APAR status
Closed as program error.
Error description
The com.ibm.wsspi.security.registry.saf.SAFPasswordUtility API throws a Null Pointer Exception when the server is configured with multiple user registries and a call is made to the changePassword method. With a server configured with multiple User Registries, OSGi dependency injection provides the wrong User Registry to the SAFPasswordUtlity. Since the SAFPasswordUtlity expects a SAFRegistry instance, the UserRegistry reference would never get set correctly. The changePassword method in the SAFPasswordUtility consumes a UserRegistry reference; if that was not set correctly it would result in a Null Pointer Exception. Stack trace: [8/28/20 14:10:24:253 GMT] 00000037 com.ibm.ccc.web.passwords.PasswordChangeServlet E Unexpected exception while changing password. java.lang.NullPointerException at com.ibm.ws.security.registry.saf.internal.SAFPasswordUtility Impl.passwordChange(SAFPasswordUtilityImpl.java:134) at com.ibm.ccc.web.passwords.PasswordChangeServlet.doPost(Passw ordChangeServlet.java:106) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(Servl etWrapper.java:1230) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest (ServletWrapper.java:729) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest (ServletWrapper.java:426) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFil ters(WebAppFilterManager.java:1226) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.j ava:5021) at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequ est(DynamicVirtualHost.java:314) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContai ner.java:1007) at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(Dynami cVirtualHost.java:279) at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLi nk$TaskWrapper.run(HttpDispatcherLink.java:1134) at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLi nk.wrapHandlerAndExecute(HttpDispatcherLink.java:415) at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLi nk.ready(HttpDispatcherLink.java:374) at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.han dleDiscrimination(HttpInboundLink.java:548) at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.han dleNewRequest(HttpInboundLink.java:482) at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.pro cessRequest(HttpInboundLink.java:347) at com.ibm.ws.http.channel.internal.inbound.HttpICLReadCallback .complete(HttpICLReadCallback.java:70) at com.ibm.ws.channel.ssl.internal.SSLReadServiceContext$SSLRea dCompletedCallback.complete(SSLReadServiceContext.java:1803) at com.ibm.ws.tcpchannel.internal.AioReadCompletionListener.fut ureCompleted(AioReadCompletionListener.java:138) at com.ibm.io.async.AbstractAsyncFuture$WorkCallback.run(Abstra ctAsyncFuture.java:384) at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWr apper.run(ExecutorServiceImpl.java:239) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool Executor.java:1160) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo lExecutor.java:635) at java.lang.Thread.run(Thread.java:820)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server Liberty - Security * **************************************************************** * PROBLEM DESCRIPTION: NullPointerException is received when * * using the PasswordChange API with more * * than one UserRegistry * **************************************************************** * RECOMMENDATION: * **************************************************************** The com.ibm.wsspi.security.registry.saf.SAFPasswordUtility API throws a Null Pointer Exception when the server is configured with multiple user registries and a call is made to the changePassword method. With a server configured with multiple User Registries, OSGi dependency injection provides the wrong User Registry to the SAFPasswordUtlity. Since the SAFPasswordUtlity expects a SAFRegistry instance, the UserRegistry reference would never get set correctly. The changePassword method in the SAFPasswordUtility consumes a UserRegistry reference; if that was not set correctly it would result in a Null Pointer Exception. Stack trace: [8/28/20 14:10:24:253 GMT] 00000037 com.ibm.ccc.web.passwords.PasswordChangeServlet E Unexpected exception while changing password. java.lang.NullPointerException at com.ibm.ws.security.registry.saf.internal.SAFPasswordUtilityImpl .passwordChange(SAFPasswordUtilityImpl.java:134) at com.ibm.ccc.web.passwords.PasswordChangeServlet.doPost(PasswordC hangeServlet.java:106) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWr apper.java:1230) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(Ser vletWrapper.java:729) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(Ser vletWrapper.java:426) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters (WebAppFilterManager.java:1226) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java: 5021) at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest( DynamicVirtualHost.java:314) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer. java:1007) at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVir tualHost.java:279) at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$T askWrapper.run(HttpDispatcherLink.java:1134) at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.w rapHandlerAndExecute(HttpDispatcherLink.java:415) at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.r eady(HttpDispatcherLink.java:374) at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleD iscrimination(HttpInboundLink.java:548) at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleN ewRequest(HttpInboundLink.java:482) at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.process Request(HttpInboundLink.java:347) at com.ibm.ws.http.channel.internal.inbound.HttpICLReadCallback.com plete(HttpICLReadCallback.java:70) at com.ibm.ws.channel.ssl.internal.SSLReadServiceContext$SSLReadCom pletedCallback.complete(SSLReadServiceContext.java:1803) at com.ibm.ws.tcpchannel.internal.AioReadCompletionListener.futureC ompleted(AioReadCompletionListener.java:138) at com.ibm.io.async.AbstractAsyncFuture$WorkCallback.run(AbstractAs yncFuture.java:384) at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrappe r.run(ExecutorServiceImpl.java:239) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec utor.java:1160) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe cutor.java:635) at java.lang.Thread.run(Thread.java:820)
Problem conclusion
Code has been modified to specify to OSGi to target the SAFRegistry instance when it injects the UserRegistry reference to the SAFPasswordUtilityImpl. The fix for this APAR is currently targeted for inclusion in fix pack 20.0.0.11. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH30494
Reported component name
LIBERTY PROF -
Reported component ID
5655W6514
Reported release
CD0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-10-13
Closed date
2020-10-13
Last modified date
2020-10-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LIBERTY PROF -
Fixed component ID
5655W6514
Applicable component levels
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Platform":[{"code":"PF054","label":"z\/OS"}],"Version":"CD0"}]
Document Information
Modified date:
14 October 2020