Details
-
Bug
-
Resolution: Duplicate
-
Low
-
None
-
2.5.4
Description
CRC-2681 is an example of throwing a 500 when authentication fails for Trusted Apps (at least without auto-add enabled).
We should actively handle the case and return an appropriate 4XX error.
The problem is that DefaultUserManager.createTrustedUserLoginImpl potentially creates a UserLogin from a null user. Here is the stack trace seen:
2011-06-01 16:25:11,529 ERROR [btpool0-3 ] org.mortbay.log org.mortbay.log.Slf4jLog-warn - /rest-service/projects-v1
java.lang.NullPointerException
at com.cenqua.fisheye.user.UserLogin.<init>(UserLogin.java:15)
at com.cenqua.fisheye.user.DefaultUserManager.createTrustedUserLoginImpl(DefaultUserManager.java:691)
at com.cenqua.fisheye.user.DefaultUserManager.createTrustedUserLogin(DefaultUserManager.java:660)
at com.cenqua.fisheye.user.DefaultUserManager.createTrustedUserLogin(DefaultUserManager.java:668)
at com.atlassian.fisheye.trustedapplications.FisheyeUserResolver.resolve(FisheyeUserResolver.java:18)
at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationFilterAuthenticator.authenticate(TrustedApplicationFilterAuthenticator.java:108)
at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.authenticate(TrustedApplicationsFilter.java:113)
at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:95)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.mortbay.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1264)
at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:69)
at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77)
at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63)
at org.mortbay.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1264)
at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:78)
at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:154)
at com.cenqua.fisheye.web.filters.CustomIncludableGzipFilter.doFilter(CustomIncludableGzipFilter.java:21)
at org.mortbay.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1264)
at com.cenqua.fisheye.web.filters.ProductInfoFilter.doFilter(ProductInfoFilter.java:36)
at org.mortbay.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1264)
at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77)
at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63)
at org.mortbay.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1264)
at com.cenqua.fisheye.web.filters.UpfrontFilter.doFilter(UpfrontFilter.java:52)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.mortbay.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1264)
at com.atlassian.fecru.profiling.ProfilingServletFilter.doFilter(ProfilingServletFilter.java:73)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.mortbay.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1264)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
Attachments
Issue Links
- duplicates
-
-
- Closed
-