java.lang.NullPointerException

JDK Bug System | Webbug Group | 2 years ago
  1. 0

    [JDK-8080124] SPNEGO authentication broken - Java Bug System

    java.net | 1 year ago
    java.lang.NullPointerException
  2. 0

    FULL PRODUCT VERSION : Java SE 8 Update 45 Java SE 8 Update 40 ADDITIONAL OS VERSION INFORMATION : Microsoft Windows [Version 6.1.7601] EXTRA RELEVANT SYSTEM CONFIGURATION : the bug is most likely in the class library and not related anyhow to any specific platform (I could also reproduce the problem on Linux) A DESCRIPTION OF THE PROBLEM : SPNEGO authentication using JGSS is no longer working since Update 40. There were some changes in Kerberos related code in this release that was supposed to fix a bunch of bugs but unfortunately also broke things. REGRESSION. Last worked in version 8u31 ADDITIONAL REGRESSION INFORMATION: standard Java SE 8 update 31 from download site STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Create a file krb5.conf in directory c:\tmp with the following content [libdefaults] default_keytab_name = FILE:C:/tmp/krb5.keytab default_realm = YOUR_DOMAIN Then create a kerberos keytab file and place it under c:\tmp\krb5.keytab The principal needs to be something like HTTP/fqdn@DOMAIN; I'm using AES256-CTS and have applied the unlimited strength JCE policy. Capture some kerberos ticket being sent as response to www-authenticate negotiate header that contains a kerberos ticket that is base64 encoded and then take out the header Authorization starting after the first occurrence of Negotiate. Use the source code below but before replace the string parameter to the method call decode in line 28 with the captured string. Then run the example code, which will come up with the provided output EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - Entered SpNegoContext.acceptSecContext with state=STATE_NEW SpNegoContext.acceptSecContext: receiving token = ... SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.48018.1.2.2 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.113554.1.2.2 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.30 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.10 SpNegoToken NegTokenInit: reading Mech Token SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenInit SpNegoContext: negotiated mechanism = 1.2.840.113554.1.2.2 SPNEGO Negotiated Mechanism = 1.2.840.113554.1.2.2 Kerberos V5 SpNegoContext.acceptSecContext: mechanism wanted = 1.2.840.113554.1.2.2 SpNegoContext.acceptSecContext: negotiated result = ACCEPT_COMPLETE SpNegoContext.acceptSecContext: sending token of type = SPNEGO NegTokenTarg SpNegoToken NegTokenTarg: sending additional token for MS Interop SpNegoContext.acceptSecContext: sending token = ... <user@DOMAIN> ACTUAL - Entered SpNegoContext.acceptSecContext with state=STATE_NEW SpNegoContext.acceptSecContext: receiving token = ... SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.48018.1.2.2 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.113554.1.2.2 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.30 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.10 SpNegoToken NegTokenInit: reading Mech Token SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenInit SpNegoContext: negotiated mechanism = 1.2.840.113554.1.2.2 The underlying mechanism context has not been initialized SpNegoContext.acceptSecContext: mechanism wanted = 1.2.840.113554.1.2.2 SpNegoContext.acceptSecContext: negotiated result = ACCEPT_INCOMPLETE SpNegoContext.acceptSecContext: sending token of type = SPNEGO NegTokenTarg SpNegoContext.acceptSecContext: sending token = ... Entered SpNegoContext.acceptSecContext with state=STATE_IN_PROCESS SpNegoContext.acceptSecContext: receiving token = ... SpNegoToken NegTokenTarg: negotiated result = Accept InComplete SpNegoToken NegTokenTarg: supported mechanism = 1.2.840.113554.1.2.2 SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenTarg Exception in thread "main" java.lang.NullPointerException at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:898) at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:623) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) at test.Test.main(Test.java:31) REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- package test; import java.util.Base64; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSManager; import org.ietf.jgss.GSSName; import org.ietf.jgss.Oid; public class Test { public static void main(String[] args) throws GSSException { System.setProperty("java.security.krb5.conf", "C:/tmp/krb5.conf"); System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); System.setProperty("sun.security.spnego.debug", "true"); GSSManager manager = GSSManager.getInstance(); Oid oid = new Oid("1.3.6.1.5.5.2"); GSSName name = manager.createName("HTTP/gentoo.asporc.waldvogel.name",null); GSSCredential credentials = manager.createCredential(name,GSSCredential.INDEFINITE_LIFETIME, oid,GSSCredential.ACCEPT_ONLY); GSSContext context = manager.createContext(credentials); if (context == null) { System.out.println("we have a problem"); } else { byte[] token = Base64.getDecoder().decode("BASE64 encoded token as sent by the browser"); while (!context.isEstablished()) { token = context.acceptSecContext(token, 0, token.length); } if (context.isEstablished()) { System.out.println(context.getSrcName().toString()); } else { System.out.println("context not established"); } } } } ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : I was able to get Update 40 and 45 working by patching rt.jar with class sun.security.jgss.spnego.SpNegoContext from Update 31.

    JDK Bug System | 2 years ago | Webbug Group
    java.lang.NullPointerException
  3. 0

    SSO Using JBoss Negotiation

    Coderanch | 6 years ago | Neelesh A Korade
    java.lang.NullPointerException
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Android: Saving Map State in Google map

    Stack Overflow | 11 months ago | Junie Negentien
    java.lang.RuntimeException: Unable to resume activity {com.ourThesis.junieNegentien2015/com.ourThesis.junieNegentien2015.MainActivity}: java.lang.NullPointerException

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.lang.NullPointerException

      No message provided

      at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext()
    2. Java RT
      GSSContextImpl.acceptSecContext
      1. sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:898)
      2. sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:623)
      3. sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
      4. sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
      4 frames
    3. test
      Test.main
      1. test.Test.main(Test.java:31)
      1 frame