Hi, I'm new to SecurityFilter and I'm having a hard time getting it to work (been trying all day).
The examples for 1.1 work fine but I cant get my application to work, I'm getting the following exception when I run my project. The exception appears when I include the filter mapping (/*).
java.lang.NullPointerException
at org.securityfilter.filter.SecurityFilter.doFilter(SecurityFilter.java:120)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:534)
Orignally I tried using 2.0 but I got the same error and non of the examples worked.
I'm using Struts Studio and TomCat 4.1.24.
Thanks and please help.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I still cant get the examples working but I did get 2.0 working within Struts!!! GET IN! :) There was a problem with the realm definition in the config file!!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have the very same exception, but the class-name is correct. After digging a little deeper into the logs, I found out that the origin of the error is in the init of the filter - for me it was the cast to SecurityRealmInterface that threw an exception - however, this exception is wrapped and the webapp starts up properly - the NullPointerException in doFilter is caused by some objects not being properly initialized. (check your logs for startup errors, if you encounter this NullPointerException)
Maybe it's possible to make the Exception a little clearer by:
- not wrapping the exceptions from SecurityConfig (there cn be ClassCastExceptions that are thrown and get caught somewhere...)
- catch and rethrow the Nullpointer-Exception in doFilter - and adding a hint, that this is probably caused by a misconfiguration of security-filter-config.xml...
cheers
stf
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Foor me checking startup errors helped, the problem seems to arise from adding crimson to my app:
ERROR org.apache.commons.digester.Digester - [Digester.getParser: ] 2006-03-21 14:33:53,055
org.xml.sax.SAXNotRecognizedException: Feature: http://apache.org/xml/features/validation/dynamic
at org.apache.crimson.parser.XMLReaderImpl.setFeature(XMLReaderImpl.java:213)
at org.apache.crimson.jaxp.SAXParserImpl.setFeatures(SAXParserImpl.java:143)
at org.apache.crimson.jaxp.SAXParserImpl.<init>(SAXParserImpl.java:126)
at org.apache.crimson.jaxp.SAXParserFactoryImpl.newSAXParserImpl(SAXParserFactoryImpl.java:113)
at org.apache.crimson.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:141)
at org.apache.commons.digester.parser.XercesParser.configureXerces(XercesParser.java:185)
at org.apache.commons.digester.parser.XercesParser.newSAXParser(XercesParser.java:138)
at org.apache.commons.digester.ParserFeatureSetterFactory.newSAXParser(ParserFeatureSetterFactory.java:71)
at org.apache.commons.digester.Digester.getParser(Digester.java:692)
at org.apache.commons.digester.Digester.getXMLReader(Digester.java:899)
at org.apache.commons.digester.Digester.parse(Digester.java:1647)
at org.securityfilter.config.SecurityConfig.loadConfig(SecurityConfig.java:376)
at org.securityfilter.filter.SecurityFilter.init(SecurityFilter.java:212)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:225)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:308)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:79)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3702)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4329)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595)
at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277)
at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:625)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
at org.apache.catalina.core.StandardService.start(StandardService.java:480)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
Getting rid of crimson-1.1.3.jar resolved the problem for now.
-Ville
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This problem is caused by a problem with the DTD that defines the securityfilter-config.xml file- the DTD is broken and the parser throws an error when it can't load it. This is 'wrong' behaviour on the part of the application- if the DTD is not present, it should try to parse the XML anyway.
The temporary fix is to remove the DOCTYPE tag from the configuration file. This bug is likely to affect many userse of securityfilter. It is a hidden dependency on the securityfilter.org website with the potential to disable virtually any user of the project.
Hi, I'm new to SecurityFilter and I'm having a hard time getting it to work (been trying all day).
The examples for 1.1 work fine but I cant get my application to work, I'm getting the following exception when I run my project. The exception appears when I include the filter mapping (/*).
java.lang.NullPointerException
at org.securityfilter.filter.SecurityFilter.doFilter(SecurityFilter.java:120)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:534)
Orignally I tried using 2.0 but I got the same error and non of the examples worked.
I'm using Struts Studio and TomCat 4.1.24.
Thanks and please help.
I still cant get the examples working but I did get 2.0 working within Struts!!! GET IN! :) There was a problem with the realm definition in the config file!!
It would help if you posted your solution. Running off and not telling us what you did to solve the problem does no one any good except yourself.
Sorry, the class file referenced in the realm definition was pointing to the wrong place.
i.e instead of
<realm className="securityfilter.realm.TrivialSecurityRealm">
</realm>
it was
<realm className="realm.TrivialSecurityRealm">
</realm>
I never did get the examples working.
I have the very same exception, but the class-name is correct. After digging a little deeper into the logs, I found out that the origin of the error is in the init of the filter - for me it was the cast to SecurityRealmInterface that threw an exception - however, this exception is wrapped and the webapp starts up properly - the NullPointerException in doFilter is caused by some objects not being properly initialized. (check your logs for startup errors, if you encounter this NullPointerException)
Maybe it's possible to make the Exception a little clearer by:
- not wrapping the exceptions from SecurityConfig (there cn be ClassCastExceptions that are thrown and get caught somewhere...)
- catch and rethrow the Nullpointer-Exception in doFilter - and adding a hint, that this is probably caused by a misconfiguration of security-filter-config.xml...
cheers
stf
Foor me checking startup errors helped, the problem seems to arise from adding crimson to my app:
ERROR org.apache.commons.digester.Digester - [Digester.getParser: ] 2006-03-21 14:33:53,055
org.xml.sax.SAXNotRecognizedException: Feature: http://apache.org/xml/features/validation/dynamic
at org.apache.crimson.parser.XMLReaderImpl.setFeature(XMLReaderImpl.java:213)
at org.apache.crimson.jaxp.SAXParserImpl.setFeatures(SAXParserImpl.java:143)
at org.apache.crimson.jaxp.SAXParserImpl.<init>(SAXParserImpl.java:126)
at org.apache.crimson.jaxp.SAXParserFactoryImpl.newSAXParserImpl(SAXParserFactoryImpl.java:113)
at org.apache.crimson.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:141)
at org.apache.commons.digester.parser.XercesParser.configureXerces(XercesParser.java:185)
at org.apache.commons.digester.parser.XercesParser.newSAXParser(XercesParser.java:138)
at org.apache.commons.digester.ParserFeatureSetterFactory.newSAXParser(ParserFeatureSetterFactory.java:71)
at org.apache.commons.digester.Digester.getParser(Digester.java:692)
at org.apache.commons.digester.Digester.getXMLReader(Digester.java:899)
at org.apache.commons.digester.Digester.parse(Digester.java:1647)
at org.securityfilter.config.SecurityConfig.loadConfig(SecurityConfig.java:376)
at org.securityfilter.filter.SecurityFilter.init(SecurityFilter.java:212)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:225)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:308)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:79)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3702)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4329)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595)
at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277)
at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:625)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
at org.apache.catalina.core.StandardService.start(StandardService.java:480)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
Getting rid of crimson-1.1.3.jar resolved the problem for now.
-Ville
This problem is caused by a problem with the DTD that defines the securityfilter-config.xml file- the DTD is broken and the parser throws an error when it can't load it. This is 'wrong' behaviour on the part of the application- if the DTD is not present, it should try to parse the XML anyway.
The temporary fix is to remove the DOCTYPE tag from the configuration file. This bug is likely to affect many userse of securityfilter. It is a hidden dependency on the securityfilter.org website with the potential to disable virtually any user of the project.
The DTD is here:
http://www.securityfilter.org/dtd/securityfilter-config_2_0.dtd