Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-1820

NPE in OpenID4JavaConsumer.fetchAxAttributes

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0.RC2
    • Fix Version/s: 3.1.0
    • Component/s: OpenID
    • Labels:
      None

      Description

      I am not sure what more details I need to provide - please let me know.

      java.lang.NullPointerException
          org.springframework.security.openid.OpenID4JavaConsumer.fetchAxAttributes(OpenID4JavaConsumer.java:205)
          org.springframework.security.openid.OpenID4JavaConsumer.endConsumption(OpenID4JavaConsumer.java:184)
          org.springframework.security.openid.OpenIDAuthenticationFilter.attemptAuthentication(OpenIDAuthenticationFilter.java:143)
          org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
          org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
          org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
          org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
          org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
          org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
          org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
          org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
          org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:175)
          org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
          org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

        Activity

        Hide
        luke Luke Taylor added a comment -

        Looks like a problem with attribute fetching (I'm guessing you aren't specifying any attributes?)

        I've added a null check which should cater for this case. Please try with a nightly build.

        Show
        luke Luke Taylor added a comment - Looks like a problem with attribute fetching (I'm guessing you aren't specifying any attributes?) I've added a null check which should cater for this case. Please try with a nightly build.
        Hide
        kdekooter Kees de Kooter added a comment -

        These are the ones I am trying to fetch:

        <attribute-exchange>
        <openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/>
        <openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" />
        <openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true" />
        <openid-attribute name="language" type="http://axschema.org/pref/language" required="true" />
        <openid-attribute name="gender" type="http://axschema.org/gender" required="true" />
        <openid-attribute name="image" type="http://axschema.org/media/image/default" required="true" />
        </attribute-exchange>

        Show
        kdekooter Kees de Kooter added a comment - These are the ones I am trying to fetch: <attribute-exchange> <openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/> <openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" /> <openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true" /> <openid-attribute name="language" type="http://axschema.org/pref/language" required="true" /> <openid-attribute name="gender" type="http://axschema.org/gender" required="true" /> <openid-attribute name="image" type="http://axschema.org/media/image/default" required="true" /> </attribute-exchange>
        Hide
        kdekooter Kees de Kooter added a comment -

        Would setting required to false make a difference?

        Show
        kdekooter Kees de Kooter added a comment - Would setting required to false make a difference?
        Hide
        luke Luke Taylor added a comment -

        No. Please explain whether the problem is intermittent or reproducible. And please try with the latest release (RC3) so that the stacktrace matches the current source.

        Show
        luke Luke Taylor added a comment - No. Please explain whether the problem is intermittent or reproducible. And please try with the latest release (RC3) so that the stacktrace matches the current source.
        Hide
        kdekooter Kees de Kooter added a comment -

        Looks like it is intermittent. With RC3 I am bumping into SEC-1815.
        Will try to find some time to test with the nightlies.

        Show
        kdekooter Kees de Kooter added a comment - Looks like it is intermittent. With RC3 I am bumping into SEC-1815 . Will try to find some time to test with the nightlies.
        Hide
        luke Luke Taylor added a comment - - edited

        You can easily workaround SEC-1815 by using the 4.1.1 HttpClient jar file.

        Show
        luke Luke Taylor added a comment - - edited You can easily workaround SEC-1815 by using the 4.1.1 HttpClient jar file.
        Hide
        luke Luke Taylor added a comment -

        Could you clarify whether this is still a problem with the current snapshots?

        Show
        luke Luke Taylor added a comment - Could you clarify whether this is still a problem with the current snapshots?
        Hide
        luke Luke Taylor added a comment -

        No further input, so assuming that the null check fixed the issue.

        Show
        luke Luke Taylor added a comment - No further input, so assuming that the null check fixed the issue.

          People

          • Assignee:
            luke Luke Taylor
            Reporter:
            kdekooter Kees de Kooter
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: