Uploaded image for project: 'ZK Spring'
  1. ZK Spring
  2. ZKSPRING-54

Spring security NPE with "dummy"-requests

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Normal Normal
    • 4.0.0
    • 3.2.0
    • security
    • None

      a NPE occurs when ZK Spring security tries to intercept a "dummy" request

      A Serverpush-dummy-request does not have an associated component so that the event interceptor fails to build the path for it.
      org.zkoss.spring.security.intercept.zkevent.ZkEventProcessDefinitionSourceImpl.toPath(ZkEventProcessDefinitionSourceImpl.java:151)

      SEVERE: Failed to invoke class org.zkoss.spring.security.ui.ZkExceptionTranslationListener
java.lang.RuntimeException: java.lang.NullPointerException
 at org.zkoss.spring.security.ui.ZkExceptionTranslationListener$1.doFilter(ZkExceptionTranslationListener.java:157)
 at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
 at org.zkoss.spring.security.ui.ZkExceptionTranslationListener.doExceptionTranslationFiltering(ZkExceptionTranslationListener.java:141)
 at org.zkoss.spring.security.ui.ZkExceptionTranslationListener.cleanup(ZkExceptionTranslationListener.java:123)
 at org.zkoss.zk.ui.util.Configuration.newEventThreadCleanups(Configuration.java:571)
 at org.zkoss.zk.ui.impl.UiEngineImpl.processEvent(UiEngineImpl.java:1830)
 at org.zkoss.zk.ui.impl.UiEngineImpl.process(UiEngineImpl.java:1621)
 at org.zkoss.zk.ui.impl.UiEngineImpl.execUpdate(UiEngineImpl.java:1321)
 at org.zkoss.zk.au.http.DHtmlUpdateServlet.process(DHtmlUpdateServlet.java:611)
 at org.zkoss.zk.au.http.DHtmlUpdateServlet.doGet(DHtmlUpdateServlet.java:485)
 at org.zkoss.zk.au.http.DHtmlUpdateServlet.doPost(DHtmlUpdateServlet.java:494)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
 at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.zkoss.spring.security.ui.ZkLoginOKFilter.doFilter(ZkLoginOKFilter.java:136)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
 at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.zkoss.spring.security.ui.ZkEnableSessionInvalidateFilter.doFilter(ZkEnableSessionInvalidateFilter.java:64)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.zkoss.spring.security.ui.ZkDisableSessionInvalidateFilter.doFilter(ZkDisableSessionInvalidateFilter.java:72)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.zkoss.spring.security.ui.ZkError403Filter.doFilter(ZkError403Filter.java:88)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.zkoss.spring.security.config.ZkDesktopReuseFilter.doFilter(ZkDesktopReuseFilter.java:115)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:217)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
 at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
 at org.zkoss.spring.security.intercept.zkevent.ZkEventProcessDefinitionSourceImpl.toPath(ZkEventProcessDefinitionSourceImpl.java:151)
 at org.zkoss.spring.security.intercept.zkevent.ZkEventProcessDefinitionSourceImpl.getAttributes(ZkEventProcessDefinitionSourceImpl.java:135)
 at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:174)
 at org.zkoss.spring.security.intercept.zkevent.ZkEventProcessInterceptor.beforeInvocation(ZkEventProcessInterceptor.java:57)
 at org.zkoss.spring.security.intercept.zkevent.ZkEventProcessListener.beforeProcessEvent(ZkEventProcessListener.java:86)
 at org.zkoss.zk.ui.impl.EventInterceptors.beforeProcessEvent(EventInterceptors.java:146)
 at org.zkoss.zk.ui.util.Configuration.beforeProcessEvent(Configuration.java:2761)
 at org.zkoss.zk.ui.impl.DesktopImpl.beforeProcessEvent(DesktopImpl.java:1235)
 at org.zkoss.zk.ui.impl.EventProcessor.process(EventProcessor.java:130)
 at org.zkoss.zk.ui.impl.UiEngineImpl.processEvent(UiEngineImpl.java:1826)
 ... 68 more

      This problem did not occur in 3.1.1 and is a side effect of the commit for ZKSPRING-39

            henrichen henrichen
            cor3000 cor3000
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: