StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POJava EE 6 on Glassfish 3.1 CallbackHandler throws NullPointerException
primarykey
Id
7746940
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
8
CommunityOwnedDate
CreationDate
2011-10-12T21:38:45.400
FavoriteCount
2
LastActivityDate
2013-09-19T09:21:10.110
LastEditDate
LastEditorUserId
0
OwnerUserId
676506
ParentId
0
PostTypeId
1
Score
1
ViewCount
1227
LastEditorDisplayName
text
Body
I implemented an own LoginModule for a custom authentication process due to the need for find granular access control. The LoginModule looks like that: <pre><code>public class PasswordSafeLoginModule implements LoginModule { private Subject subject; private CallbackHandler callbackHandler; private Object sharedState; private Object options; private Set<Principal> principalsAdded; private boolean authenticated; private String username; private String password; @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = sharedState; this.options = options; } @Override public boolean abort() throws LoginException { // TODO return true; } @Override public boolean commit() throws LoginException { // TODO return false; } @Override public boolean login() throws LoginException { NameCallback nameCB = new NameCallback("Username"); PasswordCallback passwordCB = new PasswordCallback("Password", true); Callback[] callbacks = new Callback[] { nameCB, passwordCB }; try { callbackHandler.handle(callbacks); // Authenticate username/password username = nameCB.getName(); password = String.valueOf(passwordCB.getPassword()); // // lookup credentials // // TODO... return true; } catch (IOException e) { throw new LoginException(e.getMessage()); } catch (UnsupportedCallbackException e) { throw new LoginException(e.getMessage()); } } @Override public boolean logout() throws LoginException { logger.info("Logging out '" + username + "'..."); return false; } } </code></pre> I add this LoginModule configuration with a @Singleton bean on @Startup: <pre><code>@Singleton @Startup public class PasswordSafeJAASConfiguration extends Configuration { /** * This method just registers the configuration after the construction. */ @PostConstruct void init() { Configuration.setConfiguration(this); } @Override public AppConfigurationEntry[] getAppConfigurationEntry( String applicationName) { AppConfigurationEntry[] entries = new AppConfigurationEntry[1]; entries[0] = new AppConfigurationEntry( PasswordSafeLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, Object>()); return entries; } } </code></pre> The login shall be form based on an own JSF 2.0 page. I put everything into a composite:implementation for later reuse. The relevant part look like: <pre><code><form method="POST" action="j_security_check"> <h:messages /> <h:panelGrid columns="2" columnClasses="rightAlign,leftAlign"> <h:outputText value="Email address:" /> <h:inputText id="j_username" required="true" size="8"> <f:validator validatorId="emailAddressValidator" /> <f:validateLength minimum="5" maximum="128" /> </h:inputText> <h:outputText value="Password:" /> <h:inputText id="j_password" required="true" size="8" /> </h:panelGrid> <h:commandButton value="Login..." /> </form> </code></pre> When I try to test everything, I see in the logs (logging removed from the code above) that the configuration was added and that my own login module was started (initialize and login). But as soon as the CallbackHandler is started the callback handler throws a NullPointerException: <pre><code>Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException at com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler.handle(ServerLoginCallbackHandler.java:109) at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:955) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:951) at com.puresol.passwordsafe.jaas.PasswordSafeLoginModule.login(PasswordSafeLoginModule.java:70) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [...] </code></pre> What is happening here? Why is there a NullPointerException? I expect, that the CallbackHandler I get is from the underlying JAAS implementation and gives me the provided username and password back. Why is this not happening? I tried an alternative way. I let the JSF form put the username and password into a @ManagedBean and called the login procedure via HttpServletRequest: <pre><code>FacesContext context = FacesContext.getCurrentInstance(); HttpServletRequest request = (HttpServletRequest) context .getExternalContext().getRequest(); request.login(login.getEmail(), login.getPassword()); </code></pre> When I do this, I get an NullPointerException, too: <pre><code>Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException at com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler.handle(ServerLoginCallbackHandler.java:109) at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:955) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:951) at com.puresol.passwordsafe.jaas.PasswordSafeLoginModule.login(PasswordSafeLoginModule.java:70) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [...] </code></pre> My own LoginModule was called again and again the ServerLoginCallbackHandler throws a NullPointerException at the same position. Ok, that's reproducable and repeatable. But, in this variant I checked, that non-null values were put into login() for username and password. Where can I look now? What is the issue? Any glue will help. I puzzle on this issue for three days now and the web is not providing useful information on that. At least with the key words, I use...
Tags
<java-ee><java-ee-6><glassfish-3><jaas>
Title
Java EE 6 on Glassfish 3.1 CallbackHandler throws NullPointerException
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USRick-Rainer Ludwig
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POJava EE 6 on Glassfish 3.1 CallbackHandler throws NullPointerException
 UserUserId
 USpalacsint
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 POJava EE 6 on Glassfish 3.1 CallbackHandler throws NullPointerException
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POJava EE 6 on Glassfish 3.1 CallbackHandler throws NullPointerException
 UserUserId
 UShidehawk
 VoteTypeVoteTypeId
 VTFavorite
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.