-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
Platform: All, OS: Windows XP
Hudson 1.200
Tomcat 5.5.17 (though I don't think that matters)
Using Hudson's own user database and matrix-based security.
Steps to reproduce:
1)Login to Hudson, with or without "remember me on this computer" selected
2)Restart Hudson
3)Refresh your hudson page in browser or open new tab - you get an HTTP status
500 error w/ the following stacktrace:
java.lang.NullPointerException
hudson.security.HudsonPrivateSecurityRealm$Details.getUsername
(HudsonPrivateSecurityRealm.java:157)
org.acegisecurity.acls.sid.PrincipalSid.<init>(PrincipalSid.java:50)
hudson.security.SidACL._hasPermission(SidACL.java:34)
hudson.security.GlobalMatrixAuthorizationStrategy$AclImpl._hasPermission
(GlobalMatrixAuthorizationStrategy.java:112)
hudson.security.SidACL.hasPermission(SidACL.java:20)
hudson.security.ACL.checkPermission(ACL.java:28)
hudson.model.View.checkPermission(View.java:102)
hudson.model.Hudson.getTarget(Hudson.java:2157)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:347)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:336)
org.kohsuke.stapler.Stapler.service(Stapler.java:98)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
hudson.security.ChainedServletFilter$1.doFilter
(ChainedServletFilter.java:52)
hudson.security.UnwrapSecurityExceptionFilter.doFilter
(UnwrapSecurityExceptionFilter.java:28)
hudson.security.ChainedServletFilter$1.doFilter
(ChainedServletFilter.java:55)
org.acegisecurity.ui.ExceptionTranslationFilter.doFilter
(ExceptionTranslationFilter.java:166)
hudson.security.ChainedServletFilter$1.doFilter
(ChainedServletFilter.java:55)
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter
(AnonymousProcessingFilter.java:125)
hudson.security.ChainedServletFilter$1.doFilter
(ChainedServletFilter.java:55)
org.acegisecurity.ui.AbstractProcessingFilter.doFilter
(AbstractProcessingFilter.java:271)
hudson.security.ChainedServletFilter$1.doFilter
(ChainedServletFilter.java:55)
org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter
(RememberMeProcessingFilter.java:142)
hudson.security.ChainedServletFilter$1.doFilter
(ChainedServletFilter.java:55)
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter
(BasicProcessingFilter.java:173)
hudson.security.ChainedServletFilter$1.doFilter
(ChainedServletFilter.java:55)
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter
(HttpSessionContextIntegrationFilter.java:249)
hudson.security.ChainedServletFilter$1.doFilter
(ChainedServletFilter.java:55)
hudson.security.ChainedServletFilter.doFilter
(ChainedServletFilter.java:44)
hudson.security.HudsonFilter.doFilter(HudsonFilter.java:85)
To remedy, close and restart your browser (to clear the bad session,
presumably). In the case of the cookie, it seems restarting the browser is
enough, so cookies once detached from an invalid session behave OK. This is
quite frustrating as a hudson admin, as I typically stay logged in on my hudson
boxes and restart hudson when required. It does not affect unauthenticated
users. I started seeing this after upgrading from 1.191 to 1.200 this week.
I'm not sure if the browser (Firefox 2.x, Opera 9.x) should be responsible for
realizing the session is invalid or Hudson, but it seems like at the least it
should logout a user with an invalid session instead of prevent all access.
- is duplicated by
-
-
- Closed
-
