Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 451133 - Invalid login attempts appear to be returning from UserService as valid
Summary: Invalid login attempts appear to be returning from UserService as valid
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Customer Support Portal
Classification: Retired
Component: Integration-Red Hat
Version: 1.3.9
Hardware: All
OS: All
medium
low
Target Milestone: ---
: ---
Assignee: JBoss CSP Bug Watch List
QA Contact:
URL:
Whiteboard: Completed Sprint #5
Depends On:
Blocks: 451141
TreeView+ depends on / blocked
 
Reported: 2008-06-12 22:44 UTC by Mike Amburn
Modified: 2008-08-20 16:20 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-08-20 16:20:25 UTC
Type: ---


Attachments (Terms of Use)

Description Mike Amburn 2008-06-12 22:44:55 UTC
While testing the maven build, we were noticing a NPE in the logs occasionally
after attempting to validate against the UserService. The exception looks like,

ERROR [com.jboss.jbossnetwork.dao.login.issuetracker.LoginDAOBean] There was
some error when trying to log in via user service.
java.lang.NullPointerException
at
com.jboss.jbossnetwork.dao.login.issuetracker.LoginDAOBean.dumpUserToLog(LoginDAOBean.java:354)
at
com.jboss.jbossnetwork.dao.login.issuetracker.LoginDAOBean.logIntoUserService(LoginDAOBean.java:267)
at
com.jboss.jbossnetwork.dao.login.issuetracker.LoginDAOBean.login(LoginDAOBean.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
at
org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
at
org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:46)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:211)
at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
at $Proxy152.login(Unknown Source)
at com.jboss.jbossnetwork.ui.actions.LoginAction.handleSubmit(LoginAction.java:132)
at com.jboss.jbossnetwork.ui.actions.LoginAction.jbossExecute(LoginAction.java:73)
at com.jboss.jbossnetwork.ui.actions.JBossAction.execute(JBossAction.java:78)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1192)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:430)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:414)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.jboss.jbossnetwork.util.EncodingFilter.doFilter(EncodingFilter.java:27)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at
org.jboss.web.tomcat.tc5.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:87)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:619)

This is only happening with an invalid login. We have tested with an invalid
password to generate this exception. It seemed like the UserService was
returning a user object with all of its fields nulled out. I spoke with Chris
Duryee, and he was watching the response sent back as I submitted an invalid
login request. He verified that the service is in fact returning null. I
concluded that the issue had to be somewhere with Axis 2 and/or xmlbeans which
we are using as the underlying data binding framework. My initial thought was
that I had screwed something up during the maven migration. This prompted me to
test with the ant build, and I was able to produce the same NPE with the ant
build (and Axis 2).

For some reason xmlbeans is giving back a non-null object even though the
service returns null. I do however think that I found a work around with the
following code:

VerifyPasswordResponseDocument response = stub.verifyPassword(doc);
boolean isNull = response.getVerifyPasswordResponse().isNilOut();

In the case of an invalid password, isNilOut returns true.


Note You need to log in before you can comment on or make changes to this bug.