-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 5.3 GA
-
Fix Version/s: 5.4
-
Component/s: Seam / JSF UI
-
Environment:Ubuntu server (32 bit) using sun-java-5-jre version 1.5.0-20-0ubuntu0.8.04 with JBoss, and an Apache frontend performing authentication, using AJP for Apache to Nuxeo communication.
Nuxeo DM 5.3GA is configured with the proxy_auth plugin, authenticating from an HTTP header injected by an Apache frontend.
When a user without a current session (i.e. browser is closed, no cookies) follows a link deep into Nuxeo DM (e.g. a link to the history view of a document, or the comments list of a document) they are given an error page instead of the linked content. If the user follows the same steps, but with an existing Nuxeo session, the content displays as expected.
Following is the stack trace found in the Nuxeo log:
java.lang.NullPointerException
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.isStartPageValid(NuxeoAuthenticationFilter.java:648)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.saveRequestedURLBeforeRedirect(NuxeoAuthenticationFilter.java:584)
at org.nuxeo.ecm.platform.ui.web.auth.proxy.ProxyAuthenticator.handleRedirectToValidStartPage(ProxyAuthenticator.java:135)
at org.nuxeo.ecm.platform.ui.web.auth.proxy.ProxyAuthenticator.handleRetrieveIdentity(ProxyAuthenticator.java:118)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.handleRetrieveIdentity(NuxeoAuthenticationFilter.java:814)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:376)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoRequestControllerFilter.doFilter(NuxeoRequestControllerFilter.java:133)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:437)
at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:366)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:595)
