You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Overview of the issue
NPE thrown when using anonymousUser. Caused by authentication.getPrincipal being a string ("anonymousUser") and not a User object.
ERROR 2016-01-11T10:55:49.286 [http-nio-8080-exec-4] o.a.c.c.C.[.[.[.dispatcherServlet Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: User not found!] with root cause
java.lang.IllegalStateException: User not found!
at com.simi.biro.security.SecurityUtils.getCurrentUser(SecurityUtils.java:71) ~[classes/:na]
at com.simi.biro.service.UserService.getUserWithAuthorities(UserService.java:169) ~[classes/:na]
at com.simi.biro.service.UserService$$FastClassBySpringCGLIB$$2d6042b6.invoke() ~[classes/:na]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
And in browser:
{"timestamp":"2016-01-11T08:55:49.291+0000","status":500,"error":"Internal Server Error","exception":"java.lang.IllegalStateException","message":"User not found!","path":"/api/account"}
Motivation for or Use Case
The errors are not cool, especially the browser ones.
UserService.java:getUserWithAuthorities
Replace this:
//User user = userRepository.findOneByLogin(SecurityUtils.getCurrentUser().getUsername()).get();
With this (getCurrentLogin method already has the fix in it):
User user = userRepository.findOneByLogin(SecurityUtils.getCurrentUserLogin()).get();
Optionally in principal.service.js add a check for anonymousUser login to make sure we don't consider it as an authenticated account:
// retrieve the identity data from the server, update the identity object, and then resolve.
Account.get().$promise
.then(function (account) {
if(account.data.login === "anonymousUser"){
_identity = null;
_authenticated = false;
deferred.resolve(_identity);
}else {
_identity = account.data;
_authenticated = true;
deferred.resolve(_identity);
}
})
.catch(function() {
_identity = null;
_authenticated = false;
deferred.resolve(_identity);
});
Please let me know if ok and i'll submit a pull request.
Thanks,
Mihai
The text was updated successfully, but these errors were encountered:
The NPE is thrown by a modification in the code that was generated, so this is not a JHipster issue. The whole idea of securing this API, is that no anonymous user access it, so this NPE can't happen under normal circonstances.
Of course, you can disagree with our current design of sending a 401 error code when an unauthorized user access the page, and for that your best option is of course to modify the generated code, and probably do a switch in your code to handle the specific case of using an anonymousUser.
NPE thrown when using anonymousUser. Caused by authentication.getPrincipal being a string ("anonymousUser") and not a User object.
ERROR 2016-01-11T10:55:49.286 [http-nio-8080-exec-4] o.a.c.c.C.[.[.[.dispatcherServlet Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: User not found!] with root cause
java.lang.IllegalStateException: User not found!
at com.simi.biro.security.SecurityUtils.getCurrentUser(SecurityUtils.java:71) ~[classes/:na]
at com.simi.biro.service.UserService.getUserWithAuthorities(UserService.java:169) ~[classes/:na]
at com.simi.biro.service.UserService$$FastClassBySpringCGLIB$$2d6042b6.invoke() ~[classes/:na]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
And in browser:
{"timestamp":"2016-01-11T08:55:49.291+0000","status":500,"error":"Internal Server Error","exception":"java.lang.IllegalStateException","message":"User not found!","path":"/api/account"}
The errors are not cool, especially the browser ones.
2.26.2
Don't know
All browsers. Mac (El Capitan) and Linux.
oauth authentication broken #2291, tried suggested fix there, didn't work
UserService.java:getUserWithAuthorities
Replace this:
//User user = userRepository.findOneByLogin(SecurityUtils.getCurrentUser().getUsername()).get();
With this (getCurrentLogin method already has the fix in it):
User user = userRepository.findOneByLogin(SecurityUtils.getCurrentUserLogin()).get();
Optionally in principal.service.js add a check for anonymousUser login to make sure we don't consider it as an authenticated account:
// retrieve the identity data from the server, update the identity object, and then resolve.
Account.get().$promise
.then(function (account) {
if(account.data.login === "anonymousUser"){
_identity = null;
_authenticated = false;
deferred.resolve(_identity);
}else {
_identity = account.data;
_authenticated = true;
deferred.resolve(_identity);
}
})
.catch(function() {
_identity = null;
_authenticated = false;
deferred.resolve(_identity);
});
Please let me know if ok and i'll submit a pull request.
Thanks,
Mihai
The text was updated successfully, but these errors were encountered: