[ZEPPELIN-3332] Zeppelin login fails with NPE if ldapRealm.authorizationEnabled is not set true - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.8.0
Fix Version/s: 0.8.0
Component/s: security
Labels:
None

Description

NPE is caused due the return value of org.apache.zeppelin.realm.LdapRealm method queryForAuthorizationInfo is null if authorizationEnabled = false (false is the default)

The null is not correctly handled by org.apache.zeppelin.utils.SecurityUtils and the login attempt always fails with:

Caused by: java.lang.NullPointerException
at org.apache.zeppelin.utils.SecurityUtils.getRoles(SecurityUtils.java:144) 
at org.apache.zeppelin.rest.LoginRestApi.postLogin(LoginRestApi.java:82) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
... 50 more

Even when the authentication was successful and authorizationEnabled=false we are not able to login to the zeppelin ui.

Issue was introduced by pull https://github.com/apache/zeppelin/pull/2498

Attachments

Issue Links

links to

GitHub Pull Request #2867

GitHub Pull Request #2911

Activity

People

Assignee:: Felix Albani

Reporter:: Felix Albani

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Mar/18 14:22

Updated:: 05/Apr/18 19:21

Resolved:: 05/Apr/18 19:21