Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14755

NullPointerException if auth module callback xml file can not be retrieved by ResourceLookup

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 7.0.0
    • Fix Version/s: None
    • Component/s: authentication
    • Labels:
    • Environment:
      Oracle JDK jdk1.8.0_201
      Apache Tomcat/9.0.8
      AM 7.0.0 (e9b1c54971b3f674b681042deb77a9586c9c46a9)
    • Support Ticket IDs:

      Description

      Bug description

      NullPointerException seen in Authentication debug log if callback xml can not be found.

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Configure AM
      2. Deploy custom non-interactive auth module
      3. Do not put empty callback xml file in directory /config/auth/default_en/
      4. Perform authentication using custom auth module
      Expected behaviour
      No NullPointerException should be seen
      
      Current behaviour (log excerpt from AM 6.0.0.4 code base)
      amAuthClientUtils:04/09/2019 01:41:01:243 PM CEST: Thread[http-apr-80-exec-10,5,main]: TransactionId[7ceca940-a43e-4982-bd36-28cc937deebe-4134]
      Calling ResourceLookup: filename='DTSFederationAuth.xml', defaultOrg='openam', locale='en_US', filePath='/html/fed', orgPath='/services/das'^M
      amAuthClientUtils:04/09/2019 01:41:01:254 PM CEST: Thread[http-apr-80-exec-10,5,main]: TransactionId[7ceca940-a43e-4982-bd36-28cc937deebe-4134]
      resourceName='null'^M
      amAuthClientUtils:04/09/2019 01:41:01:254 PM CEST: Thread[http-apr-80-exec-10,5,main]: TransactionId[7ceca940-a43e-4982-bd36-28cc937deebe-4134]
      File/Resource is : null^M
      amLoginModule:04/09/2019 01:41:01:254 PM CEST: Thread[http-apr-80-exec-10,5,main]: TransactionId[7ceca940-a43e-4982-bd36-28cc937deebe-4134]
      AMLoginModule resbundle locale=en_US^M
      amLoginModule:04/09/2019 01:41:01:254 PM CEST: Thread[http-apr-80-exec-10,5,main]: TransactionId[7ceca940-a43e-4982-bd36-28cc937deebe-4134]
      Login, class = com.example.DTSFederationAuth, module=dtsfed, file=null^M
      ...
      amLoginModule:04/09/2019 01:41:01:256 PM CEST: Thread[http-apr-80-exec-10,5,main]: TransactionId[7ceca940-a43e-4982-bd36-28cc937deebe-4134]
      This module is not done yet. CurrentState: 1^M
      amAuth:04/09/2019 01:41:01:256 PM CEST: Thread[http-apr-80-exec-10,5,main]: TransactionId[7ceca940-a43e-4982-bd36-28cc937deebe-4134]
      getModuleProperties: Error:
      java.lang.NullPointerException^M
              at com.sun.identity.authentication.spi.AMModuleProperties.getModuleProperties(AMModuleProperties.java:144)^M
              at com.sun.identity.authentication.spi.AMLoginModule.forceCallbacksInit(AMLoginModule.java:629)^M
              at com.sun.identity.authentication.spi.AMLoginModule.getCallback(AMLoginModule.java:595)^M
              at com.sun.identity.authentication.spi.AMLoginModule.getCallback(AMLoginModule.java:566)^M
              at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1173)^M
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)^M
      
      

      Work around

      Place emtpy callback XML in directory /config/auth/defaul_en/ of the AM web application.

      Code analysis (AM master , e9b1c54971b3f674b681042deb77a9586c9c46a9)

       

      com.sun.identity.authentication.spi.AMModuleProperties.java
      ...
          public static List getModuleProperties(String fileName) throws AuthLoginException {
              List propertiesList = (List) moduleProps.get(fileName);
      
              if (propertiesList != null) {
                 return propertiesList;
              }
      
              ServletContext servletContext = AuthD.getAuth().getServletContext();
              InputStream resStream = null;
              try {
                  if (servletContext != null) {
                      resStream = servletContext.getResourceAsStream(fileName);
                  }
      
                  if (resStream == null) {
                      // remove leading '/' from fileName
                      resStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileName.substring(1));
                  } 
      ...
      

      Null check for 'filenName' right at the beginning?

              if (StringUtils.isEmpty(fileName)) {
                  throw new AuthLoginException(...)
              }
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: