search

zkoss / zkspring

Automatically exported from code.google.com/p/zkspring
6 stars 15 forks source link

NullPointer when using JdbcUserDetailsManager Security in ZK 8.0 #28

Closed ghost closed 8 years ago

ghost commented 9 years ago

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:979) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:858) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669) at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:224) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException: null at org.zkoss.zk.ui.util.ConditionImpl.isEffective(ConditionImpl.java:80) at org.zkoss.zk.ui.metainfo.BranchInfo.isEffective(BranchInfo.java:100) at org.zkoss.zk.ui.metainfo.ComponentInfo.isEffective(ComponentInfo.java:60) at org.zkoss.zk.ui.impl.UiEngineImpl.isEffective(UiEngineImpl.java:1087) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreate0(UiEngineImpl.java:747) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreate(UiEngineImpl.java:709) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreateChild0(UiEngineImpl.java:923) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreateChild(UiEngineImpl.java:877) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreate0(UiEngineImpl.java:748) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreateChild(UiEngineImpl.java:822) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreate0(UiEngineImpl.java:771) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreate(UiEngineImpl.java:709) at org.zkoss.zk.ui.impl.UiEngineImpl.createComponents(UiEngineImpl.java:1137) at org.zkoss.zk.ui.impl.AbstractExecution.createComponents0(AbstractExecution.java:310) at org.zkoss.zk.ui.impl.AbstractExecution.createComponents(AbstractExecution.java:296) at org.zkoss.zk.ui.HtmlMacroComponent.compose(HtmlMacroComponent.java:168) at org.zkoss.zk.ui.HtmlMacroComponent.afterCompose(HtmlMacroComponent.java:139) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreateChild0(UiEngineImpl.java:929) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreateChild(UiEngineImpl.java:877) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreate0(UiEngineImpl.java:748) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreate(UiEngineImpl.java:709) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreateChild0(UiEngineImpl.java:923) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreateChild(UiEngineImpl.java:877) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreate0(UiEngineImpl.java:748) at org.zkoss.zk.ui.impl.UiEngineImpl.execCreate(UiEngineImpl.java:709) at org.zkoss.zk.ui.impl.UiEngineImpl.execNewPage0(UiEngineImpl.java:452) at org.zkoss.zk.ui.impl.UiEngineImpl.execNewPage(UiEngineImpl.java:358) at org.zkoss.zk.ui.http.DHtmlLayoutServlet.process(DHtmlLayoutServlet.java:217) at org.zkoss.zk.ui.http.DHtmlLayoutServlet.doGet(DHtmlLayoutServlet.java:136) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:108) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:64) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:65) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:595) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:191) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:72) at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:168) at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:303) at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1244) at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1027) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:971) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967) ... 57 common frames omitted

hawkchen commented 8 years ago

Hi, Thanks for your report. I have created an issue in our formal tracker http://tracker.zkoss.org/browse/ZKSPRING-52 Please provide more detail to let us reproduce it like:

  1. zk version
  2. spring version
  3. configuration files( zk.xml, spring security config xml...)
  4. steps to reproduce
ghost commented 8 years ago

ZK-Version: 8.0.0 Spring Boot: 1.2.7

zk.xml

<zk>
    <preference>
        <name>org.zkoss.zk.ui.WebApp.name</name>
        <value>APP_NAME</value>
    </preference>
    <system-config>
        <response-charset>UTF-8</response-charset>
        <max-upload-size>1000000</max-upload-size>
    </system-config>
    <session-config>
        <session-timeout>57600</session-timeout>
        <timer-keep-alive>true</timer-keep-alive>
        <max-desktops-per-session>8</max-desktops-per-session>
        <max-requests-per-session>64</max-requests-per-session>
    </session-config>
    <device-config>
        <device-type>ajax</device-type>
        <timeout-uri></timeout-uri>
    </device-config>
    <error-page>
        <exception-type>org.springframework.security.access.AccessDeniedException
        </exception-type>
        <location>/user/auaccessdenied.zul</location>
    </error-page>
    <listener>
        <listener-class>org.zkoss.spring.DelegatingVariableResolver</listener-class>
    </listener>
    <error-page>
        <exception-type>java.lang.Throwable</exception-type>
        <location>/inc/error.zul</location>
    </error-page>
    <desktop-config>
        <theme-uri>/css/styles.css</theme-uri>
    </desktop-config>
</zk>

security.java

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Autowired
    private DataSourcedataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        auth.userDetailsService(userDetailsManager()).passwordEncoder(new Md5PasswordEncoder());
    }

    @Bean
    JdbcUserDetailsManager userDetailsManager()
    {
        JdbcUserDetailsManager manager = new JdbcUserDetailsManager();
        manager.setDataSource(dataSource);
        manager.setEnableGroups(true);
        manager.setChangePasswordSql(SQL_STATEMENT);
        return manager;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
            .headers().frameOptions().disable()
            .csrf().disable() // Required for zkoss-logins
            .authorizeRequests()
            .and()
            .formLogin()
            .loginProcessingUrl("/login")
            .loginPage("/")
            .failureUrl("/")
            .and()
            .logout()
            .permitAll()
            .and().exceptionHandling();
    }
}

If I remove the JdbcUserDetailsManager userDetailsManager() then all is good. But with this configutiration I get every time this error after opening the index.zul.

hawkchen commented 8 years ago

In your stack trace, it looks like the calling below is the root cause

Caused by: java.lang.NullPointerException: null
at org.zkoss.zk.ui.util.ConditionImpl.isEffective(ConditionImpl.java:80)
...

Do you use any if or unless attribute in index.zul? check that line, it might reference a variable that is null.

ghost commented 8 years ago

I only call the index.zul first.

<?xml version="1.0" encoding="UTF-8"?>
<?component name="menu" macroURI="/inc/menubar.zul"?>
<?page title="${labels.app.title}"?>
<window title="${labels.app.title}" id="mainWindow" border="none" shadow="false">
    <menu width="100%" />
</window>

There is no if or unless...

hawkchen commented 8 years ago

Because the nullpointer exception is thrown during component creation, it's highly realted to your zul. You can remove the page's components one by one to find out whcih component cause this issue. Can you provide menubar.zul?

ghost commented 8 years ago

The menubar.zul is the problem. There are many if and unless conditions. Without these its works fine. 

<menu id="menuitem"
            label="${labels.menu.access.$} [${labels.menu.access.loggedInAs}   ${desktop.execution.userPrincipal.name}]"
            if="${desktop.execution.userPrincipal.authenticated}"
            image="/img/access.gif">
hawkchen commented 8 years ago

If the page below shows nothing in your project, then that's the reason you get a null pointer exception. Because there is no such attribute when creating a page.

<zk>
${desktop.execution.userPrincipal.authenticated}
</zk>

it's a known bug, http://tracker.zkoss.org/browse/ZK-2912, which was fixed. You can get 8.0.1 freshly release to test it.