Description of problem: Null pointer exception in case Authorization header is passed. Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: (done with RESTClient, Firefox add-on) 1. set header 'Authorization' to 'admin@internal:123456' (doesn't matter if login/password are correct or not) 2. do not set any Authentication method 3. GET https://kj-rh32.rhev.lab.eng.brq.redhat.com:443/api Actual results: Status Code: 500 Internal Server Error From response body: The server encountered an internal error () that prevented it from fulfilling this request. org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:251) org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:196) org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:551) org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:513) org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:125) org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) javax.servlet.http.HttpServlet.service(HttpServlet.java:847) root cause java.lang.NullPointerException org.ovirt.engine.api.restapi.security.auth.LoginValidator.validate(LoginValidator.java:65) org.ovirt.engine.api.common.security.auth.Challenger.executeBasicAuthentication(Challenger.java:129) org.ovirt.engine.api.common.security.auth.Challenger.preProcess(Challenger.java:103) org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:247) org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222) org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:211) org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:536) org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:513) org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:125) org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) javax.servlet.http.HttpServlet.service(HttpServlet.java:847) note The full stack trace of the root cause is available in the JBoss Web/7.0.17..Final-redhat-2 logs Expected results: Not to throw exception Additional info: Not sure if it is a bug in RHEVM REST API or JBoss.
(In reply to comment #0) > Description of problem: Null pointer exception in case Authorization header > is passed. > > > Version-Release number of selected component (if applicable): > > > How reproducible: 100% > > > Steps to Reproduce: > (done with RESTClient, Firefox add-on) > 1. set header 'Authorization' to 'admin@internal:123456' (doesn't matter if > login/password are correct or not) > 2. do not set any Authentication method > 3. GET https://kj-rh32.rhev.lab.eng.brq.redhat.com:443/api > Authorization header should look like: Authorization:Basic YWRtaW5AaW50ZXJuYWw6MTIzNDU2, you have to specify 'authorization type' by spec, also credentials are not passed as plain text, but as base64 encoded string string, anyway this is RESTeasy issue
- missed 'root cause', we can defend against this in a Challenger/LoginValidator.
Works OK (i.e. no Java exception) on rhevm-3.2.0-10.18.beta2.el6ev
3.2 has been released