search

wso2-extensions / identity-carbon-auth-rest

Apache License 2.0
1 stars 144 forks source link

NPE is thrown when 'Authorization' header is missing and debug logs are enabled for AuthenticationValve #57

Open malithie opened 6 years ago

malithie commented 6 years ago

Description: Below exception is thrown when 'Authorization' header is not present in the request for a resource protected over AuthenticationValve.

java.lang.NullPointerException
    at org.wso2.carbon.identity.auth.service.handler.HandlerManager.getFirstPriorityHandler(HandlerManager.java:153)
    at org.wso2.carbon.identity.auth.service.AuthenticationManager.authenticate(AuthenticationManager.java:97)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:76)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
    at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
    at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

Affected Product Version: IS 5.3.0, IS 5.4.0, IS 5.4.1, IS 5.5.0

Steps to reproduce: Try to access a protected REST API without an Authorization header.

hasinidilanka commented 5 years ago

Fixed in IS5.8.0 by: https://github.com/wso2-extensions/identity-carbon-auth-rest/pull/70