2 Replies Latest reply on Jan 21, 2005 12:17 PM by srajput

    NullPointerException in JBossSecurityMgrRealm.getCachingPrin

    srajput
    srajput Jan 21, 2005 9:50 AM

      All,

      JBoss version: 4.0.0RC1
      Database: MySQL 4.1.7

      I am using the DatabaseServerLoginModule to authenticate and I keep getting the following exception that is driving me crazy. I have scoured this forum and the Internet but didn't come across any post that mentioned this exception.

      It seems that authentication (Phase 1 in Scott Stark's paper) seems to work correctly in that incorrect usernames/passwords are recognized correctly. The problem occurs with Phase 2, it seems, but I am lost here.

      Any help would be greatly appreciated.

      The exception details are:

      2005-01-21 09:30:19,266 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@6dcfde
2005-01-21 09:30:19,266 DEBUG [org.jboss.security.plugins.JaasSecurityManager.springapp_security] CachePolicy set to: org.jboss.util.TimedCachePolicy@16a3075
2005-01-21 09:30:19,266 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@16a3075
2005-01-21 09:30:19,266 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added springapp_security, org.jboss.security.plugins.SecurityDomainContext@93886b to map
2005-01-21 09:30:19,826 ERROR [org.apache.coyote.tomcat5.CoyoteAdapter] An exception or error occurred in the container during the request processing
java.lang.NullPointerException
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.getCachingPrincpal(JBossSecurityMgrRealm.java:321)
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:257)
 at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:229)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:146)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:122)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
 at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
 at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
 at java.lang.Thread.run(Thread.java:534)



      Appropriate portion of login-config.xml: 
      <application-policy name="springapp_security">
 <authentication>
 <login-module code="org.jboss.security.ClientLoginModule" flag="required"/>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
 <module-option name="dsJndiName">java:/SpringappDS</module-option>
 <module-option name="principalsQuery">Select password 'Password' from principal_table where username=?</module-option>
 <module-option name="rolesQuery">select role 'Roles', role_group 'RoleGroups' from roles_table where username=?</module-option>
 </login-module>
 </authentication>
</application-policy>


      web.xml: 
      <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>

<web-app>
 <servlet>
 <servlet-name>springapp</servlet-name>
 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 <load-on-startup>1</load-on-startup>
 </servlet>

 <servlet-mapping>
 <servlet-name>springapp</servlet-name>
 <url-pattern>*.htm</url-pattern>
 </servlet-mapping>

 <welcome-file-list>
 <welcome-file>
 index.jsp
 </welcome-file>
 </welcome-file-list>

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Spring Application</web-resource-name>
 <description>Require users to authenticate</description>
 <url-pattern>/*</url-pattern>
 <http-method>POST</http-method>
 <http-method>GET</http-method>
 </web-resource-collection>
 <auth-constraint>
 <description>Only allow Echo role</description>
 <role-name>Echo</role-name>
 </auth-constraint>
 </security-constraint>

 <security-role>
 <description>Echo role</description>
 <role-name>Echo</role-name>
 </security-role>

 <login-config>
 <auth-method>FORM</auth-method>
 <form-login-config>
 <form-login-page>/login.jsp</form-login-page>
 <form-error-page>/login_error.html</form-error-page>
 </form-login-config>
 </login-config>

 <taglib>
 <taglib-uri>/spring</taglib-uri>
 <taglib-location>/WEB-INF/spring.tld</taglib-location>
 </taglib>

 <resource-ref>
 <res-ref-name>SpringappDS</res-ref-name>
 <res-type>javax.sql.DataSource</res-type>
 <jndi-name>java:/SpringappDS</jndi-name>
 <res-auth>SERVLET</res-auth>
 </resource-ref>
</web-app>



      jboss-web.xml: 
      <?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">

<jboss-web>
 <security-domain>java:/jaas/springapp_security</security-domain>
 <resource-ref>
 <res-ref-name>SpringappDS</res-ref-name>
 <res-type>javax.sql.DataSource</res-type>
 <jndi-name>java:/SpringappDS</jndi-name>
 </resource-ref>
</jboss-web>



      I have a simple login.jsp page: 
      <form action="j_security_check" method="post">
 <table border="0" cellpadding="0">
 <tr>
 <td>Username: <input type="text" name="j_username" size="22"/></td>
 </tr>
 <tr>
 <td>Password: <input type="password" name="j_password" size="22"/></td>
 <tr>
 <td><input type="submit" value="Login" /></td>
 </tr>
 </table>
</form>



      Portions of the DDL that creates and populates the tables needed by DatabaseServerLoginModule: 

      # Create the principal table
create table principal_table
(
 username VARCHAR(64),
 password VARCHAR(64),
 PRIMARY KEY (username)
);
insert into principal_table values ('java', 'echoman');
insert into principal_table values ('duke', 'javaman');

# Create the roles table
create table roles_table
(
 username VARCHAR(64),
 role VARCHAR(64),
 role_group VARCHAR(64)
);

insert into roles_table values ('java', 'Echo', 'Roles');
insert into roles_table values ('java', 'Echo', 'Roles');
insert into roles_table values ('java', 'caller_java', 'CallerPrincipal');
insert into roles_table values ('java', 'caller_java', 'CallerPrincipal');
insert into roles_table values ('duke', 'Java', 'Roles');
insert into roles_table values ('duke', 'Java', 'Roles');
insert into roles_table values ('duke', 'Coder', 'Roles');
insert into roles_table values ('duke', 'Coder', 'Roles');
insert into roles_table values ('duke', 'caller_duke', 'CallerPrincipal');
insert into roles_table values ('duke', 'caller_duke', 'CallerPrincipal');



      • 2740 Views
      • Tags: