We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-19124

Encountered NullPointerException due to dangling permission left after an LDAP group or user is deleted from the LDAP server

      Confluence will throw a NullPointerException below when it receives a Null value instead of a Group / User name when checking for Group / User permission.

      2010-03-24 16:11:01,478 ERROR [http-8080-6] [atlassian.confluence.servlet.ConfluenceServletDispatcher] sendError Could not execute action
       -- url: /pages/getpagepermissions.action | userName: clan | referer: http://localhost:8080/display/permission/Clan%27s+restricted+page
      java.lang.NullPointerException
      	at com.atlassian.confluence.user.PermittedUserFinder.checkGroupExplicitlyPermitted(PermittedUserFinder.java:51)
      	at com.atlassian.confluence.user.PermittedUserFinder.makeResult(PermittedUserFinder.java:43)
      	at com.atlassian.confluence.pages.actions.GetPagePermissionsAction.execute(GetPagePermissionsAction.java:84)
      	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:168)
      	at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
      	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
      	at com.opensymphony.xwork.interceptor.DefaultWorkflowInterceptor.intercept(DefaultWorkflowInterceptor.java:55)
      	at com.atlassian.confluence.core.ConfluenceWorkflowInterceptor.intercept(ConfluenceWorkflowInterceptor.java:35)
      

      This can happen when an LDAP group / User was given a permission (eg. view, edit) in Confluence and then was deleted from the LDAP server.

      This problem will cause the specific user who created the permission in the first place to not able adding anymore permission to the space.

      Clicking on padlock or trying to edit Restrictions will result in the stack trace above in the log file.

      No error is visible from the browser.

      Workaround

      If you hit into this bug and not sure which group to remove from the permission list, the attached patch will help you to identify which groups are causing the problem.

      To install:

      1. Unzip the zip file into <confluence install>\confluence\WEB-INF\classes\com\atlassian\confluence
        The patch GetPagePermissionsAction.class should reside at <confluence install>\confluence\WEB-INF\classes\com\atlassian\confluence\pages\actions. If you don't have \pages\actions directories under <confluence install>\confluence\WEB-INF\classes\com\atlassian\confluence, create them.
      2. Add an extra line in <confluence install>\confluence\WEB-INF\classes\log4j.properties file:
        log4j.logger.com.atlassian.confluence.pages.actions.GetPagePermissionsAction=DEBUG
        
      3. Restart Confluence

      To use the patch:

      1. Visit the problematic page
      2. Click on padlock
      3. Check <confluence data>/logs/atlassian-confluence.log for something like below:
        010-03-25 11:23:13,212 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: ldap-group1. Fetched result is: null
        2010-03-25 11:23:13,228 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: confluence-administrators. Fetched result is: confluence-administrators
        2010-03-25 11:23:13,228 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: ldap-group2. Fetched result is: ldap-group2
        2010-03-25 11:23:13,228 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: ldap-group3. Fetched result is: ldap-group3
        2010-03-25 11:23:13,228 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: ldap-group4. Fetched result is: null
        

      In the above there are two LDAP groups that no longer exist (ldap-group1 and ldap-group4) and the Fetched result is null.

      For each of the identified groups, please remove by visiting Space Admin > Security > Restricted Pages. Click on the padlock icon for the problematic page, this will take you to a page info view where you can remove individual permissions.

      Use the same step above if you want to remove permissions for Null user objects.

      The patch will print similar information like above for user names:

      2010-04-01 11:32:31,250 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching user object for user name: clan. Fetched result is: clan
      2010-04-01 11:32:31,265 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching user object for user name: roy. Fetched result is: roy
      2010-04-01 11:32:31,265 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching user object for user name: bambang. Fetched result is: null
      

        1. findNullUsersAndGroups.patch
          2 kB
        2. pages.zip
          4 kB

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
            Uploaded image for project: 'Confluence Data Center'
            1. Confluence Data Center
            2. CONFSERVER-19124

            Encountered NullPointerException due to dangling permission left after an LDAP group or user is deleted from the LDAP server

                Confluence will throw a NullPointerException below when it receives a Null value instead of a Group / User name when checking for Group / User permission.

