IBM Support

PI87557: NULL POINTER EXCEPTION IN WLP 17.0.0.2

Fixes are available

17.0.0.4: WebSphere Application Server Liberty 17.0.0.4
18.0.0.1: WebSphere Application Server Liberty 18.0.0.1
18.0.0.2: WebSphere Application Server Liberty 18.0.0.2
18.0.0.3: WebSphere Application Server Liberty 18.0.0.3
18.0.0.4: WebSphere Application Server Liberty 18.0.0.4
19.0.0.1: WebSphere Application Server Liberty 19.0.0.1
19.0.0.2: WebSphere Application Server Liberty 19.0.0.2
19.0.0.3: WebSphere Application Server Liberty 19.0.0.3
19.0.0.4: WebSphere Application Server Liberty 19.0.0.4
19.0.0.5: WebSphere Application Server Liberty 19.0.0.5
19.0.0.6: WebSphere Application Server Liberty 19.0.0.6
19.0.0.7: WebSphere Application Server Liberty 19.0.0.7
19.0.0.8: WebSphere Application Server Liberty 19.0.0.8
19.0.0.9: WebSphere Application Server Liberty 19.0.0.9
19.0.0.10: WebSphere Application Server Liberty 19.0.0.10
19.0.0.11: WebSphere Application Server Liberty 19.0.0.11
19.0.0.12: WebSphere Application Server Liberty 19.0.0.12
20.0.0.1: WebSphere Application Server Liberty 20.0.0.1
20.0.0.2: WebSphere Application Server Liberty 20.0.0.2
20.0.0.3: WebSphere Application Server Liberty 20.0.0.3
20.0.0.4: WebSphere Application Server Liberty 20.0.0.4
20.0.0.5: WebSphere Application Server Liberty 20.0.0.5
20.0.0.6: WebSphere Application Server Liberty 20.0.0.6
20.0.0.7: WebSphere Application Server Liberty 20.0.0.7
20.0.0.8: WebSphere Application Server Liberty 20.0.0.8
20.0.0.9: WebSphere Application Server Liberty 20.0.0.9
20.0.0.10: WebSphere Application Server Liberty 20.0.0.10
20.0.0.11: WebSphere Application Server Liberty 20.0.0.11
20.0.0.12: WebSphere Application Server Liberty 20.0.0.12

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Customer has a REST API running in WLP whose security is
    provided by the TrustAssociationInterceptor (TAI) interface.
    They have a test which sends a request to the API with an
    invalid LTPA token which results in a NPE coming back from
    the
    WLP web container:
    TAI being driven. The TAI normally only gets in the way when
    a
    login request comes in, in which case we expect that the
    user
    id and password has already been validated by DataPower
    which
    intercepts the request before it gets to WLP. As this
    request
    is associated with an LTPA token the DataPower logic doesn't
    do
    the intercept as it can't possibly tell if the LTPA token
    provided by WLP via the TAI is valid or not. As a result the
    TAI says it can't intercept this request as we can
    detect that DataPower hasn't performed the intercept.)
    NullPointerException  in
    com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFil
    ters
    1105
    

Local fix

  • Still in progress..
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty - Security                   *
    ****************************************************************
    * PROBLEM DESCRIPTION: NullPointerException is thrown when TAI *
    *                      returns NULL TAIResult                  *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When TAI returns null result,  audit function throws
    NullPointerException while trying to access TAIResult data.
    
    -- Sample Exception when this issue happens ---
    
    [9/4/17 7:49:20:668 EDT] 0000010e id=
    com.ibm.ws.webcontainer.webapp.WebApp handleRequest SRVE0315E:
    An exception occurred: java.lang.Throwable:
    java.lang.NullPointerException
    at
    com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:
    5027)
    at
    com.ibm.ws.webcontainer31.osgi.webapp.WebApp31.handleRequest(Web
    App31.java:528)
    
    ...
    Caused by: java.lang.NullPointerException
    at
    com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.
    determineWebReply(WebAppSecurityCollaboratorImpl.java:952)
    at
    com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.
    determineWebReply(WebAppSecurityCollaboratorImpl.java:914)
    at
    com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.
    performSecurityChecks(WebAppSecurityCollaboratorImpl.java:625)
    at
    com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.
    preInvoke(WebAppSecurityCollaboratorImpl.java:539)
    at
    com.ibm.wsspi.webcontainer.collaborator.CollaboratorHelper.preIn
    vokeCollaborators(CollaboratorHelper.java:458)
    ...
    --------------------
    

Problem conclusion

  • Null check has been added to avoid NullPointerException.   This
    issue was fixed by Issue #106 in OpenLiberty.
    (https://github.com/OpenLiberty/open-liberty/issues/106)
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 17.0.0.4.  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI87557

  • Reported component name

    LIBERTY PROFILE

  • Reported component ID

    5724J0814

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-09-19

  • Closed date

    2017-11-28

  • Last modified date

    2017-11-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROFILE

  • Fixed component ID

    5724J0814

Applicable component levels

  • RCD0 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
19 October 2021