Geronimo
  1. Geronimo
  2. GERONIMO-5155

Locking a keystore under "Available" results in exception

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.4, 2.2
    • Fix Version/s: 2.1.5, 2.2.1, 3.0.0
    • Component/s: security
    • Security Level: public (Regular issues)
    • Labels:
      None
    • Environment:

      geronimo tomcat assembly

    • Patch Info:
      Patch Available

      Description

      Llocking a keystore under "Available" tab in Keystore portlet results in a null pointer on the web browser for 2.1. Here is the exception on 2.1
      java.lang.NullPointerException
      org.apache.geronimo.console.keystores.LockKeystoreHandler.actionBeforeView(LockKeystoreHandler.java:43)
      org.apache.geronimo.console.MultiPagePortlet.processAction(MultiPagePortlet.java:112)
      org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:218)
      org.apache.pluto.core.PortletServlet.doGet(PortletServlet.java:139)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
      org.apache.pluto.core.DefaultPortletInvokerService.invoke(DefaultPortletInvokerService.java:167)
      org.apache.pluto.core.DefaultPortletInvokerService.action(DefaultPortletInvokerService.java:85)
      org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:219)
      org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:121)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
      org.apache.geronimo.console.filter.PlutoUrlRebuildFilter.doFilter(PlutoUrlRebuildFilter.java:48)
      org.apache.geronimo.console.filter.XSSXSRFFilter.doFilter(XSSXSRFFilter.java:125)

      For 2.2 the error thrown is "2010-02-23 23:00:56,062 ERROR [MultiPagePortlet] Unrecognized portlet action 'lockKeystore'"

      1. 5155_21.patch
        1 kB
        Ashish Jain

        Activity

        Hide
        Ashish Jain added a comment -

        In 2.1 Investigation suggests that there is an extra space being added while making the following call request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore)); in LockKeystoreHandler which results in a null value returned and hence null pointer exception.

        I still have to investigate this for 2.2.

        Show
        Ashish Jain added a comment - In 2.1 Investigation suggests that there is an extra space being added while making the following call request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore)); in LockKeystoreHandler which results in a null value returned and hence null pointer exception. I still have to investigate this for 2.2.
        Hide
        Ashish Jain added a comment -

        Uploading a patch for 2.1. Kindly review and apply.

        Show
        Ashish Jain added a comment - Uploading a patch for 2.1. Kindly review and apply.
        Hide
        Ivan added a comment -

        Hi, Ashish :
        Could you show me the steps to reproduce this error ? It seems work well for me.
        Also, from the exception stack, the code of line 43 is "String keystore = request.getParameter("keystore");" I am not sure why this line would cause NullPointerException ? Did you change the codes on your own machine ?
        Whatever caused the error, the extra space should be removed, I would commit the attached patch to 2.1.5-SNAPSHOT
        thanks !

        Show
        Ivan added a comment - Hi, Ashish : Could you show me the steps to reproduce this error ? It seems work well for me. Also, from the exception stack, the code of line 43 is "String keystore = request.getParameter("keystore");" I am not sure why this line would cause NullPointerException ? Did you change the codes on your own machine ? Whatever caused the error, the extra space should be removed, I would commit the attached patch to 2.1.5-SNAPSHOT thanks !
        Hide
        Ivan added a comment -

        Commit the patch to 2.1.5-SNAPSHOT At revision: 916218, 2.2-SNAPSHOT at revision 916220, trunk At revision: 916221.

        Show
        Ivan added a comment - Commit the patch to 2.1.5-SNAPSHOT At revision: 916218, 2.2-SNAPSHOT at revision 916220, trunk At revision: 916221.
        Hide
        Ashish Jain added a comment -

        Hi Ivan,

        There are 2 ways you can observe the problem

        1) one is to put a debug point @ "request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore)" in LockKeystoreHandler . You will see that the string received has an extra space, that is if keystore name is "test" than you will get "test ". this results in a null value for KeystoreData and hence the null pointer exception.

        2) In admin console in "Keystore" portlet you can see there are two places you can of lock/unlock a keystore one for "edit" and another for "usage". Once you take the mouse cursor over each of them, you can observe a visible difference in the target url @ the bottom pane of the browser- one with extra space and one w/o an extra space.

        I have used egaed version of the 2.1.4 to test this and can see the same problem existing in 2.2 with similar uase, however in 2.2 the problem is due to "Unrecognized portlet action 'lockKeystore'" this is because mode is being returned as "lockKeystore ".

        Thanks
        Ashish

        Show
        Ashish Jain added a comment - Hi Ivan, There are 2 ways you can observe the problem 1) one is to put a debug point @ "request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore)" in LockKeystoreHandler . You will see that the string received has an extra space, that is if keystore name is "test" than you will get "test ". this results in a null value for KeystoreData and hence the null pointer exception. 2) In admin console in "Keystore" portlet you can see there are two places you can of lock/unlock a keystore one for "edit" and another for "usage". Once you take the mouse cursor over each of them, you can observe a visible difference in the target url @ the bottom pane of the browser- one with extra space and one w/o an extra space. I have used egaed version of the 2.1.4 to test this and can see the same problem existing in 2.2 with similar uase, however in 2.2 the problem is due to "Unrecognized portlet action 'lockKeystore'" this is because mode is being returned as "lockKeystore ". Thanks Ashish
        Hide
        Ivan added a comment -

        Applied the patch provided by Ashish Jain.

        Show
        Ivan added a comment - Applied the patch provided by Ashish Jain.
        Hide
        Rex Wang added a comment -

        closing it

        Show
        Rex Wang added a comment - closing it

          People

          • Assignee:
            Ashish Jain
            Reporter:
            Ashish Jain
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development