                2010-03-24 16:11:01,478 ERROR [http-8080-6] [atlassian.confluence.servlet.ConfluenceServletDispatcher] sendError Could not execute action
                 -- url: /pages/getpagepermissions.action | userName: clan | referer: http://localhost:8080/display/permission/Clan%27s+restricted+page
                java.lang.NullPointerException
                	at com.atlassian.confluence.user.PermittedUserFinder.checkGroupExplicitlyPermitted(PermittedUserFinder.java:51)
                	at com.atlassian.confluence.user.PermittedUserFinder.makeResult(PermittedUserFinder.java:43)
                	at com.atlassian.confluence.pages.actions.GetPagePermissionsAction.execute(GetPagePermissionsAction.java:84)
                	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:168)
                	at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
                	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
                	at com.opensymphony.xwork.interceptor.DefaultWorkflowInterceptor.intercept(DefaultWorkflowInterceptor.java:55)
                	at com.atlassian.confluence.core.ConfluenceWorkflowInterceptor.intercept(ConfluenceWorkflowInterceptor.java:35)
                

                This can happen when an LDAP group / User was given a permission (eg. view, edit) in Confluence and then was deleted from the LDAP server.

                This problem will cause the specific user who created the permission in the first place to not able adding anymore permission to the space.

                Clicking on padlock or trying to edit Restrictions will result in the stack trace above in the log file.

                No error is visible from the browser.

                Workaround

                If you hit into this bug and not sure which group to remove from the permission list, the attached patch will help you to identify which groups are causing the problem.

                To install:

                1. Unzip the zip file into <confluence install>\confluence\WEB-INF\classes\com\atlassian\confluence
                  The patch GetPagePermissionsAction.class should reside at <confluence install>\confluence\WEB-INF\classes\com\atlassian\confluence\pages\actions. If you don't have \pages\actions directories under <confluence install>\confluence\WEB-INF\classes\com\atlassian\confluence, create them.
                2. Add an extra line in <confluence install>\confluence\WEB-INF\classes\log4j.properties file:
                  log4j.logger.com.atlassian.confluence.pages.actions.GetPagePermissionsAction=DEBUG
                  
                3. Restart Confluence

                To use the patch:

                1. Visit the problematic page
                2. Click on padlock
                3. Check <confluence data>/logs/atlassian-confluence.log for something like below:
                  010-03-25 11:23:13,212 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: ldap-group1. Fetched result is: null
                  2010-03-25 11:23:13,228 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: confluence-administrators. Fetched result is: confluence-administrators
                  2010-03-25 11:23:13,228 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: ldap-group2. Fetched result is: ldap-group2
                  2010-03-25 11:23:13,228 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: ldap-group3. Fetched result is: ldap-group3
                  2010-03-25 11:23:13,228 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching group object for group name: ldap-group4. Fetched result is: null
                  

                In the above there are two LDAP groups that no longer exist (ldap-group1 and ldap-group4) and the Fetched result is null.

                For each of the identified groups, please remove by visiting Space Admin > Security > Restricted Pages. Click on the padlock icon for the problematic page, this will take you to a page info view where you can remove individual permissions.

                Use the same step above if you want to remove permissions for Null user objects.

                The patch will print similar information like above for user names:

                2010-04-01 11:32:31,250 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching user object for user name: clan. Fetched result is: clan
                2010-04-01 11:32:31,265 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching user object for user name: roy. Fetched result is: roy
                2010-04-01 11:32:31,265 DEBUG [http-8080-1] [confluence.pages.actions.GetPagePermissionsAction] execute Fetching user object for user name: bambang. Fetched result is: null
                

                  1. findNullUsersAndGroups.patch
                    2 kB
                  2. pages.zip
                    4 kB

                        matt@atlassian.com Matt Ryall
                        rhartono Roy Hartono [Atlassian]
                        Votes:
                        45 Vote for this issue
                        Watchers:
                        40 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                            Estimated:
                            Original Estimate - 8h
                            8h
                            Remaining:
                            Remaining Estimate - 8h
                            8h
                            Logged:
                            Time Spent - Not Specified
                            Not Specified

                              matt@atlassian.com Matt Ryall
                              rhartono Roy Hartono [Atlassian]
                              Affected customers:
                              45 This affects my team
                              Watchers:
                              40 Start watching this issue

                                Created:
                                Updated:
                                Resolved:

                                  Estimated:
                                  Original Estimate - 8h
                                  8h
                                  Remaining:
                                  Remaining Estimate - 8h
                                  8h
                                  Logged:
                                  Time Spent - Not Specified
                                  Not Specified