Stash displays 404 j_stash_security_check after User Directory modifications

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

After making changes to User Directories in Stash users are not able to log-in anymore.

The following page is showed after login attempt:

 

The following appears in the atlassian-stash.log

2015-08-13 17:06:56,498 WARN  [http-nio-7990-exec-3] @1TI7KIHx1026x23x0 127.0.0.1 "POST /j_stash_security_check HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider Authenticator 'com.atlassian.stash.stash-auth-crowd-sso:crowdSsoAuthHandler' threw an exception
java.lang.NullPointerException: null
	at com.atlassian.stash.internal.crowd.HibernateApplicationDao.initialize(HibernateApplicationDao.java:67) ~[stash-dao-impl-3.11.1.jar:na]
	at com.atlassian.stash.internal.crowd.HibernateApplicationDao.findByName(HibernateApplicationDao.java:39) ~[stash-dao-impl-3.11.1.jar:na]
	at com.atlassian.stash.internal.crowd.HibernateApplicationDao.findByName(HibernateApplicationDao.java:25) ~[stash-dao-impl-3.11.1.jar:na]
	at com.atlassian.stash.internal.crowd.MemoizingApplicationFactory.getApplication(MemoizingApplicationFactory.java:36) ~[stash-service-impl-3.11.1.jar:na]
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.getApplication(CrowdServiceImpl.java:891) ~[embedded-crowd-core-2.8.4-m1.jar:na]
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.getUserWithAttributes(CrowdServiceImpl.java:104) ~[embedded-crowd-core-2.8.4-m1.jar:na]
	at com.atlassian.stash.internal.crowd.RiotPolice.findUserWithAttributes(RiotPolice.java:419) ~[stash-service-impl-3.11.1.jar:na]
	at com.atlassian.stash.internal.auth.DefaultCaptchaService.checkCaptcha(DefaultCaptchaService.java:93) ~[stash-service-impl-3.11.1.jar:na]
	at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider.attemptAuthentication(PluginAuthenticationProvider.java:117) [PluginAuthenticationProvider.class:na]
	at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider.authenticate(PluginAuthenticationProvider.java:61) [PluginAuthenticationProvider.class:na]
	at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:102) [StashAuthenticationFilter.class:na]
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:109) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:103) [atlassian-trusted-apps-core-4.0.0.jar:na]
	at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:79) [atlassian-oauth-service-provider-plugin-1.9.10_1432245188000.jar:na]
	at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:36) [analytics-client-3.70.1_1436161608000.jar:na]
	at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) [analytics-client-3.70.1_1436161608000.jar:na]
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:87) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:85) [stash-service-impl-3.11.1.jar:na]
	at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) [ConfigurableWebFilter.class:na]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_45]
	at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
	... 166 frames trimmed

Diagnosis

Diagnostic Steps

Analyse the content of CWD_APP_DIR_MAPPING table in the database:

SELECT * FROM cwd_app_dir_mapping;

 

There are three possible scenarios where the error is present:

  1. Non-unique values in LIST_INDEX column

    Example
    mysql> SELECT * FROM cwd_app_dir_mapping;
    +--------+----------------+--------------+------------+--------------+
    | id     | application_id | directory_id | list_index | is_allow_all |
    +--------+----------------+--------------+------------+--------------+
    |  65537 |              1 |        32769 |          1 | T            |
    | 262145 |              1 |       229377 |          1 | T            |
    | 655361 |              1 |       622593 |          2 | T            |
    +--------+----------------+--------------+------------+--------------+
  2. Non-consecutive values in LIST_INDEX column

    Example
    mysql> SELECT * FROM cwd_app_dir_mapping;
    +--------+----------------+--------------+------------+--------------+
    | id     | application_id | directory_id | list_index | is_allow_all |
    +--------+----------------+--------------+------------+--------------+
    |  65537 |              1 |        32769 |          0 | T            |
    | 262145 |              1 |       229377 |          1 | T            |
    | 655361 |              1 |       622593 |          3 | T            |
    +--------+----------------+--------------+------------+--------------+
  3. Values in LIST_INDEX column consecutive but not starting from 0

    Example
    mysql> SELECT * FROM cwd_app_dir_mapping;
    +--------+----------------+--------------+------------+--------------+
    | id     | application_id | directory_id | list_index | is_allow_all |
    +--------+----------------+--------------+------------+--------------+
    |  65537 |              1 |        32769 |          1 | T            |
    | 262145 |              1 |       229377 |          2 | T            |
    | 655361 |              1 |       622593 |          3 | T            |
    +--------+----------------+--------------+------------+--------------+

Cause

Modifications in User Directories could leave the Stash database in an inconsistent state, so that when users try to authenticate and the CWD_APP_DIR_MAPPING table is examined to spot the directory the user belongs to, it throws the error above.

Workaround

Change the values of LIST_INDEX column in CWD_APP_DIR_MAPPING to make them consecutive and starting from 0 solves the problem.

UPDATE cwd_app_dir_mapping SET list_index=0 WHERE id=65537

The query provided is just an example and is referred only to case 1. Please change the values of LIST_INDEX and ID in the query accordingly to the case you are experiencing and to the actual values in the database table.

 

Always back up your data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.