ubLVa6O8izdQIxfwII9bW8CAP++gOk9dx+HesgbA1plU3bJc7ROCFIiZhJlwOHxiFGpMsGxP+sIdDGjevk+hOW57uyS4XFuJCVXBfuX6svKyC/JCJGALjzGQP9Gy7/QP9yrOQdfQX782/Ng8LAaxSFSJqU0Nq04oT5Xx5opUZkH7eFBQCiF+fOFjuaL9M1BliX75Usdd+l25KF7ibMx3ktm3p/uR9qwWDgrZVdXnT5y8D3bQpq5BSE+DjkyuK7h1WRIYlZ3yrLk/Wd5ydP5XsAMCf/HzBD6TmwQxAgQkYwBbRn7jwu42MEj1Z9JTvA0mRb6ZRgMGD8afZX2/rN6j1t8RQR2V06feYzkv56CNSv3ruEKTSyhWAH50GlBdnmryGKUD87RFiEz84CqfqxYTBqQ2cdk1rKkkG2JfIPfp73FCLNtTNOTCG5r0/4bkS49wGm69O86dd0xybJcB9c/2+dL6KHfIb3/aLfwDhtOaj47v2msd5cLeNTsgIPBbckw0WvN0caImox1P745CNYpl1okFOaukO3UnReh0wXI6cDdVivg1EN8prD5TN+Zn4F5KrL1sGOp1VYyXJ96MqXLXRJcmQR9+IfGu61W1Yt1LUlOM8h7iUvg2CheqIM0rslGL/A74OS7UIaAJ9/+LoPlGywzLHQPMmrr4TLu6IbdJ9vfVQrTBUmTTujcLkjSvMw7PX8Pc0yMXOTb2tbRLEET7lTTSwZ3SwuDxpsSL+9AdBNwn/SethSdLcjdTD0JPRKx826JefBaFkx9MwdNTRHDcffnjnmPCvbiblxd9gKjqiAWies5qcmiykgbYwgbOgAwIBA6KBqwSBqAXlB/6/pufb4IYT4UxsAXmoCusfQC/TIsCx77YeUyvdrc60vcC1hwPagXN3MRQ+cr36qO+q4BzInSkosuud798COaYGEnfin75cTiOs3bShFNSWT7snLkaN4zGfzrmN4c8xFO3LRbAFaa/7dwwhbIA+bzXbuHQpj0lJwkhmG5vdyX0GXU/EZFZ45HZ3JVNwnthTZTl1NPPinzhTwHDvpxsWjhhsAFeReg==

      2011-10-11 20:05:29,286 INFO  [STDOUT] (http-172.19.102.45-8080-2)   [Krb5LoginModule]: Entering logout

      2011-10-11 20:05:29,286 INFO  [STDOUT] (http-172.19.102.45-8080-2)   [Krb5LoginModule]: logged out Subject

      2011-10-11 20:05:29,286 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-172.19.102.45-8080-1) serverSecurityDomain=host

      2011-10-11 20:05:29,286 INFO  [STDOUT] (http-172.19.102.45-8080-1) Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is C:/WINDOWS/516502.keytab refreshKrb5Config is false principal is HTTP/01HW113858.DOMAIN1.COM@DOMAIN1.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false

       

       

      Once  above error comes up, login page(jsp) of my application doesnt render properly. and I am not able to use my application.

       

      when I trace back to Jboss SPNEGO I found that following code where it failed in SPNEGOLoginModule Class.

       

      try

          {

            Subject server = getServerSubject();

            AcceptSecContext action = new AcceptSecContext(negotiationContext);

      Object result = Subject.doAs(server, action);   // This code result object "result" as Object of Exception. and its complaining that object action that I am passing is sometimes "null"

            this.log.trace("Result - " + result);

            if (result instanceof Boolean)
            {
              if (Boolean.TRUE.equals(result))
              {
                this.loginOk = true;
                if (getUseFirstPass() == true)
                {
                  String userName = this.identity.getName();
                  this.log.debug("Storing username '" + userName + "' and empty password");

                  this.sharedState.put("javax.security.auth.login.name", this.identity);
                  this.sharedState.put("javax.security.auth.login.password", "");
                }
              }
            }
            else if (result instanceof Exception)
            {
              Exception e = (Exception)result;
             this.log.error("Unable to authenticate", e);      //////   Its failing here as its not able to get the correct object "result"
              throw new LoginException("Unable to authenticate - " + e.getMessage());
            }

       

      Really appriciate your help and support.

       

      Thanks in advance.

       

       

      Regards,

      Mehul Kapadia