This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Tomcat JAAS Authentication NullPointerException Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat JAAS Authentication NullPointerException" Watch "Tomcat JAAS Authentication NullPointerException" New topic

Tomcat JAAS Authentication NullPointerException

matt matchefts

Joined: Aug 12, 2010
Posts: 2
I have configured Tomcat to do JAAS authentication using a custom login/error page. I am getting a nullponterexception as defined below. Log messages indicate that my JAAS authentication module is invoked and returning 'true' from the auth module ::commit function. I have defined my own User and Role principle and specified in server.xml file. Any suggestions on how to debug the NPE that isn't in my code? I'm not sure what to look at next... Thanks.

INFO: Server startup in 9775 ms
Aug 11, 2010 4:52:12 PM org.apache.catalina.connector.CoyoteAdapter service
SEVERE: An exception or error occurred in the container during the request processing
at java.util.Arrays.binarySearch0(
at java.util.Arrays.binarySearch(
at org.apache.catalina.realm.GenericPrincipal.hasRole(
at org.apache.catalina.realm.RealmBase.hasRole(
at org.apache.catalina.realm.RealmBase.hasResourcePermission(
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
at org.apache.catalina.core.StandardHostValve.invoke(
at org.apache.catalina.valves.ErrorReportValve.invoke(
at org.apache.catalina.core.StandardEngineValve.invoke(
at org.apache.catalina.connector.CoyoteAdapter.service(
at org.apache.coyote.http11.Http11Processor.process(
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(

Realm Definition
<Realm className = "org.apache.catalina.realm.JAASRealm"
roleClassNames="mikros.RolePrincipal" />

JAAS Login Module
public class Authenticator implements LoginModule {
private static Logger log = Logger.getLogger(Authenticator.class);

String loginName;
CallbackHandler handler;
Subject subject;
Map<String, ?> sharedState;
Map<String, ?> options;

private boolean loginPassed = false;

public Authenticator() {


public boolean abort() throws LoginException {
// TODO Auto-generated method stub
return false;

public boolean commit() throws LoginException {
try {
UserPrincipal user = new UserPrincipal(loginName);
RolePrincipal role = new RolePrincipal("admin");

log.debug("Added user and role principals.");
} catch (Exception e) {
throw new LoginException(e.getMessage());

return true;

public void initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String, ?> sharedState,
Map<String, ?> options) {
this.subject = subject;
this.handler = callbackHandler;
this.sharedState = sharedState;
this.options = options;


public boolean login() throws LoginException {

String name = "";
String pass = "";

Context env = null;
boolean passed = false;
Callback[] callbacks = new Callback[2];

callbacks[0] = new NameCallback("Username:");
callbacks[1] = new PasswordCallback("Password:", false);

try {

NameCallback nameCallback = (NameCallback) callbacks[0];
name = nameCallback.getName();
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
pass = new String(passwordCallback.getPassword());

log.debug("log in name:" + name + " password:" + pass);

if (name.equals("foo") &&
pass.equals("bar")) {
loginPassed = true;
loginName = name;
log.debug("login passed.");
} else {
loginPassed = false;
log.debug("login failed.");

return loginPassed;
catch (Exception e) {
throw new LoginException(e.getMessage());

public boolean logout() throws LoginException {
try {
UserPrincipal user = new UserPrincipal(loginName);
RolePrincipal role = new RolePrincipal("admin");
log.debug("Logged out:" + loginName);
} catch (Exception e) {
throw new LoginException(e.getMessage());

return true;
matt matchefts

Joined: Aug 12, 2010
Posts: 2
I resolved the issue. I had a bad equals function in my RolePrincipal object that caused the null pointer exception.
wood burning stoves
subject: Tomcat JAAS Authentication NullPointerException
Similar Threads
Jboss login module issue, HTTP Status 403
java.lang.SecurityException: Authentication exception, principal=null
JBoss 5.1.0 GA. FORM based authentication
Is this possible with JAAS, or WebSphere even for that matter?
Using cookies in JAAS to extend a Single Sign On