[MAGNOLIA-2261] Magnolia access failure whit miss-configured bypass in filterchain Created: 14/Jul/08 Updated: 02/Dec/13 Resolved: 02/Dec/13 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | 3.5.8 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major |
| Reporter: | Olivier Marti | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||
| Date of First Response: | |||||||||
| Description |
|
Reported from Futurelab: We just wanted to add a bypass rule to the uriSecurity config node. We added the class name parameter and wanted to add the pattern parameter next, but since the rule was already active, we could not get that far. There is a missing null check in some Magnolia code, resulting in an NPE that causes the entire request to fail, instead of just the offending rule. Of course that means we have no way to complete or revert our broken config in the JCR so we are effectively locked out and the system is down because every request now fails. ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/magnoliaAuthor].[default] 14.07.2008 15:58:57 – Servle This seems to be the offending code: public void init() { else { setTrueValue(-pattern.length()); } } |
| Comments |
| Comment by Magnolia International [ 14/Jul/08 ] |
|
I assume that by "uriSecurity config node", you're talking about the uriSecurity filter: |