sample contacts application - null pointer exception

[rajnish.srivastava]

I tried to deploy the sample contacts web application on jrun. I ran into some issues with ContextLoaderListener but it worked after using ContextLoaderServlet and the patch from CVS. So far so good. The problem is when I try to login using the manage link, jrun gives the following excpetion:

java.lang.NullPointerException
at java.util.Hashtable.put(Hashtable.java:386)
at jrun.servlet.session.JRunSession.setAttribute(JRun Session.java:270)
at net.sf.acegisecurity.ui.AbstractProcessingFilter.d oFilter(AbstractProcessingFilter.java:350)
at net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:105)
at jrun.servlet.FilterChain.doFilter(FilterChain.java :94)
at jrun.servlet.FilterChain.service(FilterChain.java: 101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker. java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvok erChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequ estDispatcher.java:241)
at jrun.servlet.ServletEngineService.dispatch(Servlet EngineService.java:527)
at jrun.servlet.http.WebService.invokeRunnable(WebSer vice.java:172)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invok eRunnable(ThreadPool.java:348)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRu nnable(ThreadPool.java:451)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeR unnable(ThreadPool.java:294)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java :66)

There are two problems:
1. Why was the request not authenticated even after putting correct username and password?
2. I saw the code of AbstractProcessingFilter..it is trying to set null into session in case of login failure (line number 350)..which is not allowed in jrun..

any comments?

[Ben Alex]

Which version of JRun? Could you point me in the direction of some docs re the JRun prohibition on nulls in HttpSession? Also, could you please post here your web.xml and debug-level logging from Acegi Security so we can see what is happening.

[rajnish.srivastava]

Thanx for your response.

I am using Jrun version 4. If you consult the java docs of jrunsession class (http://livedocs.macromedia.com/jrun/...unSession.html), you can find the following comments:

********************
public void setAttribute(java.lang.String name,
java.lang.Object value)
throws java.lang.IllegalStateException
Binds the specified object into the session's application layer data with the given name. Any existing binding with the same name is replaced. If the new (or existing) value implements the JRunSessionBindingListener interface, it is notified appropriately.
Parameters:
name - the name to which the data object will be bound. This may not be null.
vlaue - the data object to be bound. This may not be null.
*********************

Regarding my previous post, I would like to add that I was properly authenticated but the crash came after getting authenticated. Here is my web.xml

***********************
<?xml version="1.0" encoding="UTF-8"?>

<!--
- Contacts web application
- $Id: web.xml,v 1.9 2004/08/03 07:18:33 benalex Exp $
- File will be copied into WAR's WEB-INF directory if NOT using container adapter
-->

<web-app>

<display-name>Contacts Sample Application</display-name>

<description>
Example of an application secured using Acegi Security System for Spring.
</description>

<!--
- Loads the root application context of this web app at startup,
- by default from "/WEB-INF/applicationContext.xml".
- Use WebApplicationContextUtils.getWebApplicationContex t(servletContext)
- to access it anywhere in the web application, outside of the framework.
-->
<servlet>
<servlet-name>ContextLoaderServlet</servlet-name>
<servlet-class>org.springframework.web.context.ContextLoade rServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>


<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>

<filter>
<filter-name>Acegi Channel Processing Filter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.securechannel.ChannelPr ocessingFilter</param-value>
</init-param>
<init-param>
<param-name>init</param-name>
<param-value>lazy</param-value>
</init-param>
</filter>

<filter>
<filter-name>Acegi Authentication Processing Filter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.ui.webapp.Authenticatio nProcessingFilter</param-value>
</init-param>
<init-param>
<param-name>init</param-name>
<param-value>lazy</param-value>
</init-param>
</filter>

<filter>
<filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.ui.basicauth.BasicProce ssingFilter</param-value>
</init-param>
<init-param>
<param-name>init</param-name>
<param-value>lazy</param-value>
</init-param>
</filter>

<filter>
<filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.ui.AutoIntegrationFilte r</param-value>
</init-param>
<init-param>
<param-name>init</param-name>
<param-value>lazy</param-value>
</init-param>
</filter>

<filter>
<filter-name>Acegi HTTP Request Security Filter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.intercept.web.SecurityE nforcementFilter</param-value>
</init-param>
<init-param>
<param-name>init</param-name>
<param-value>lazy</param-value>
</init-param>
</filter>

<!-- Remove the comments from the following <filter-mapping> if you'd
like to ensure secure URLs are only available over HTTPS -->
<!--
<filter-mapping>
<filter-name>Acegi Channel Processing Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->

<filter-mapping>
<filter-name>Acegi Authentication Processing Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>Acegi HTTP Request Security Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>


<!--
- Servlet that dispatches request to registered handlers (Controller implementations).
- Has its own application context, by default defined in "{servlet-name}-servlet.xml",
- i.e. "contacts-servlet.xml".
-
- A web app can contain any number of such servlets.
- Note that this web app does not have a shared root application context,
- therefore the DispatcherServlet contexts do not have a common parent.
-->
<servlet>
<servlet-name>contacts</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet>
<servlet-name>caucho</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>

<!--
- Maps the contacts dispatcher to /*.
-
-->
<servlet-mapping>
<servlet-name>contacts</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>

<!--
- Dispatcher servlet mapping for HTTP remoting via the Caucho protocols,
- i.e. Hessian and Burlap (see caucho-servlet.xml for the controllers).
-->
<servlet-mapping>
<servlet-name>caucho</servlet-name>
<url-pattern>/caucho/*</url-pattern>
</servlet-mapping>

<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

<taglib>
<taglib-uri>/spring</taglib-uri>
<taglib-location>/WEB-INF/spring.tld</taglib-location>
</taglib>

</web-app>
*****************************

I am not sure where is the setting for debug level for acegi. Hope this helps.

[Ben Alex]

If you edit the AbstractProcessingFilter and use HttpSession.removeAttribute instead of setting it to null, does the application work with JRun as intended? If so I'll update CVS.

[rajnish.srivastava]

Yes it works.
Thanx

[Ben Alex]

I've just committed the change to CVS.