Bug 33713

Summary: Admin webapp throws NullPointerException when logon is performed using Single Sign On
Product: Tomcat 5 Reporter: Ben Spiller <bjs>
Component: Webapps:AdministrationAssignee: Tomcat Developers Mailing List <dev>
Severity: normal    
Priority: P2    
Version: 5.5.7   
Target Milestone: ---   
Hardware: PC   
OS: Windows XP   

Description Ben Spiller 2005-02-23 19:19:44 UTC
If Single Sign On is enabled, a user can visit the Tomcat administration webapp
after logging on using another page. Unfortunately after upgrading from Tomcat
5.0 to 5.5.7 we've found this results in a NullPointerException (unless the
admin webapp has already been loaded).

I've had a look at the code, and the reason seems to be Remm's commit to web.xml
and login.jsp on 16-Aug-04 (affecting Tomcat 5.5.0 and above) that stopped the
admin app being loaded on startup and instead loads its internals when the login
.jsp page is visited.

This fix obviously assumes that the login page is always visited before the
admin webapp is accessed - an assumption that is not valid when using SSO. 

I suggest either reversing the previous commit and turning load-on-startup on
again; or alternatively, adding the line that was added to login.jsp to
frameset.jsp as well (someone would need to confirm if this works OK, as I don't
Comment 1 Yoav Shapira 2005-03-23 17:09:42 UTC
Hmm... We don't want it to load-on-startup because its loading time slows down
the overall server start time.  The frameset.jsp suggestion sounds reasonable
but I don't have time to test it at the moment.