Home / server / Questions

Questions[bug](server)

Martin Hope
Daniel Sandberg
Asked: 2021-05-18 11:03:50 +0800 CST
  • 1

Anyone been hit by the NPE bug when using JNDIRealm/ActiveDirectory in Tomcat 9.0.46 and have a workaround?

Context

I had to upgrade from 9.0.43 due to a concurrency bug where the socket input stream gets corrupted (and mixing up request bodies) when keep-alive/re-use is enabled. Log was filled with "Error parsing HTTP request header" and "HTTP method names must be tokens 000x000x000x000x000x...", etc. After upgrade to 9.0.46 this issue is resolved but now our ActiveDirectory login is broken instead.

Log

17-May-2021 14:31:49.405 INFO [Catalina-tomcat-workers-thread7] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication. Retrying...
    java.lang.NullPointerException
            at org.apache.catalina.realm.JNDIRealm.doAttributeValueEscaping(JNDIRealm.java:2884)
            at org.apache.catalina.realm.JNDIRealm.getRoles(JNDIRealm.java:1892)
            at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1350)
            at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1232)
            at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:191)
            at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:191)
            at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:154)
            at org.apache.catalina.authenticator.BasicAuthenticator.doAuthenticate(BasicAuthenticator.java:101)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:632)

Bug

According to the bug report (https://bz.apache.org/bugzilla/show_bug.cgi?id=65308) there is an issue with userRoleAttribute being empty/null. Guess that won't get released for another 3-4 weeks.

The Tomcat documentation (https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#JNDIRealm) says that:

roleSearch - the LDAP search filter for selecting role entries.
It optionally includes pattern replacements "{0}" for the distinguished name and/or "{1}" for the username and/or "{2}" for an attribute from user's directory entry, of the authenticated user.
Use userRoleAttribute to specify the name of the attribute that provides the value for "{2}".

I'm not using "{2}" in the roleSearch attribute so I don't have a need to set userRoleAttribute. I have nevertheless tried to set it to something non-empty, but to no avail.

I need a workaround until such time they release 9.0.47. Any takers?

tomcat active-directory bug
Martin Hope
user124381
Asked: 2012-06-13 05:26:18 +0800 CST
  • 1

I'm having problem with few linux boxes running xen. They are acting as hypervisors and they are connected to SAN using multipath setup to provide storage to guest vms.

Every now and then one of two paths fails but it can be quickly restored by running:

multipath
multipath -ll

I need to get to the bottom of the issue and find out why this is happening. I have noticed that this doesn't occur when the hypervisor is not too busy (network and I/O wise). I have also eliminated possible hardware problem by moving all the services on to identical new chassis. I have collected few system logs which may indicate NIC module issue or kernel problem and failing multipath might be only a result of this!!?? Here is a bit of log which always shows up when multipath goes down:

kernel: BUG: soft lockup - CPU#0 stuck for 60s! [swapper:0]
kernel: BUG: soft lockup - CPU#2 stuck for 60s! [events/2:76]

I'll paste full logs at the end of this post to keep it easy to read. Now a little bit more about my setup:

  • Internet access is setup over eth0 and eth2 (bonded)
  • SAN multipath access is setup over eth1 and eth3

Server:

  • Supermicro SuperServer 6016T-NTRF
  • Intel(R) Xeon(R) CPU E5645
  • Intel Corporation 82576 Gigabit Network

  • CentOS release 5.7 (Final) 2.6.18-274.18.1.el5xen

  • filename: /lib/modules/2.6.18-274.18.1.el5xen/kernel/drivers/net/igb/igb.ko

  • version: 3.0.6-k2-1

  • Log 01

  • Log 02

If anyone needs more details please get it touch. Any help will be much appreciated.

linux networking kernel multipath bug
Martin Hope
Nathan Taylor
Asked: 2012-04-14 12:08:31 +0800 CST
  • 3

While working with an ASP.NET application on Chrome for Android I discovered that Request.Browser.Cookies returns False for that browser (despite the browser supporting cookies). Based on what I've read, this indicates a problem with the database which ASP.NET uses to look up information about different UserAgents. The fact that it returns False means that the database is either missing Chrome for Android, or has invalid data for it.

What is the a proper place to report IIS issues like this?

asp.net cookies bug
Martin Hope
Derrick C.
Asked: 2012-04-06 10:11:29 +0800 CST
  • 1

I found a problem with my Apache webserver:

Suppose I ONLY HAVE ONE file on my website (index.php):

example.com/index.php

When I access the URL using this way:

example.com/index.php/abc or example.com/index.php/123

Apache will display the content of: example.com/index.php

It has created a lot of problem to my web application. How can I make this as a 404 error?

Notice that my Apache is standard/default. I didn't do any modification to my Apache settings. OS is Fedora Linux.

Thanks.

apache-2.2 bug
Martin Hope
B14D3
Asked: 2012-03-09 01:09:33 +0800 CST
  • 6

This is what I found in dmesg on my new Fedora 16 instalation on new HP ProLiant DL320 G6

[ 0.130963] Performance Events: PEBS fmt1+, Westmere events, Broken BIOS detected, complain to your hardware vendor. [ 0.130971] [Firmware Bug]: the BIOS has corrupted hw-PMU resources (MSR 38d is 330) [ 1.029118] BIOS reported wrong ACPI id for the processor

How bad it is and how to repair this ? Can I use this machine on production??

linux bios fedora hp bug