glassfish
  1. glassfish
  2. GLASSFISH-11345

Obtaining permissions with getPolicy() and JACC principals causes NullPointerException

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Cannot Reproduce
    • Affects Version/s: V3
    • Fix Version/s: V3
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: Linux

    • Issuezilla Id:
      11,345

      Description

      Hello,

      On stable version of GFv3 when I execute from servlet following lines of code:
      Subject subject = (Subject)
      PolicyContext.getContext("javax.security.auth.Subject.container");
      Set<Principal> principals = subject.getPrincipals();
      final Principal[] principalsArray =
      subject.getPrincipals().toArray(new Principal[7]);
      if (principals == null || principals.isEmpty())
      return foundUserRoles; // This should be empty
      CodeSource source = new CodeSource(null, new CodeSigner[0]);
      ProtectionDomain pd = new ProtectionDomain(source, null, null,
      principalsArray);
      PermissionCollection pc = Policy.getPolicy().getPermissions(pd);
      <-- Here's exception

      On last line i got following exception:
      Subject subject = (Subject)
      PolicyContext.getContext("javax.security.auth.Subject.container");
      Set<Principal> principals = subject.getPrincipals();
      final Principal[] principalsArray =
      subject.getPrincipals().toArray(new Principal[7]);
      if (principals == null || principals.isEmpty())
      return foundUserRoles; // This should be empty
      CodeSource source = new CodeSource(null, new CodeSigner[0]);
      ProtectionDomain pd = new ProtectionDomain(source, null, null,
      principalsArray);
      PermissionCollection pc = Policy.getPolicy().getPermissions(pd);
      <rest is application server logic>

      In general server calls the portion of code using reflection, but this code
      should done well as the part of JACC specification.

        Activity

        Hide
        rsmogura added a comment -

        Ah ..., sometimes after redeploy problem disappears, but after some time (few
        minutes) it happens again. I don't think this is problem with invalidated
        sessions, as only one found solution is to redeploy app.

        As the result of above method I should get a list with WebRoleRefPermission,
        EJBRoleRefPermission or UnresolvedPermission (pointing to the above permissions).

        Show
        rsmogura added a comment - Ah ..., sometimes after redeploy problem disappears, but after some time (few minutes) it happens again. I don't think this is problem with invalidated sessions, as only one found solution is to redeploy app. As the result of above method I should get a list with WebRoleRefPermission, EJBRoleRefPermission or UnresolvedPermission (pointing to the above permissions).
        Hide
        rsmogura added a comment -

        After some investigation there is no connection between deploy, sessions, etc,
        it's looks like this problem occurs always, just "no exception" is caused by my
        application logic, when no pricipals (not logged user) return empty list of roles.

        Show
        rsmogura added a comment - After some investigation there is no connection between deploy, sessions, etc, it's looks like this problem occurs always, just "no exception" is caused by my application logic, when no pricipals (not logged user) return empty list of roles.
        Hide
        Nithya Ramakrishnan added a comment -

        We are unable to reproduce the issue. Could you pls provide us more details like
        the stack trace, details on how you are obtaining the Subject (or the complete
        app).Also have you turned on the Security Manager?

        Show
        Nithya Ramakrishnan added a comment - We are unable to reproduce the issue. Could you pls provide us more details like the stack trace, details on how you are obtaining the Subject (or the complete app).Also have you turned on the Security Manager?
        Hide
        rsmogura added a comment -

        Sorry for missing backtrace, it's part of trace about exception

        Caused by: java.lang.NullPointerException
        at sun.security.provider.PolicyFile.checkEntryPs(PolicyFile.java:1512)
        at sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1442)
        at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1270)
        at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1235)
        at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1171)
        at
        com.sun.enterprise.security.provider.BasePolicyWrapper.getPermissions(BasePolicyWrapper.java:208)
        at [my line of code marked in previous post PermissionCollection pc =
        Policy.getPolicy().getPermissions(pd);]

        and yes I tried this with an without SM

        Show
        rsmogura added a comment - Sorry for missing backtrace, it's part of trace about exception Caused by: java.lang.NullPointerException at sun.security.provider.PolicyFile.checkEntryPs(PolicyFile.java:1512) at sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1442) at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1270) at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1235) at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1171) at com.sun.enterprise.security.provider.BasePolicyWrapper.getPermissions(BasePolicyWrapper.java:208) at [my line of code marked in previous post PermissionCollection pc = Policy.getPolicy().getPermissions(pd);] and yes I tried this with an without SM
        Hide
        Nithya Ramakrishnan added a comment -

        Could you please attach the application that is throwing this error and the steps
        that you have followed? That would help us to reproduce the issue exactly.

        Show
        Nithya Ramakrishnan added a comment - Could you please attach the application that is throwing this error and the steps that you have followed? That would help us to reproduce the issue exactly.
        Hide
        kumarjayanti added a comment -

        marking issue as worksforme. Please provide testcase incase you see this with
        latest V3.1 builds.

        thanks.

        Show
        kumarjayanti added a comment - marking issue as worksforme. Please provide testcase incase you see this with latest V3.1 builds. thanks.

          People

          • Assignee:
            kumarjayanti
            Reporter:
            rsmogura
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: