Bitbucket Server displays 404 j_bitbucket_security_check after User Directory modifications

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms.

Problem

After making changes to User Directories in Bitbucket Server users are not able to log in anymore.

The following page is shown after trying to log in:

404
/j_bitbucket_security_check
 
Use the links at the top to get back.

The following appears in the atlassian-bitbucket.log

2015-08-13 17:06:56,498 WARN  [http-nio-7990-exec-3] @1TI7KIHx1026x23x0 127.0.0.1 "POST /j_bitbucket_security_check HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider Authenticator 'com.atlassian.bitbucket.bitbucket-auth-crowd-sso:crowdSsoAuthHandler' threw an exception
java.lang.NullPointerException: null
	at com.atlassian.bitbucket.internal.crowd.HibernateApplicationDao.initialize(HibernateApplicationDao.java:67) ~[bitbucket-dao-impl-3.11.1.jar:na]
	at com.atlassian.bitbucket.internal.crowd.HibernateApplicationDao.findByName(HibernateApplicationDao.java:39) ~[bitbucket-dao-impl-3.11.1.jar:na]
	at com.atlassian.bitbucket.internal.crowd.HibernateApplicationDao.findByName(HibernateApplicationDao.java:25) ~[bitbucket-dao-impl-3.11.1.jar:na]
	at com.atlassian.bitbucket.internal.crowd.MemoizingApplicationFactory.getApplication(MemoizingApplicationFactory.java:36) ~[bitbucket-service-impl-3.11.1.jar:na]
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.getApplication(CrowdServiceImpl.java:891) ~[embedded-crowd-core-2.8.4-m1.jar:na]
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.getUserWithAttributes(CrowdServiceImpl.java:104) ~[embedded-crowd-core-2.8.4-m1.jar:na]
	at com.atlassian.bitbucket.internal.crowd.RiotPolice.findUserWithAttributes(RiotPolice.java:419) ~[bitbucket-service-impl-3.11.1.jar:na]
	at com.atlassian.bitbucket.internal.auth.DefaultCaptchaService.checkCaptcha(DefaultCaptchaService.java:93) ~[bitbucket-service-impl-3.11.1.jar:na]
	at com.atlassian.bitbucket.internal.spring.security.PluginAuthenticationProvider.attemptAuthentication(PluginAuthenticationProvider.java:117) [PluginAuthenticationProvider.class:na]
	at com.atlassian.bitbucket.internal.spring.security.PluginAuthenticationProvider.authenticate(PluginAuthenticationProvider.java:61) [PluginAuthenticationProvider.class:na]
	at com.atlassian.bitbucket.internal.spring.security.Bitbucket ServerAuthenticationFilter.doFilter(Bitbucket ServerAuthenticationFilter.java:102) [Bitbucket ServerAuthenticationFilter.class:na]
	at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:109) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:103) [atlassian-trusted-apps-core-4.0.0.jar:na]
	at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:79) [atlassian-oauth-service-provider-plugin-1.9.10_1432245188000.jar:na]
	at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:36) [analytics-client-3.70.1_1436161608000.jar:na]
	at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) [analytics-client-3.70.1_1436161608000.jar:na]
	at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:87) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.bitbucket.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:85) [bitbucket-service-impl-3.11.1.jar:na]
	at com.atlassian.bitbucket.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) [ConfigurableWebFilter.class:na]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_45]
	at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
	... 166 frames trimmed

Diagnosis

Diagnostic Steps

Analyse the content of CWD_APP_DIR_MAPPING table in the database:

SELECT * FROM cwd_app_dir_mapping;


There are three possible scenarios that cause the error to occur:

  1. Non-unique values in LIST_INDEX column

    Example
    mysql> SELECT * FROM cwd_app_dir_mapping;
    +--------+----------------+--------------+------------+--------------+
    | id     | application_id | directory_id | list_index | is_allow_all |
    +--------+----------------+--------------+------------+--------------+
    |  65537 |              1 |        32769 |          1 | T            |
    | 262145 |              1 |       229377 |          1 | T            |
    | 655361 |              1 |       622593 |          2 | T            |
    +--------+----------------+--------------+------------+--------------+
  2. Non-consecutive values in LIST_INDEX column

    Example
    mysql> SELECT * FROM cwd_app_dir_mapping;
    +--------+----------------+--------------+------------+--------------+
    | id     | application_id | directory_id | list_index | is_allow_all |
    +--------+----------------+--------------+------------+--------------+
    |  65537 |              1 |        32769 |          0 | T            |
    | 262145 |              1 |       229377 |          1 | T            |
    | 655361 |              1 |       622593 |          3 | T            |
    +--------+----------------+--------------+------------+--------------+
  3. Values in LIST_INDEX column consecutive but not starting from 0


    Example
    mysql> SELECT * FROM cwd_app_dir_mapping;
    +--------+----------------+--------------+------------+--------------+
    | id     | application_id | directory_id | list_index | is_allow_all |
    +--------+----------------+--------------+------------+--------------+
    |  65537 |              1 |        32769 |          1 | T            |
    | 262145 |              1 |       229377 |          2 | T            |
    | 655361 |              1 |       622593 |          3 | T            |
    +--------+----------------+--------------+------------+--------------+

Cause

Modifications in User Directories could leave the Bitbucket Server database in an inconsistent state. As a result, when users try to authenticate and the CWD_APP_DIR_MAPPING table is examined to identify the directory the user belongs to, it throws the error above.

Workaround

Change the values of LIST_INDEX column in CWD_APP_DIR_MAPPING to make them consecutive and starting from 0 solves the problem.

The query provided is just an example and is referred only to case 1. Please change the values of LIST_INDEX and ID in the query accordingly to the case you are experiencing and to the actual values in the database table.

Always back up your data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

UPDATE cwd_app_dir_mapping SET list_index=0 WHERE id=65537



Last modified on Apr 19, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.