Uploaded image for project: 'Commons'
  1. Commons
  2. COMMONS-304

NPE for expired JWTs when examining expiration of coolOffPeriod

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 23.0.0
    • 23.0.0, 23.1.0, 24.0.0, 22.0.12
    • None

      Description

      Logic in AbstractJwtSessionModule#secureResponse which calls hasCoolOffPeriodExpired, does not handle the fact that the Jwt returned from verifySessionJwt could be null, which will occur upon Jwt expiration. See example stack trace, generated from > 120minute test for IDM, which configures the Jwt token lifetime to be 120 minutes. It appears that any expired Jwt session will trigger this NPE.

       

      SEVERE: RuntimeException caught
      java.lang.NullPointerException
      at org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule.hasCoolOffPeriodExpired(AbstractJwtSessionModule.java:324)
      at org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule.secureResponse(AbstractJwtSessionModule.java:449)
      at org.forgerock.jaspi.modules.session.jwt.JwtSessionModule.secureResponse(JwtSessionModule.java:168)
      at org.forgerock.openidm.auth.modules.AbstractModuleWrapper.secureResponse(AbstractModuleWrapper.java:236)
      at org.forgerock.openidm.auth.modules.IDMAuthModuleWrapper.secureResponse(IDMAuthModuleWrapper.java:243)
      at org.forgerock.openidm.auth.modules.AbstractModuleWrapper.secureResponse(AbstractModuleWrapper.java:236)
      at org.forgerock.caf.authentication.framework.AuthModules$WrappedAuthModule.secureResponse(AuthModules.java:521)
      at org.forgerock.caf.authentication.framework.AuthModules$LoggingAuthModule.secureResponse(AuthModules.java:454)
      at org.forgerock.caf.authentication.framework.AuthModules$WrappedAuthModule.secureResponse(AuthModules.java:521)
      at org.forgerock.caf.authentication.framework.AuthModules$SessionAuditingAuthModule.secureResponse(AuthModules.java:380)
      at org.forgerock.caf.authentication.framework.AuthModules$WrappedAuthModule.secureResponse(AuthModules.java:521)
      at org.forgerock.caf.authentication.framework.AuthModules$ValidatingAuthModule.secureResponse(AuthModules.java:303)
      at org.forgerock.caf.authentication.framework.SessionAuthContext.secureResponse(SessionAuthContext.java:87)
      at org.forgerock.caf.authentication.framework.AggregateAuthContext.lambda$secureResponse$2(AggregateAuthContext.java:117)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:216)
      at org.forgerock.caf.authentication.framework.AggregateAuthContext.secureResponse(AggregateAuthContext.java:115)
      at org.forgerock.caf.authentication.framework.AuthContexts$WrappedAuthContext.secureResponse(AuthContexts.java:328)
      at org.forgerock.caf.authentication.framework.AuthContexts$LoggingAuthContext.secureResponse(AuthContexts.java:284)
      at org.forgerock.caf.authentication.framework.AuthContexts$WrappedAuthContext.secureResponse(AuthContexts.java:328)
      at org.forgerock.caf.authentication.framework.AuthContexts$WrappedAuthContext.secureResponse(AuthContexts.java:328)
      at org.forgerock.caf.authentication.framework.AuthContexts$ValidatingAuthContext.secureResponse(AuthContexts.java:195)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.secureResponse(AuthenticationFramework.java:195)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$grantAccess$2(AuthenticationFramework.java:190)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:216)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
      at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
      at org.forgerock.openidm.auth.AuthFilterWrapper.filter(AuthFilterWrapper.java:87)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:254)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
      at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:83)
      at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:301)
      at sun.reflect.GeneratedMethodAccessor107.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.forgerock.openidm.servletregistration.impl.ServletRegistrationSingleton$FilterProxy.invoke(ServletRegistrationSingleton.java:296)
      at com.sun.proxy.$Proxy53.doFilter(Unknown Source)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:257)
      at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:220)
      at sun.reflect.GeneratedMethodAccessor107.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.forgerock.openidm.servletregistration.impl.ServletRegistrationSingleton$FilterProxy.invoke(ServletRegistrationSingleton.java:296)
      at com.sun.proxy.$Proxy53.doFilter(Unknown Source)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:257)
      at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:220)
      at sun.reflect.GeneratedMethodAccessor107.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.forgerock.openidm.servletregistration.impl.ServletRegistrationSingleton$FilterProxy.invoke(ServletRegistrationSingleton.java:296)
      at com.sun.proxy.$Proxy53.doFilter(Unknown Source)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
      at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
      at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:276)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
      at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
      at org.eclipse.jetty.server.Server.handle(Server.java:499)
      at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
      at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
      at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
      at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
      at java.lang.Thread.run(Thread.java:748)

        Attachments

          Issue Links

            Activity

              People

              dhogan Dirk Hogan
              dhogan Dirk Hogan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: