AwsProxyHttpServletRequest null pointer exception #327
Labels
Milestone
Comments
|
Working on version 1.5 now. We'll include this bug fix. I'll let you know here when you can test with the |
sapessi
added a commit
that referenced
this issue
Mar 31, 2020
…s property is null. Unlikely outside of tests but better safe than sorry. This addresses #327
|
thanks |
sapessi
added a commit
that referenced
this issue
Apr 8, 2020
* Bump spring.version in /aws-serverless-java-container-spring (#319) Bumps `spring.version` from 5.1.9.RELEASE to 5.2.3.RELEASE. Updates `spring-webmvc` from 5.1.9.RELEASE to 5.2.3.RELEASE - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.1.9.RELEASE...v5.2.3.RELEASE) Updates `spring-test` from 5.1.9.RELEASE to 5.2.3.RELEASE - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.1.9.RELEASE...v5.2.3.RELEASE) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump spring-webflux in /aws-serverless-java-container-springboot2 (#318) Bumps [spring-webflux](https://github.com/spring-projects/spring-framework) from 5.1.9.RELEASE to 5.2.0.RELEASE. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.1.9.RELEASE...v5.2.0.RELEASE) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: Fixing Spring build to use 5.2 as latest * chore(deps): Bump Spring 5.1 path release to address a security vulnerability * chore(deps): Fixing usual spring dependency mess with exlusions out of the spring-security package used in the tests * Fix for issue #317 (#323) * fix issue 317 - use charset from request * update dependencies * update build dependencies, remove spring boot 2.0.x * restoring ci config Co-authored-by: Stefano Buliani <[email protected]> * test: Fixed Spring security tests for SpringBoot 2, added validation tests and updated servlet tests to use the new servletApplication option * fix: Avoid flushing the response buffer if we are dispatching the request asynchronously. This was causing race conditions in the SpringBoot 2 WebFlux implementation - requests that had to run through security or validation filters took longer and the library flushed an empty request, which caused the status code to default to 200. This fix addresses issues #279, #304, and #306 * chore(deps): Bump spring dependency version and added webmvc optional dependency to truly support Servlet-only server * feat: New application type parameter to SpringBootLambdaContainerHandler that tells the framework whether to start a reactive or servlet-based embedded server. Also added a new servletApplication method to the builder object. * test: Fixed UTF-8 encoding test * ci: Fixed dependencies for CI run on SpringBoot 2 * ci: More Spring dependency convergence issues during CI * fix: Added null-check on getServerName in case the multi-value headers property is null. Unlikely outside of tests but better safe than sorry. This addresses #327 * fix: Changed servlet initialization mechanism so that servlet that requests load on startup are initialized right away, as part of the initialization() method call in LambdaServletContainerHandler. Also centralized the lazy Servlet initialization to the ServletExecutionFilter so that we don't have code scattered all around. This begins to address #287 * feat: Added new 0-parameter constructor for async initializer that uses the actual JVM start time to calculate the timeout milliseconds. Also added the new method to the builder object and deprecated the current method that receives a milliseconds epoch parameter. I'm not deprecating the constructor of the async initializer class that receives the parameter as it may still be useful for tests. This change was suggested in #287 * fix: Updated SpringBoot 1.x handler to use the new servlet initialization mechanism * ci: switch SpringBoot slow integration test to use a custom async time since the JVM is reused for both tests in the and we cannot reuse the actual JVM init time * feat: New models for HTTP API support for #329 * feat: First implementation of HTTP API servlet request, request reader, and security context writer - continuing to address #329 * test: Basic unit tests for the new HTTP API support in core library (#329) * feat: Updated log formatter to support both versions (1 and 2) of the proxy request model (#329) * feat: Further generified request readers to read to a generic HttpServletRequest rather than specific implementations of it. This makes it easier to create container handler implementations that support HTTP API, API Gateway, and ALB (#329) * test: Fixed tests for new logged and generified request readers * feat: Added HTTP API support to Jersey implementation with new getHttpApiV2ProxyHandler method (#329) * feat: Added HTTP API support to Spark implementation (#329) * feat: Added HTTP API support to Spring implementation (#329) * feat: HTTP API support in SpringBoot 2 implementation. bug: Fixed an issue with the implementation of AsyncContext where it wasn't dispatching if the handler wasn't set * feat: First pass of HTTP API support in struts 2 implementation (#329) * fix: Added support for HTTP APIs to the request dispatcher * chore(deps): Dependency bump all around. Rotated Jersey ci versions * fix: Updated stream handling logic to work with reactive applications as suggested in #316 * test: Added unit test to replicate #333 * feat: New configuration parameter to skip exception mapping and allow exception to bubble up from #307 * fix: Fixed spotbugs issue in RuntimeException cast * test: Added tests for more complex content types mentioned in issue #315 * docs: Updated samples to support SAM CLI operations out of the box to address #293 and switched to HTTP API by default * feat: Updated archetypes to work out of the box with the SAM CLI, continuing to address #293 * chore: License header pass on the entire project * fix: Set default value for setDisableException mapper in config to false * fix: Updated default initialization timeout to 20 seconds Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eran Medan <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Framework version: 1.4
Implementations: Jersey
com.amazonaws.serverless
aws-serverless-java-container-jersey
1.4
Scenario
Calls into lambda with no header will fail with null pointer exception. AWSProxyServletProxyRequest does not null check getting the header in getServerName other similar methods in the same class do ie null means no header.
Note one successful call stop this behaviour, I presume the result of getServerName is cached.
After initially deploying API\lambda or letting lambda go cold, sending a REST request from the API Gateway console with nothing in the header box causes the lambda to null pointer, this previously worked with earlier versions of the java eg 1.1.1.
Entering absolutely any value pair in the header eg { a : 1 } so it has a header succeeds and subsequent calls no longer require the header.
From AwsProxyHttpServletRequest.getServerName ()
String hostHeader = request.getMultiValueHeaders().getFirst(HOST_HEADER_NAME);
if (hostHeader != null && SecurityUtils.isValidHost(hostHeader, request.getRequestContext().getApiId(), region)) {
return hostHeader;
}
So I presume if request.getMultiValueHeaders() return null then hostHeader should be treated as null don't attempt to call getFirst.
Expected behavior
Acts as if no header supplied. Earlier versions of the jar eg 1.1.1 did this.
Actual behavior
Gateway timeout. Null pointer in lambda logs.
Steps to reproduce
After initially deploying API\lambda or letting lambda go cold, sending a REST request from the API Gateway console with nothing in the header box causes the lambda to null pointer, this previously worked with earlier versions of the java eg 1.1.1.
Note: Any succeeding call fixes this behavior till the lambda goes cold. (bug goes away)
Full log output
22:44:54
java.lang.NullPointerException
22:44:54
at com.amazonaws.serverless.proxy.internal.servlet.AwsProxyHttpServletRequest.getServerName(AwsProxyHttpServletRequest.java:561)
22:44:54
at com.amazonaws.serverless.proxy.jersey.JerseyHandlerFilter.getBaseUri(JerseyHandlerFilter.java:185)
22:44:54
at com.amazonaws.serverless.proxy.jersey.JerseyHandlerFilter.servletRequestToContainerRequest(JerseyHandlerFilter.java:127)
22:44:54
at com.amazonaws.serverless.proxy.jersey.JerseyHandlerFilter.doFilter(JerseyHandlerFilter.java:86)
22:44:54
at com.amazonaws.serverless.proxy.internal.servlet.FilterChainHolder.doFilter(FilterChainHolder.java:90)
22:44:54
at com.amazonaws.serverless.proxy.internal.servlet.AwsLambdaServletContainerHandler.doFilter(AwsLambdaServletContainerHandler.java:150)
22:44:54
at com.amazonaws.serverless.proxy.jersey.JerseyLambdaContainerHandler.handleRequest(JerseyLambdaContainerHandler.java:185)
22:44:54
at com.amazonaws.serverless.proxy.jersey.JerseyLambdaContainerHandler.handleRequest(JerseyLambdaContainerHandler.java:77)
22:44:54
at com.amazonaws.serverless.proxy.internal.LambdaContainerHandler.proxy(LambdaContainerHandler.java:211)
22:44:54
at com.amazonaws.serverless.proxy.internal.LambdaContainerHandler.proxyStream(LambdaContainerHandler.java:246)
The text was updated successfully, but these errors were encountered: