Skip to content

NPE is thrown when 'Authorization' header is missing and debug logs are enabled for AuthenticationValve #57

New issue
New issue
Open
Open
NPE is thrown when 'Authorization' header is missing and debug logs are enabled for AuthenticationValve#57
Labels
Priority/NormalSeverity/MinorType/Bug
@malithie

Description

@malithie
malithie
opened on Mar 29, 2018

Description:
Below exception is thrown when 'Authorization' header is not present in the request for a resource protected over AuthenticationValve.

java.lang.NullPointerException
	at org.wso2.carbon.identity.auth.service.handler.HandlerManager.getFirstPriorityHandler(HandlerManager.java:153)
	at org.wso2.carbon.identity.auth.service.AuthenticationManager.authenticate(AuthenticationManager.java:97)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:76)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
	at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
	at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

Affected Product Version:
IS 5.3.0, IS 5.4.0, IS 5.4.1, IS 5.5.0

Steps to reproduce:
Try to access a protected REST API without an Authorization header.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Priority/NormalSeverity/MinorType/Bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions