Library > Articles >

Workaround: Proxied HTTP requests fail due to HTTP 500 error: NullPointerException

Curtis d’Entremont
Last Updated: 14 November 2012
Build Basis: Rational solution for Collaborative Lifecycle Management 4.0.1

Problem

During server execution, operations in the web client that fetch data from other applications in the deployment fail because of this error: HTTP error 500 Internal Server Error: java.lang.NullPointerException. This problem might impact the Home menu, dashboard widgets, project and artifact linking, or any component that loads data from another application in the web client.

The problem affects the web client proxy, which is a service that the browser uses to communicate with other applications in the deployment. The web client proxy is located at context_root/proxy. When this problem occurs, any web client component that uses the proxy to communicate with other applications receives error code 500 and cannot properly function. When some components, such as the dashboard widgets, fail, you can view the stack trace in the error details:

Screenshot showing failure in a dashboard widget

In other cases, such as in the Home menu, a generic error message like The server is offline or unreachable, is shown:

Screenshot showing failure in home menu

In any event, the server log contains one or more instances of this stack trace:

  2012-11-09 14:58:39,154 [        http-bio-9443-exec-248] ERROR net.jazz.ajax.service.internal.http.ProxyServlet    - GET https://host.example.com:9443/jts/proxy  ?uri=https%3A%2F%2Fhost2.example.com%3A9443%2Fccm%2Fviewlet%2Fcom.ibm.team.workitem.viewlet.statisticsHEADER: host = host.example.com:9443  HEADER: user-agent = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0  HEADER: accept = text/json  HEADER: accept-language = en-us,en;q=0.5  HEADER: accept-encoding = gzip, deflate  HEADER: connection = keep-alive  HEADER: x-com-ibm-team-configuration-versions = LATEST  HEADER: x-jazz-downstream-auth-client-level = 4.0  HEADER: content-type = application/x-www-form-urlencoded  HEADER: x-requested-with = XMLHttpRequest  HEADER: referer = https://host.example.com:9443/jts/dashboards/123  HEADER: cookie = JSESSIONID=02A...7E5; JazzFormAuth=Form; net-jazz-ajax-cookie-rememberUserId=  HEADER: if-none-match = "ktUvi6vpoS9UWpN28mVDGg=="  Parameter: uri = [https://host2.example.com:9443/ccm/viewlet/com.ibm.team.workitem.viewlet.statistics]    java.lang.NullPointerException  	at net.oauth.signature.OAuthSignatureMethod.normalizeUrl(OAuthSignatureMethod.java:158)  	at net.oauth.signature.OAuthSignatureMethod.getBaseString(OAuthSignatureMethod.java:152)  	at net.oauth.signature.OAuthSignatureMethod.getSignature(OAuthSignatureMethod.java:78)  	at net.oauth.signature.OAuthSignatureMethod.sign(OAuthSignatureMethod.java:50)  	at net.oauth.OAuthMessage.sign(OAuthMessage.java:307)  	at net.oauth.OAuthMessage.addRequiredParameters(OAuthMessage.java:297)  	at net.oauth.OAuthAccessor.newRequestMessage(OAuthAccessor.java:71)  	at com.ibm.team.jfs.app.oauth.OAuthHelper.getAuthorizationHeaderInternal(OAuthHelper.java:2252)  	at com.ibm.team.jfs.app.oauth.OAuthHelper.addAuthorizationHeader(OAuthHelper.java:1731)  	at net.jazz.ajax.service.auth.OAuthProvider.processRequest(OAuthProvider.java:123)  	at net.jazz.ajax.service.auth.OAuthProvider.processRequest(OAuthProvider.java:1)  	at net.jazz.ajax.service.auth.AuthenticatingClientService$1.process(AuthenticatingClientService.java:72)  	at org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:108)  	at org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:174)  	at com.ibm.team.jfs.app.http.client.internal.ExtensibleRequestDirector.handleRequest(ExtensibleRequestDirector.java:213)  	at com.ibm.team.jfs.app.http.client.internal.ExtensibleRequestDirector.execute(ExtensibleRequestDirector.java:147)  	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)  	at com.ibm.team.jfs.app.http.client.JazzHttpClient.execute(JazzHttpClient.java:256)  	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:927)  	at net.jazz.ajax.service.auth.AuthenticatingClientService.execute(AuthenticatingClientService.java:140)  	at net.jazz.ajax.service.internal.http.ProxyOperation.run(ProxyOperation.java:130)  	at net.jazz.ajax.service.internal.http.ProxyServlet.service(ProxyServlet.java:61)  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)  	at net.jazz.ajax.servlets.LoggingHttpServlet.service(LoggingHttpServlet.java:35)  	at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)  	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:126)  	at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)  	at org.eclipse.equinox.servletbridge.BridgeServlet.service(BridgeServlet.java:120)  	at com.ibm.team.repository.server.servletbridge.JazzServlet.service(JazzServlet.java:68)  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)  	at com.ibm.team.repository.server.servletbridge.BridgeFilter.processDelegate(BridgeFilter.java:133)  	at com.ibm.team.repository.server.servletbridge.BridgeFilter.doFilter(BridgeFilter.java:154)  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)  	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)  	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)  	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)  	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)  	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)  	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)  	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)  	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)  	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)  	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)  	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:897)  	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:919)  	at java.lang.Thread.run(Thread.java:738)

A variation of this stack trace exists. The variation has an extra line at the top of the stack:

  java.lang.NullPointerException  	at java.net.URI.getScheme(URI.java:1111)  	at net.oauth.signature.OAuthSignatureMethod.normalizeUrl(OAuthSignatureMethod.java:158)          ...

This defect is caused by a combination of adding OpenSocial gadgets to dashboards and using OAuth to authenticate with other applications in the deployment. After you add a gadget to a dashboard, the proxy cannot sign OAuth requests if OAuth is required for a given request. OAuth is used when single sign-on (SSO) is not configured or possible due to a distributed deployment. If you are using OAuth, after you log in to the current application, browser windows open and prompt you to log in to other applications.

Workaround

Refer to the workarounds described below to avoid and recover from this problem. Customers may also download an interim fix from this link: Download The Fix.

If the system is configured for SSO such that no OAuth authentication is normally required, you can do one of two workarounds, depending on whether the problem is affecting all users or a small subset of users:

  • If all users are affected: Restart the server. When you restart, the state of the proxy is reset.
  • If a subset of users are affected: Individual users can work around the problem by navigating to the web page that has the problem and then changing the URL path to /context_path/proxy/logout. After an empty page is displayed, users can click the browser’s back button to return to the original page. This option works only if SSO is enabled in the full system, including all friend applications.

To avoid this problem later, do not add OpenSocial gadgets to dashboards when you use OAuth to authenticate with other applications in the deployment.

Tips to avoid adding gadgets and using OAuth at the same time:

  • OAuth: Avoiding OAuth is not always possible. For example, in distributed deployments where the applications in the deployment use different host names, OAuth is needed. If you are experiencing this problem in a pilot scenario, use a deployment that supports SSO. If you have a deployment with SSO enabled, avoid using the web client with any URL other than the configured public URL of the server. If you use an internal host name, alias, or IP address, OAuth can be triggered when it is not actually needed.
  • OpenSocial gadgets: This problem is triggered only by adding new instances of OpenSocial gadgets, not by viewing them. Instruct users to not add any new gadgets except just before scheduled outages where the server is going to be restarted anyway.

Related Information

The following links point to related information:

Return to the top of the page

© Copyright IBM Corporation 2012

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Feedback
Was this information helpful? Yes No 3 people rated this as helpful.