[GLASSFISH-19104] NullPointerException was thrown out when delete a nonexistent lifecycle module Created: 25/Sep/12  Updated: 25/Sep/12  Resolved: 25/Sep/12

Status: Resolved
Project: glassfish
Component/s: lifecycle_modules
Affects Version/s: 4.0_b54
Fix Version/s: 4.0_b56_ms5

Type: Bug Priority: Critical
Reporter: zhouronghui Assignee: Tim Quinn
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Windows XP, Windows 7

Attachments: Text File GLASSFISH-19104.patch    
Tags: admin


[Bug Description]
When executed "delete-lifecycle-module" command by specifing a name that does not exist, it will be failed and the NullPointerException was thrown out.

STEP1 Start the domain

asadmin> start-domain
Waiting for domain1 to start ..............................
Successfully started the domain : domain1
domain Location: D:\glassfish3\glassfish\domains\domain1
Log File: D:\glassfish3\glassfish\domains\domain1\logs\server.log
Admin Port: 4848
Command start-domain executed successfully.

STEP2. Execute the delete-lifecycle-module to delete a lifecycle-module that does not exist.

asadmin> delete-lifecycle-module not_exist
remote failure: User is not authorized for this command
Command delete-lifecycle-module failed.

[affected versions]
1 4.0_b54
2 Glassfish's trunk until 2012/09/25

Comment by zhouronghui [ 25/Sep/12 ]

The patch of GLASSFISH-19104

Comment by zhouronghui [ 25/Sep/12 ]

Dear Tom

I think it's caused by the NULL check was omitted
in DeleteLifecycleModuleCommand#getAccessChecks,
and I made a patch for this issue and attached to
the ISSUE. Would you please check it?

The NullPointerException was thrown out and
the stack trace in server.log was as follows:

	at java.net.URI$Parser.parse(URI.java:3004)
	at java.net.URI.<init>(URI.java:577)
	at java.net.URI.create(URI.java:839)
	at com.sun.enterprise.admin.util.CommandSecurityChecker.resourceURIFromAccessCheck(CommandSecurityChecker.java:244)
	at com.sun.enterprise.admin.util.CommandSecurityChecker.checkAccessRequired(CommandSecurityChecker.java:189)
	at com.sun.enterprise.admin.util.CommandSecurityChecker.authorize(CommandSecurityChecker.java:139)
	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:558)
	at java.lang.Thread.run(Thread.java:662)
Comment by Hong Zhang [ 25/Sep/12 ]

As Tim helped make this part of the security changes, I will let Tim take a look to see if the attached patch is the best place to fix (or should the NPE check made in CommandSecurityChecker.resourceURIFromAccessCheck so other similar code paths are covered as well).

Comment by Tim Quinn [ 25/Sep/12 ]

Fix checked in.

Project: glassfish
Repository: svn
Revision: 56123
Author: tjquinn
Date: 2012-09-25 15:54:10 UTC

Log Message:
Fix for 19104.

The code which prepares the access check did not adequately protect against a null resource name being used (which happens if the specified life cycle module does not exist).


Modified Paths:

Generated at Tue May 05 15:31:03 UTC 2015 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.