Bug 1121406 - [AAA] Add datacenter\template permissions to user returns HTTP 500 in REST (null pointer)
Summary: [AAA] Add datacenter\template permissions to user returns HTTP 500 in REST (n...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: oVirt
Classification: Retired
Component: ovirt-engine-api
Version: 3.5
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 3.5.0
Assignee: Yair Zaslavsky
QA Contact: Pavel Stehlik
URL:
Whiteboard: infra
Depends On:
Blocks: oVirt-AAA-rewrite
TreeView+ depends on / blocked
 
Reported: 2014-07-20 13:57 UTC by Nelly Credi
Modified: 2016-02-10 19:34 UTC (History)
8 users (show)

Fixed In Version: ovirt-engine-3.5.0_rc1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-17 12:45:02 UTC
oVirt Team: Infra


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 30519 master MERGED aaa: NPE when adding permission to datacenter Never
oVirt gerrit 30527 ovirt-engine-3.5 MERGED aaa: NPE when adding permission to datacenter Never

Description Nelly Credi 2014-07-20 13:57:03 UTC
Description of problem:


Version-Release number of selected component (if applicable):
3.5 beta 1.1

How reproducible:
100%

Steps to Reproduce:
1.create DC
2.create user
3.add the user to the DC permissions list via REST

Actual results:
HTTP 500 (trace below)


Expected results:
The user should be added to the DC's permissions list

Additional info:

</head><body><h1>HTTP Status 500 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error () that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
	org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:340)
	org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:214)
	org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:190)
	org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:540)
	org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502)
	org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119)
	org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
	org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
	org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
	org.ovirt.engine.core.aaa.filters.RestApiSessionMgmtFilter.doFilter(RestApiSessionMgmtFilter.java:69)
	org.ovirt.engine.core.aaa.filters.EnforceAuthFilter.doFilter(EnforceAuthFilter.java:39)
	org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
	org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:104)
	org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
	org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
	org.ovirt.engine.core.aaa.filters.RestApiSessionValidationFilter.doFilter(RestApiSessionValidationFilter.java:31)
	org.ovirt.engine.api.common.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:110)
	org.ovirt.engine.api.common.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:101)
</pre></p><p><b>root cause</b> <pre>java.lang.NullPointerException
	org.ovirt.engine.api.restapi.resource.BackendAssignedPermissionsResource.getPrincipal(BackendAssignedPermissionsResource.java:210)
	org.ovirt.engine.api.restapi.resource.BackendAssignedPermissionsResource.getParameters(BackendAssignedPermissionsResource.java:239)
	org.ovirt.engine.api.restapi.resource.BackendAssignedPermissionsResource.add(BackendAssignedPermissionsResource.java:104)
	sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	java.lang.reflect.Method.invoke(Method.java:606)
	org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:155)
	org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:257)
	org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
	org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:152)
	org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:106)
	org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:147)
	org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:91)
	org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:525)
	org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502)
	org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119)
	org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
	org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
	org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
	org.ovirt.engine.core.aaa.filters.RestApiSessionMgmtFilter.doFilter(RestApiSessionMgmtFilter.java:69)
	org.ovirt.engine.core.aaa.filters.EnforceAuthFilter.doFilter(EnforceAuthFilter.java:39)
	org.ovirt.engine.core.aaa.filters.LoginFilter.doFilter(LoginFilter.java:73)
	org.ovirt.engine.core.aaa.filters.NegotiationFilter.doFilter(NegotiationFilter.java:104)
	org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:75)
	org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:63)
	org.ovirt.engine.core.aaa.filters.RestApiSessionValidationFilter.doFilter(RestApiSessionValidationFilter.java:31)
	org.ovirt.engine.api.common.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:110)
	org.ovirt.engine.api.common.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:101)

Comment 1 Juan Hernández 2014-07-21 10:06:25 UTC
I think this is a duplicate of bug 1119862. Please check and close if already fixed by the patch for that bug.

Comment 2 Juan Hernández 2014-07-21 10:09:45 UTC
Looking at it again it isn't a duplicate, but it is related. We don't longer create a Principal object anywhere. This class should have been removed as part of the recent authentication changes. This call:

  getCurrent().get(Principal.class)

Needs to be replaced with this:

  getCurrent().get(DbUser.class)

Comment 3 Nelly Credi 2014-07-29 13:51:52 UTC
Was retested on 3.5.0_beta2, but still fails with HTTP 500

Comment 4 Alon Bar-Lev 2014-07-29 14:06:59 UTC
the creation of beta2 was random, so that the move of on-qa which was out of sync, please check nightly for bugs of aaa

Comment 5 Nelly Credi 2014-08-24 12:00:46 UTC
verified in ovirt-3.5.0_rc1.1

Comment 6 Sandro Bonazzola 2014-10-17 12:45:02 UTC
oVirt 3.5 has been released and should include the fix for this issue.


Note You need to log in before you can comment on or make changes to this bug.