Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-7549

[Java Broker] Authentication using SimpleLDAP authentication provider fails with NPE when caching of authentication results is enabled(by default)

    XMLWordPrintableJSON

Details

    Description

      Authentication with SimpleLDAP authentication provider fails due to the following exception:

      2016-11-24 12:59:12,878 WARN  [HttpManagement-testHTTP-158] (o.e.j.s.ServletHandler) - /service/sasl
java.lang.NullPointerException: null
        at org.apache.qpid.server.security.auth.manager.AuthenticationResultCacher.digestCredentials(AuthenticationResultCacher.java:116) ~[qpid-broker-core-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.security.auth.manager.AuthenticationResultCacher.getOrLoad(AuthenticationResultCacher.java:80) ~[qpid-broker-core-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.getOrLoadAuthenticationResult(SimpleLDAPAuthenticationManagerImpl.java:410) ~[qpid-broker-core-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.access$200(SimpleLDAPAuthenticationManagerImpl.java:83) ~[qpid-broker-core-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl$SimpleLDAPPlainCallbackHandler.handle(SimpleLDAPAuthenticationManagerImpl.java:669) ~[qpid-broker-core-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:87) ~[qpid-broker-core-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.authenticate(SimpleLDAPAuthenticationManagerImpl.java:312) ~[qpid-broker-core-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.security.SubjectCreator.authenticate(SubjectCreator.java:115) ~[qpid-broker-core-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.evaluateSaslResponse(SaslServlet.java:213) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.doPostWithSubjectAndActor(SaslServlet.java:135) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:121) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$2.run(AbstractServlet.java:117) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_74]
        at javax.security.auth.Subject.doAs(Subject.java:422) ~[na:1.8.0_74]
        at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doWithSubjectAndActor(AbstractServlet.java:218) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doPost(AbstractServlet.java:115) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) ~[geronimo-servlet_3.0_spec-1.0.jar:1.0]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:668) ~[geronimo-servlet_3.0_spec-1.0.jar:1.0]
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.apache.qpid.server.management.plugin.filter.ForbiddingAuthorisationFilter.doFilter(ForbiddingAuthorisationFilter.java:94) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter.doFilter(ForbiddingTraceFilter.java:65) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.apache.qpid.server.management.plugin.filter.LoggingFilter.doFilter(LoggingFilter.java:65) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247) ~[jetty-servlets-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210) ~[jetty-servlets-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter.doFilter(ExceptionHandlingFilter.java:56) ~[qpid-broker-plugins-management-http-6.1.0.jar:6.1.0]
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) ~[jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501) [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429) [jetty-servlet-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.server.Server.handle(Server.java:370) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) [jetty-server-8.1.17.v20150415.jar:8.1.17.v20150415]

      This issue only impacts authentication via Web Management Console (when SimpleLDAp authentication provider is configured for HTTP port). Due to NPE the authentication fails and user is not able to login to Web Management Console. Authentication over AMQP or preemptive authentication is not impacted by the issue.
      Disabling of the caching allows to work around the issue. The caching can be turned off by setting to 'null' or '0' or negative value any/all of the following context variables:

      • qpid.auth.cache.size
      • qpid.auth.cache.expiration_time
      • qpid.auth.cache.iteration_count

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. QPID-7562 Ensure that HTTP threads always carry a ManagementConnectionPrincipal

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              orudyy Alex Rudyy
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: