Bugzilla – Full Text Bug Listing
| Summary: | [server] NPE on anonymous attempt to create users. | ||
|---|---|---|---|
| Product: | [ECD] Orion | Reporter: | John Arthorne <john.arthorne> |
| Component: | Client | Assignee: | Malgorzata Janczarska <malgorzata.tomczyk> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | P3 | ||
| Version: | 0.2 | ||
| Target Milestone: | 0.2 | ||
| Hardware: | PC | ||
| OS: | Windows 7 | ||
| Whiteboard: | |||
This was using Orion M5 on orion.eclipse.org. It looks like that you have no UserAdmin running. Could you check if you have any of those bundles started: org.eclipse.orion.server.useradmin.xml or org.eclipse.orion.server.user.securestorage? Why are you saying it should return 403? This is orion.eclipse.org, it definitely has user admin running. The problem was that the "store" name was changed, and the wrong name was being passed in. Here is the command line to reproduce: curl -d "store=userStore" -d "login=blah" -d "password=blah" -d "passwordRetype=blah" http://orion.eclipse.org/login?redirect=/users/create (In reply to comment #2) > Why are you saying it should return 403? Now that I know the reason it should probably be 400 Bad Request. I modified the application so it returns 404 each time userStore is not found. I suppose that's most appropriate. But I what did you exactly try to achieve by this request? The arguments you passed in this request will be passed to /login, but the rather look like the should be passed to /users/create. I think you were looking for something more like: curl --post301 -d "login=test" -d "password=test" -d "store=userStore" http://orion.eclipse.org/login?redirect=/users/create?login=blah&password=blah&passwordRetype=blah&store=userStore this will login user test/test, and then could make an attempt to create user with given parameters. Only problem is that, by design, it doesn't work ;) The redirect always sends GET, it was rather thought to redirect user to the site he started his navigation from and let him try again whatever he was up to. But perhaps this should be redesigned. After all the 401 might have been thrown from a POST or PUT request. (In reply to comment #5) > I modified the application so it returns 404 each time userStore is not found. > I suppose that's most appropriate. Sounds fine. > But I what did you exactly try to achieve by this request? The arguments you > passed in this request will be passed to /login, but the rather look like the > should be passed to /users/create. The webmaster was trying to automate user account creation. He eventually figured out the correct syntax, but reported this problem to me as he was trying to get it to work. Fixed |
An anonymous POST to /users/create returns a 500 error with the following stack trace. It should instead be a 403 response. java.lang.NullPointerException at org.eclipse.orion.server.authentication.form.core.FormAuthHelper.getUserForCredentials(FormAuthHelper.java:117) at org.eclipse.orion.server.authentication.form.core.FormAuthHelper.performAuthentication(FormAuthHelper.java:101) at org.eclipse.orion.server.authentication.form.servlets.LoginServlet.doPost(LoginServlet.java:43) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) at org.eclipse.equinox.http.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:28) at org.eclipse.orion.internal.server.servlets.file.EditSupportFilter.doFilter(EditSupportFilter.java:46) at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173) at org.eclipse.equinox.http.servlet.internal.FilterRegistration.doFilter(FilterRegistration.java:71) at org.eclipse.equinox.http.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:25) at org.eclipse.orion.server.configurator.servlet.WelcomeFileFilter.doFilter(WelcomeFileFilter.java:37) at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173) at org.eclipse.equinox.http.servlet.internal.FilterRegistration.doFilter(FilterRegistration.java:71) at org.eclipse.equinox.http.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:25) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:130) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.eclipse.equinox.http.jetty.internal.HttpServerManager$InternalHttpServiceServlet.service(HttpServerManager.java:318) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:939) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)