Jetspeed 2
  1. Jetspeed 2
  2. JS2-472

FragmentImpl.getFragments() can be null but is assumed not null

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.3, 2.2.0
    • Fix Version/s: 2.1.3, 2.2.0
    • Component/s: None
    • Labels:
      None

      Description

      org.apache.jetspeed.om.page.psml.FragmentImpl.getFragments() can return null if all fragments fail the security check: see line 560.

      However, ContentFragmentImpl assumes that a non-null value is returned: for instance in ContentFragmentList.duplicateList().

      I assume the best fix is to always return a list, even if empty.

      I will supply a patch in the next day or two.

      1. JS2-472-FragmentImpl.diff
        3 kB
        David Jencks
      2. FragmentImpl.diff
        11 kB
        David Jencks

        Activity

        Hide
        David Jencks added a comment -

        The attached patch includes the changes to make getFragments() not return null, ever. However it also contains some changes to permissions construction/evaluation that if applied now would break the build, so this is basically to look at, not apply. I'll include these changes also in the permissions patch I'm working on.

        Show
        David Jencks added a comment - The attached patch includes the changes to make getFragments() not return null, ever. However it also contains some changes to permissions construction/evaluation that if applied now would break the build, so this is basically to look at, not apply. I'll include these changes also in the permissions patch I'm working on.
        Hide
        David Jencks added a comment -

        After Randy's fix for JS2-473 I think this patch is a better solution to this problem. I've tried to minimize whitespace changes which means that indenting needs to be adjusted before commit.

        Show
        David Jencks added a comment - After Randy's fix for JS2-473 I think this patch is a better solution to this problem. I've tried to minimize whitespace changes which means that indenting needs to be adjusted before commit.
        Hide
        Randy Watler added a comment -

        I'll get this applied in the next few days. I missed this JIRA issue on the last iterations...thanks for spotting this one!

        Show
        Randy Watler added a comment - I'll get this applied in the next few days. I missed this JIRA issue on the last iterations...thanks for spotting this one!
        Hide
        Ate Douma added a comment -

        This problem still exists.

        If I enable permissions security on the (Castor) PageManager, Jetspeed fully breaks down:

        java.lang.NullPointerException
        at org.apache.jetspeed.om.page.ContentFragmentImpl$ContentFragmentList.isEmpty(ContentFragmentImpl.java:673)
        at org.apache.jetspeed.decoration.PageTheme.setupFragmentDecorations(PageTheme.java:77)
        at org.apache.jetspeed.decoration.PageTheme.<init>(PageTheme.java:52)
        at org.apache.jetspeed.decoration.DecorationFactoryImpl.getTheme(DecorationFactoryImpl.java:95)
        at org.apache.jetspeed.decoration.DecorationValve.invoke(DecorationValve.java:90)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.pipeline.valve.impl.ActionValveImpl.invoke(ActionValveImpl.java:147)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.container.ContainerValve.invoke(ContainerValve.java:76)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.profiler.impl.ProfilerValveImpl.invoke(ProfilerValveImpl.java:255)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.security.impl.LoginValidationValveImpl.invoke(LoginValidationValveImpl.java:159)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.security.impl.PasswordCredentialValveImpl.invoke(PasswordCredentialValveImpl.java:148)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.localization.impl.LocalizationValveImpl.invoke(LocalizationValveImpl.java:169)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.security.impl.AbstractSecurityValve$1.run(AbstractSecurityValve.java:117)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:454)
        at org.apache.jetspeed.security.impl.AbstractSecurityValve.invoke(AbstractSecurityValve.java:111)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.container.url.impl.PortalURLValveImpl.invoke(PortalURLValveImpl.java:67)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.capabilities.impl.CapabilityValveImpl.invoke(CapabilityValveImpl.java:128)
        at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166)
        at org.apache.jetspeed.pipeline.JetspeedPipeline.invoke(JetspeedPipeline.java:145)
        at org.apache.jetspeed.engine.JetspeedEngine.service(JetspeedEngine.java:214)
        at org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:232)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)

        Show
        Ate Douma added a comment - This problem still exists. If I enable permissions security on the (Castor) PageManager, Jetspeed fully breaks down: java.lang.NullPointerException at org.apache.jetspeed.om.page.ContentFragmentImpl$ContentFragmentList.isEmpty(ContentFragmentImpl.java:673) at org.apache.jetspeed.decoration.PageTheme.setupFragmentDecorations(PageTheme.java:77) at org.apache.jetspeed.decoration.PageTheme.<init>(PageTheme.java:52) at org.apache.jetspeed.decoration.DecorationFactoryImpl.getTheme(DecorationFactoryImpl.java:95) at org.apache.jetspeed.decoration.DecorationValve.invoke(DecorationValve.java:90) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.pipeline.valve.impl.ActionValveImpl.invoke(ActionValveImpl.java:147) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.container.ContainerValve.invoke(ContainerValve.java:76) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.profiler.impl.ProfilerValveImpl.invoke(ProfilerValveImpl.java:255) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.security.impl.LoginValidationValveImpl.invoke(LoginValidationValveImpl.java:159) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.security.impl.PasswordCredentialValveImpl.invoke(PasswordCredentialValveImpl.java:148) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.localization.impl.LocalizationValveImpl.invoke(LocalizationValveImpl.java:169) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.security.impl.AbstractSecurityValve$1.run(AbstractSecurityValve.java:117) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:454) at org.apache.jetspeed.security.impl.AbstractSecurityValve.invoke(AbstractSecurityValve.java:111) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.container.url.impl.PortalURLValveImpl.invoke(PortalURLValveImpl.java:67) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.capabilities.impl.CapabilityValveImpl.invoke(CapabilityValveImpl.java:128) at org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:166) at org.apache.jetspeed.pipeline.JetspeedPipeline.invoke(JetspeedPipeline.java:145) at org.apache.jetspeed.engine.JetspeedEngine.service(JetspeedEngine.java:214) at org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:232) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595)
        Hide
        David Sean Taylor added a comment -

        This may be fixed in trunk and 2.1.4 branch, needs to be tested again and closed if not a bug

        Show
        David Sean Taylor added a comment - This may be fixed in trunk and 2.1.4 branch, needs to be tested again and closed if not a bug
        Hide
        Randy Watler added a comment -

        The FragmentImpl.getFragments() can no longer return null values for either the Castor or DB PageManager implementations.

        This appears to have been fixed for JS2-633.

        Show
        Randy Watler added a comment - The FragmentImpl.getFragments() can no longer return null values for either the Castor or DB PageManager implementations. This appears to have been fixed for JS2-633 .

          People

          • Assignee:
            Randy Watler
            Reporter:
            David Jencks
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development