Bug 451133 - Invalid login attempts appear to be returning from UserService as valid
Invalid login attempts appear to be returning from UserService as valid
Status: CLOSED CURRENTRELEASE
Product: JBoss Customer Support Portal
Classification: Retired
Component: Integration-Red Hat (Show other bugs)
1.3.9
All All
medium Severity low
: ---
: ---
Assigned To: JBoss CSP Bug Watch List
Completed Sprint #5
:
Depends On:
Blocks: 451141
  Show dependency treegraph
 
Reported: 2008-06-12 18:44 EDT by Mike Amburn
Modified: 2008-08-20 12:20 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-20 12:20:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mike Amburn 2008-06-12 18:44:55 EDT
While testing the maven build, we were noticing a NPE in the logs occasionally
after attempting to validate against the UserService. The exception looks like,

ERROR [com.jboss.jbossnetwork.dao.login.issuetracker.LoginDAOBean] There was
some error when trying to log in via user service.
java.lang.NullPointerException
at
com.jboss.jbossnetwork.dao.login.issuetracker.LoginDAOBean.dumpUserToLog(LoginDAOBean.java:354)
at
com.jboss.jbossnetwork.dao.login.issuetracker.LoginDAOBean.logIntoUserService(LoginDAOBean.java:267)
at
com.jboss.jbossnetwork.dao.login.issuetracker.LoginDAOBean.login(LoginDAOBean.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
at
org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
at
org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:46)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:211)
at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
at $Proxy152.login(Unknown Source)
at com.jboss.jbossnetwork.ui.actions.LoginAction.handleSubmit(LoginAction.java:132)
at com.jboss.jbossnetwork.ui.actions.LoginAction.jbossExecute(LoginAction.java:73)
at com.jboss.jbossnetwork.ui.actions.JBossAction.execute(JBossAction.java:78)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1192)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:430)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:414)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.jboss.jbossnetwork.util.EncodingFilter.doFilter(EncodingFilter.java:27)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at
org.jboss.web.tomcat.tc5.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:87)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:619)

This is only happening with an invalid login. We have tested with an invalid
password to generate this exception. It seemed like the UserService was
returning a user object with all of its fields nulled out. I spoke with Chris
Duryee, and he was watching the response sent back as I submitted an invalid
login request. He verified that the service is in fact returning null. I
concluded that the issue had to be somewhere with Axis 2 and/or xmlbeans which
we are using as the underlying data binding framework. My initial thought was
that I had screwed something up during the maven migration. This prompted me to
test with the ant build, and I was able to produce the same NPE with the ant
build (and Axis 2).

For some reason xmlbeans is giving back a non-null object even though the
service returns null. I do however think that I found a work around with the
following code:

VerifyPasswordResponseDocument response = stub.verifyPassword(doc);
boolean isNull = response.getVerifyPasswordResponse().isNilOut();

In the case of an invalid password, isNilOut returns true.

Note You need to log in before you can comment on or make changes to this bug.