[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [xmlblaster-devel] htpasswd security interceptor exception



Michael Atighetchi wrote:

I'm getting the following exception in the standard password security
interceptor (see below).

It seems like the only thing that could cause this is if the manager
get's initialized with a "null" global.

Yes, i wonder how this can happen.


In any case, I'd like to switch off all security interceptors in the node. Is there an easy way to do this ?

I have not yet tried this, these are the configurations:

Security.Server.Plugin[simple][1.0]=org.xmlBlaster.authentication.plugins.simple.Manager
Security.Server.Plugin[gui][1.0]=org.xmlBlaster.authentication.plugins.demo.Manager
Security.Server.Plugin[a2Blaster][1.0]=org.xmlBlaster.authentication.plugins.a2Blaster.Manager
Security.Server.Plugin[ldap][1.0]=org.xmlBlaster.authentication.plugins.ldap.Manager
Security.Server.Plugin[htpasswd][1.0]=org.xmlBlaster.authentication.plugins.htpasswd.Manager

# NONE switches off security checks in passwd file:
Security.Server.Plugin.htpasswd.secretfile=NONE
#Security.Server.Plugin.htpasswd.secretfile=${user.home}${file.separator}xmlBlaster.htpasswd

# Force on client side a specified plugin (as default)
# Only if you access xmlBlaster with java clients and
# use our helper class XmlBlasterAccess.java
# With "gui,1.0" will the server popup a GUI panel
#Security.Client.DefaultPlugin=htpasswd,1.0
Security.Client.Plugin[gui][1.0]=org.xmlBlaster.authentication.plugins.demo.ClientPlugin
Security.Client.Plugin[simple][1.0]=org.xmlBlaster.authentication.plugins.simple.ClientPlugin
Security.Client.Plugin[a2Blaster][1.0]=org.xmlBlaster.authentication.plugins.a2Blaster.ClientPlugin
Security.Client.Plugin[ldap][1.0]=org.xmlBlaster.authentication.plugins.ldap.ClientPlugin
Security.Client.Plugin[htpasswd][1.0]=org.xmlBlaster.authentication.plugins.htpasswd.ClientPlugin
#

You can just try it, and code handling the NULL securityQos in the code (especially in ConnectQos.java)
and commit this to xmlBlaster.
Probably the entry point is setting


Security.Client.DefaultPlugin=undef

for all clients

regards

Marcel


Thanks Michael

--------

[Jun 2, 2003 2:41:36 PM TRACE PluginManagerBase] Found I_Plugin 'org.xmlBlaster.authentication.plugins.htpasswd.Manager', loaded by PluginClassLoader
java.lang.NullPointerException
       at org.xmlBlaster.authentication.plugins.htpasswd.Session.<init>(Session.java:50)
       at org.xmlBlaster.authentication.plugins.htpasswd.Manager.reserveSession(Manager.java:60)
       at org.xmlBlaster.authentication.Authenticate.connect(Authenticate.java:252)
       at org.xmlBlaster.protocol.corba.AuthServerImpl.connect(AuthServerImpl.java:225)
       at org.xmlBlaster.protocol.corba.AuthServerImpl.connect(AuthServerImpl.java:185)
       at org.xmlBlaster.protocol.corba.authenticateIdl.AuthServerPOATie.connect(AuthServerPOATie.java:48)
       at org.xmlBlaster.protocol.corba.authenticateIdl.AuthServerPOA._invoke(AuthServerPOA.java:55)
       at org.jacorb.poa.RequestProcessor.invokeOperation(RequestProcessor.java:247)
       at org.jacorb.poa.RequestProcessor.process(RequestProcessor.java:496)
       at org.jacorb.poa.RequestProcessor.run(RequestProcessor.java:635)
[Jun 2, 2003 2:41:36 PM TRACE Authenticate-/node/djmproxy_xxx.xxx.xxx.xxx] PANIC: Access is denied: null
java.lang.NullPointerException
       at org.xmlBlaster.authentication.plugins.htpasswd.Session.<init>(Session.java:50)
       at org.xmlBlaster.authentication.plugins.htpasswd.Manager.reserveSession(Manager.java:60)
       at org.xmlBlaster.authentication.Authenticate.connect(Authenticate.java:252)
       at org.xmlBlaster.protocol.corba.AuthServerImpl.connect(AuthServerImpl.java:225)
       at org.xmlBlaster.protocol.corba.AuthServerImpl.connect(AuthServerImpl.java:185)
       at org.xmlBlaster.protocol.corba.authenticateIdl.AuthServerPOATie.connect(AuthServerPOATie.java:48)
       at org.xmlBlaster.protocol.corba.authenticateIdl.AuthServerPOA._invoke(AuthServerPOA.java:55)
       at org.jacorb.poa.RequestProcessor.invokeOperation(RequestProcessor.java:247)
       at org.jacorb.poa.RequestProcessor.process(RequestProcessor.java:496)
       at org.jacorb.poa.RequestProcessor.run(RequestProcessor.java:635)
[Jun 2, 2003 2:41:36 PM TRACE Authenticate-/node/djmproxy_xxx.xxx.xxx.xxx] PANIC: Access is denied: null