Spring Security
  1. Spring Security
  2. SEC-1820

NPE in OpenID4JavaConsumer.fetchAxAttributes

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0.RC2
    • Fix Version/s: 3.1.0
    • Component/s: OpenID
    • Labels:
      None

      Description

      I am not sure what more details I need to provide - please let me know.

      java.lang.NullPointerException
          org.springframework.security.openid.OpenID4JavaConsumer.fetchAxAttributes(OpenID4JavaConsumer.java:205)
          org.springframework.security.openid.OpenID4JavaConsumer.endConsumption(OpenID4JavaConsumer.java:184)
          org.springframework.security.openid.OpenIDAuthenticationFilter.attemptAuthentication(OpenIDAuthenticationFilter.java:143)
          org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
          org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
          org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
          org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
          org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
          org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
          org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
          org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
          org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:175)
          org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
          org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
      

        Activity

        Hide
        Luke Taylor added a comment -

        Looks like a problem with attribute fetching (I'm guessing you aren't specifying any attributes?)

        I've added a null check which should cater for this case. Please try with a nightly build.

        Show
        Luke Taylor added a comment - Looks like a problem with attribute fetching (I'm guessing you aren't specifying any attributes?) I've added a null check which should cater for this case. Please try with a nightly build.
        Hide
        Kees de Kooter added a comment -

        These are the ones I am trying to fetch:

        <attribute-exchange>
        <openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/>
        <openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" />
        <openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true" />
        <openid-attribute name="language" type="http://axschema.org/pref/language" required="true" />
        <openid-attribute name="gender" type="http://axschema.org/gender" required="true" />
        <openid-attribute name="image" type="http://axschema.org/media/image/default" required="true" />
        </attribute-exchange>

        Show
        Kees de Kooter added a comment - These are the ones I am trying to fetch: <attribute-exchange> <openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/> <openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" /> <openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true" /> <openid-attribute name="language" type="http://axschema.org/pref/language" required="true" /> <openid-attribute name="gender" type="http://axschema.org/gender" required="true" /> <openid-attribute name="image" type="http://axschema.org/media/image/default" required="true" /> </attribute-exchange>
        Hide
        Kees de Kooter added a comment -

        Would setting required to false make a difference?

        Show
        Kees de Kooter added a comment - Would setting required to false make a difference?
        Hide
        Luke Taylor added a comment -

        No. Please explain whether the problem is intermittent or reproducible. And please try with the latest release (RC3) so that the stacktrace matches the current source.

        Show
        Luke Taylor added a comment - No. Please explain whether the problem is intermittent or reproducible. And please try with the latest release (RC3) so that the stacktrace matches the current source.
        Hide
        Kees de Kooter added a comment -

        Looks like it is intermittent. With RC3 I am bumping into SEC-1815.
        Will try to find some time to test with the nightlies.

        Show
        Kees de Kooter added a comment - Looks like it is intermittent. With RC3 I am bumping into SEC-1815 . Will try to find some time to test with the nightlies.
        Hide
        Luke Taylor added a comment - - edited

        You can easily workaround SEC-1815 by using the 4.1.1 HttpClient jar file.

        Show
        Luke Taylor added a comment - - edited You can easily workaround SEC-1815 by using the 4.1.1 HttpClient jar file.
        Hide
        Luke Taylor added a comment -

        Could you clarify whether this is still a problem with the current snapshots?

        Show
        Luke Taylor added a comment - Could you clarify whether this is still a problem with the current snapshots?
        Hide
        Luke Taylor added a comment -

        No further input, so assuming that the null check fixed the issue.

        Show
        Luke Taylor added a comment - No further input, so assuming that the null check fixed the issue.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Kees de Kooter
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: