Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-36706

When OAuth session expires, an ugly NPE is shown in Jenkins

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • google-login-plugin
    • Tested with both:
      - Jenkins ver. 1.642.1 & google-login-plugin 1.1
      - Jenkins ver. 1.644 & google-login 1.2.1

      When you use google-login to authenticate in Jenkins, and you spend some time without doing anything, the OAuth session expires and an ugly NullPointerException error is show in Jenkins.
      (See screenshot)

      The error is caused by:
      return OAuthSession.getCurrent().doFinishLogin(request);
      when "OAuthSession.getCurrent()" is null.

      Could you please manage this event and show a graceful message for the expiration and also asking the user to log in again?

      When this error happens, it is also anoying that you have to press back in the browser (and depending where you were, that may end up with another error, if you were in a page that requires authorization), and then click on the login link in the upper right, so if the situation is controlled, it would offer a faster way for the user to log in again.

      Thanks!

          [JENKINS-36706] When OAuth session expires, an ugly NPE is shown in Jenkins

          Ryan Campbell added a comment -

          What would make this bug report more useful:

          • Cut and paste the entire error message. Your screen shot cuts off the most important part and I can't cut&paste this into my editor to find the relevant lines.
          • Provide actual steps to reproduce. I have no idea what you mean by "oauth session expires" I'm just guessing, but I think this is?
          1. Login to google with at least two accounts
          2. Setup the security realm with a valid oauth token and secret
          3. Attempt to login to Jenkins using the login link in the upper right hand side
          4. You are presented with a list of accounts to use for login
          5. Wait for some long period?
          6. Finally select the account you want to login with

          Is that what you mean?

          Ryan Campbell added a comment - What would make this bug report more useful: Cut and paste the entire error message. Your screen shot cuts off the most important part and I can't cut&paste this into my editor to find the relevant lines. Provide actual steps to reproduce. I have no idea what you mean by "oauth session expires" I'm just guessing, but I think this is? Login to google with at least two accounts Setup the security realm with a valid oauth token and secret Attempt to login to Jenkins using the login link in the upper right hand side You are presented with a list of accounts to use for login Wait for some long period? Finally select the account you want to login with Is that what you mean?

          Ryan Campbell added a comment -

          OK, I was able to reproduce this by restarting Jenkins instead of step 5 above.

          And you were nice enough to tell me exactly where the bug was, so thanks for that.

          The full stack trace:

          javax.servlet.ServletException: java.lang.NullPointerException
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:778)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
          	at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:210)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
          	at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
          	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
          	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
          	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
          	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:79)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
          	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
          	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
          	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
          	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
          	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
          	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
          	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
          	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
          	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
          	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
          	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
          	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
          	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
          	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
          	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
          	at org.eclipse.jetty.server.Server.handle(Server.java:499)
          	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
          	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
          	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
          	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
          	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
          	at java.lang.Thread.run(Thread.java:745)
          Caused by: java.lang.NullPointerException
          	at org.jenkinsci.plugins.googlelogin.GoogleOAuth2SecurityRealm.doFinishLogin(GoogleOAuth2SecurityRealm.java:246)
          	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
          	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          	at java.lang.reflect.Method.invoke(Method.java:483)
          	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
          	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
          	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
          	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
          	... 59 more
          

          Ryan Campbell added a comment - OK, I was able to reproduce this by restarting Jenkins instead of step 5 above. And you were nice enough to tell me exactly where the bug was, so thanks for that. The full stack trace: javax.servlet.ServletException: java.lang.NullPointerException at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:778) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:210) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631) at org.kohsuke.stapler.Stapler.service(Stapler.java:225) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:79) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang. Thread .run( Thread .java:745) Caused by: java.lang.NullPointerException at org.jenkinsci.plugins.googlelogin.GoogleOAuth2SecurityRealm.doFinishLogin(GoogleOAuth2SecurityRealm.java:246) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728) ... 59 more

          Code changed in jenkins
          User: Ryan Campbell
          Path:
          src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java
          src/main/java/org/jenkinsci/plugins/googlelogin/OAuthSession.java
          http://jenkins-ci.org/commit/google-login-plugin/36670d149a2c5748c61f087a2cd035108461bc5c
          Log:
          JENKINS-36706: Handle session timeout better

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Ryan Campbell Path: src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java src/main/java/org/jenkinsci/plugins/googlelogin/OAuthSession.java http://jenkins-ci.org/commit/google-login-plugin/36670d149a2c5748c61f087a2cd035108461bc5c Log: JENKINS-36706 : Handle session timeout better

          Code changed in jenkins
          User: Ryan Campbell
          Path:
          src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java
          src/main/java/org/jenkinsci/plugins/googlelogin/OAuthSession.java
          http://jenkins-ci.org/commit/google-login-plugin/3d999a0a3ab79f3b0715c7cb293a4a9e58a7881f
          Log:
          JENKINS-36706 Handle session timeout better

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Ryan Campbell Path: src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java src/main/java/org/jenkinsci/plugins/googlelogin/OAuthSession.java http://jenkins-ci.org/commit/google-login-plugin/3d999a0a3ab79f3b0715c7cb293a4a9e58a7881f Log: JENKINS-36706 Handle session timeout better

          Code changed in jenkins
          User: Vincent Latombe
          Path:
          src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java
          src/main/java/org/jenkinsci/plugins/googlelogin/OAuthSession.java
          http://jenkins-ci.org/commit/google-login-plugin/bca0482c0543f921f71ab1594f6dd4d3f519445a
          Log:
          Merge pull request #8 from jenkinsci/JENKINS-36706

          JENKINS-36706: Handle session timeout better

          Compare: https://github.com/jenkinsci/google-login-plugin/compare/62a911674f5c...bca0482c0543
          *NOTE:* This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

          Functionality will be removed from GitHub.com on January 31st, 2019.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Vincent Latombe Path: src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java src/main/java/org/jenkinsci/plugins/googlelogin/OAuthSession.java http://jenkins-ci.org/commit/google-login-plugin/bca0482c0543f921f71ab1594f6dd4d3f519445a Log: Merge pull request #8 from jenkinsci/ JENKINS-36706 JENKINS-36706 : Handle session timeout better Compare: https://github.com/jenkinsci/google-login-plugin/compare/62a911674f5c...bca0482c0543 * NOTE: * This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.

            recampbell Ryan Campbell
            gsanchezu Guillermo Sanchez Urien
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: