Unbootstrapped authentication results in NPE

[dekarrin]

In version 0.3.1, there is a potential bug in JanusGraphAbstractAuthenticator.

There is a check for the keys CONFIG_DEFAULT_USER and CONFIG_DEFAULT_PASSWORD in the configuration dictionary passed to the setup() method; if either key is missing, a warning is issued (link to source).

However, later in the same method, the value of config.get(CONFIG_DEFAULT_USER) is used; toString() is called on it. The config object is a Map<String, Object>, and therefore if CONFIG_DEFAULT_USER is not present in it, that config lookup will return null. This causes the toString() call to throw a NullPointerException. A similar situation also occurs directly after that with CONFIG_DEFAULT_PASSWORD. (link to source)

This causes a rather uninformative message to be displayed during gremlin server startup:

9030 [main] WARN  org.apache.tinkerpop.gremlin.server.AbstractChannelizer  -
9031 [main] ERROR org.apache.tinkerpop.gremlin.server.GremlinServer  - Gremlin Server Error
java.lang.IllegalStateException: Could not create/configure Authenticator null
at org.apache.tinkerpop.gremlin.server.AbstractChannelizer.createAuthenticator(AbstractChannelizer.java:195)
at org.apache.tinkerpop.gremlin.server.AbstractChannelizer.init(AbstractChannelizer.java:136)
at org.apache.tinkerpop.gremlin.server.channel.WebSocketChannelizer.init(WebSocketChannelizer.java:61)
at org.apache.tinkerpop.gremlin.server.GremlinServer.start(GremlinServer.java:160)
at org.apache.tinkerpop.gremlin.server.GremlinServer.main(GremlinServer.java:344)
Caused by: java.lang.NullPointerException
at org.janusgraph.graphdb.tinkerpop.gremlin.server.auth.JanusGraphAbstractAuthenticator.setup(JanusGraphAbstractAuthenticator.java:116)
at org.janusgraph.graphdb.tinkerpop.gremlin.server.auth.JanusGraphSimpleAuthenticator.setup(JanusGraphSimpleAuthenticator.java:37)
at org.apache.tinkerpop.gremlin.server.AbstractChannelizer.createAuthenticator(AbstractChannelizer.java:191)
... 4 more
9032 [main] ERROR org.apache.tinkerpop.gremlin.server.GremlinServer  - Gremlin Server was unable to start and will now begin shutdown: Could not create/configure Authenticator null

Reproduction:

To reproduce this issue, add the following configuration in the gremlin-server.yaml, and launch janusgraph:

authentication: {
  authenticator: org.janusgraph.graphdb.tinkerpop.gremlin.server.auth.JanusGraphSimpleAuthenticator,
  authenticationHandler: org.apache.tinkerpop.gremlin.server.handler.SaslAuthenticationHandler,
  config: {
    credentialsDb: conf/gremlin-server/janusgraph-credentials-server.properties
  }
}

(where conf/gremlin-server/janusgraph-credentials-server.properties points to a valid config for credentials storage)

Recommendations

Should the community agree that this is an issue that should be addressed, my naive thoughts going into this is to suggest that one of the following should be done to fix this:

• The logged warning is upgraded to a higher criticality level, such as error or critical. This would indicate to the user that the program will encounter issues and cannot continue execution.
• Alternatively, the value in config should be checked for null, and if it is null, change behavior such that an NPE is not thrown, or throw a more description error such that the end user can easily imply what actions to take to fix the issue based on the output given in the log.

[vtslab]

Hi dekarrin, I can confirm this issue (so, thanks), but also see that along another path this issue was solved in https://github.com/JanusGraph/janusgraph/commit/2b603b8e72d1c1f27d49a4302cb44a34a5b7d7f0 Best wishes, Marc

[FlorianHockmann]

Thanks for investigating, @vtslab. We can leave this issue still open as we can fix the issue also for the 0.3 release branch.