Bug 793480 (JBEPP-562)

Summary: EPP5+SPNEGO : NullPointerException when automated logout during session expiration
Product: [JBoss] JBoss Enterprise Portal Platform 5 Reporter: mposolda
Component: unspecifiedAssignee: Sohil Shah <sohil.shah>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 5.1.0.ER02CC: epp-bugs
Target Milestone: ---   
Target Release: 5.1.0.ER04   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBEPP-562
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
EPP5 + SPNEGO, Kerberos 5 on same machine as EPP5
Last Closed: 2010-11-10 12:48:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description mposolda 2010-10-20 18:44:43 UTC 
project_key: JBEPP

1) Make steps for integration EPP5 and SPNEGO according to instructions in reference guide (Kerberos5 running on same machine as EPP5)
2) Decrease session timeout to 1 minute in deploy/gatein.ear/02portal.war/WEB-INF/web.xml (it is good to simulate issue more quickly, otherwise you will need to wait 30 minutes in step 6)
3) Start EPP5
4) kinit root
5) Go to http://server.local.network:8080/portal/private/classic . User is automatically logged as root
6) Do nothing and wait 2 minutes
7) After 2 minutes you can see exception in server log. It seems that nothing is broken, only issue is NPE in server log. Stacktrace:

12:35:01,389 ERROR [SPNEGORolesModule] Could not perform JBoss security manager cache eviction
java.lang.NullPointerException
	at org.gatein.sso.agent.login.SPNEGORolesModule.logout(SPNEGORolesModule.java:225)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.logout(LoginContext.java:629)
	at org.exoplatform.services.security.web.JAASConversationStateListener.sessionDestroyed(JAASConversationStateListener.java:66)
	at org.apache.catalina.session.StandardSession.expire(StandardSession.java:702)
	at org.apache.catalina.session.StandardSession.isValid(StandardSession.java:592)
	at org.apache.catalina.session.ManagerBase.processExpires(ManagerBase.java:682)
	at org.apache.catalina.session.ManagerBase.backgroundProcess(ManagerBase.java:667)
	at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1327)
	at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1612)
	at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1621)
	at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1621)
	at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1601)
	at java.lang.Thread.run(Thread.java:619)
Comment 1 Scott Mumford 2010-11-01 04:10:21 UTC 
Release Notes Docs Status: Added: Not Required
Comment 2 Scott Mumford 2010-11-08 09:53:29 UTC 
Release Notes Docs Status: Removed: Not Required Added: Documented as Known Issue
Release Notes Text: Added: A NullPointerException can be seen in a server log stacktrace after a user authenticated with the SPNEGO Single Sign-On method is automatically evicted after the set time-out period has elapsed.

This issue does not produce any flow-on effects.
Comment 3 Thomas Heute 2010-11-10 21:39:40 UTC 
Release Notes Docs Status: Removed: Documented as Known Issue Added: Documented as Resolved Issue
Release Notes Text: Removed: A NullPointerException can be seen in a server log stacktrace after a user authenticated with the SPNEGO Single Sign-On method is automatically evicted after the set time-out period has elapsed.

This issue does not produce any flow-on effects. Added: A NullPointerException can be seen in a server log stacktrace after a user authenticated with the SPNEGO Single Sign-On method is automatically evicted after the set time-out period has elapsed.

This issue didn't produce any flow-on effects.