XMLWordPrintable

    Details

    • Type: Defect
    • Status: Done
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Sprint:
      DEV 2015-12-18

      Description

      ConcurrentHashMap absolutely cannot store nor retrieve null keys. If an attempt is made to retrieve (or store, or remove, etc.) an entry with a null key, a NullPointerException is thrown. This is exactly what happens due when a user visits the Guacamole login screen for the first time.

      java.lang.NullPointerException
      	java.util.concurrent.ConcurrentHashMap.replaceNode(ConcurrentHashMap.java:1106)
      	java.util.concurrent.ConcurrentHashMap.remove(ConcurrentHashMap.java:1097)
      	org.glyptodon.guacamole.net.basic.rest.auth.BasicTokenSessionMap.remove(BasicTokenSessionMap.java:170)
      	org.glyptodon.guacamole.net.basic.rest.auth.AuthenticationService.destroyGuacamoleSession(AuthenticationService.java:446)
      	org.glyptodon.guacamole.net.basic.rest.RESTExceptionWrapper.invoke(RESTExceptionWrapper.java:169)
      	sun.reflect.GeneratedMethodAccessor58.invoke(Unknown Source)
      	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	java.lang.reflect.Method.invoke(Method.java:497)
      	com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
      	com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
      	com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
      	com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
      	com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
      	com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
      	com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
      	com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511)
      	com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442)
      	com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391)
      	com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381)
      	com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
      	com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
      	com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      	com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
      	com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)
      	com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
      	com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)
      	com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)
      	com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)

      This is because:

      1. When a user is not logged (and has never been logged in) their initial visit to the login page triggers an authentication attempt without an existing token.
      2. This authentication attempt results in a security exception.
      3. This security exception implicitly invalidates the existing token (which is null because it does not exist).
      4. This was expected and fine previously, as remove(null) would simply remove nothing, but this is no longer the case as we have switched to ConcurrentHashMap. An NPE is thrown instead and no one can log in.

        Attachments

          Activity

            People

            Assignee:
            mike.jumper Michael Jumper
            Reporter:
            mike.jumper Michael Jumper
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: