Java null pointer exception viewing ACL properties in DA 7.3

ArthyTrip

Hi all,

I have a little series of internal ACLs (of the type "dm _...") that it is impossible to see the properties.

Every time I try to see the properties the system generates a "Null pointer exception" error and in the DA log (7.3) the below error appears.

Is there any way to fix or remediate the ACL?

These ACLs are of users and - in fact - of type "internal", can it be a solution to create some new ACL by hand and associate them with the users?

Thanks in advance

Arthy

----------

09:25:36,991 ERROR [http-nio-8020-exec-7] com.documentum.web.common.Trace -

java.lang.NullPointerException

   at com.documentum.webcomponent.admin.acl.AclInfo.initializeOwnerControl(AclInfo.java:146)

   at com.documentum.webcomponent.admin.acl.AclInfo.onInit(AclInfo.java:103)

   at com.documentum.web.form.FormProcessor.invokeMethod(FormProcessor.java:1604)

   at com.documentum.web.form.FormProcessor.invokeMethod(FormProcessor.java:1489)

   at com.documentum.web.form.FormProcessor.fireOnInitEvent(FormProcessor.java:1154)

   at com.documentum.web.form.ControlTag.fireFormOnInitEvent(ControlTag.java:794)

   at com.documentum.web.formext.control.component.ComponentIncludeTag.renderEnd(ComponentIncludeTag.java:135)

   at com.documentum.web.form.ControlTag.doEndTag(ControlTag.java:928)

   at org.apache.jsp.webcomponent.library.propertysheetwizardcontainer.propertysheetwizardcontainer_jsp._jspx_meth_dmfx_005fcontainerinclude_005f0(propertysheetwizardcontainer_jsp.java:1155)

   at org.apache.jsp.webcomponent.library.propertysheetwizardcontainer.propertysheetwizardcontainer_jsp._jspService(propertysheetwizardcontainer_jsp.java:346)

   at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)

   at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

   at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438)

   at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396)

   at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340)

   at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)

   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

   at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)

   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

   at com.documentum.web.servlet.ResponseHeaderControlFilter.doFilter(ResponseHeaderControlFilter.java:351)

   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)

   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

   at com.documentum.web.servlet.CompressionFilter.doFilter(CompressionFilter.java:96)

   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)

   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

   at com.documentum.web.env.WDKController.processRequest(WDKController.java:144)

   at com.documentum.web.env.WDKController.doFilter(WDKController.java:131)

   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)

   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)

   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)

   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)

   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)

   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)

   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

   at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)

   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)

   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)

   at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132)

   at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)

   at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539)

   at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495)

   at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

   at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

   at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

   at java.lang.Thread.run(Unknown Source)

ArthyTrip

I discovered the user name was changed by DQL and the internal ACL was still pointing to the old user name.

DCTM_Guru

There are probably other inconsistency issues besides ACL. Run the consistency checker job and view the job report. If you need to rename user, you need to use the rename job so that the Content Server can update ALL objects/attributes (e.g. owner_name) that reference old user name and replace it with new user name

ArthyTrip

As you suggested, I have done the verification and indeed there is something strange.

The user (say) 'Dude User' appears in a couple of warnings generated by the Consistency Check job. To be precise:

Checking for users with non-existent group

Checking for users belonging to groups not in dm_user

 WARNING CC-0002: User 'Dude User' is referenced in dm_group with id '...3d00' but does not have a valid dm_user object

 WARNING CC-0002: User 'Dude User' is referenced in dm_group with id '...3d02' but does not have a valid dm_user object

Rows Returned: 2

The strange thing is that if from the DA interface I list the users of those two groups, the user in question does not appear.

If instead I run the query

select users_names from dm_group where r_object_id = '...3d00';

in effect the 'Dude User' appears.

Perhaps it is possible that the query used by the DA interface is more sophisticated and filters out users with defects.

From the DA interface I managed to remove the user from all the groups to which he was assigned and I deleted him (always from DA).

Then I relaunched the Consistency Check job and now I only have a couple of lines like

 WARNING CC-0009: Sysobject with r_object_id '...9dbf' has acl_domain entry of 'dude user' which is not a valid user

So, I recreated the user from scratch, reassigned to the right groups and rerun the Consistency Check.

It looks like everything is ok, apart from the lines of the type just above.

The Sysobject with ID '...9dbf' is a dm_cabinet with object_name = 'dude user' (note the lowercase initials).

Also in this case the cabinet is not visible in the DA interface and I wonder if it's possible to delete it witha a trivial DQL (we are talking about a bran new user, without associated contents).

Thank for your suggestion and future comments.

Arthy

DCTM_Guru

You cant see the cabinet in DA probably b/c its defined as private (is_private=T). This is UI filter and you (sysadmin) can actually still see the contents. That being said, run this query to check if there is anything in the cabinet:

select * from dm_sysobject where folder('/dude user'.descend)

If there are results, then you need to delete them first:

delete dm_sysobject objects where folder('/dude user'.descend)

If you get no results, then you can just delete the cabinet:

delete dm_cabinet object where r_object_id='...9dbf'

ArthyTrip

Uff... you solved!

Thanks so much

DCTM_SABH1

Can you please help me to to solve Java null pointer exception viewing ACL properties which I am getting after I revoked user access using below DQL command.

Retrieve,c,dm_acl where object_name='acl'

Revoke,c,l,username

Save,c,l



This is very urgent so thank you in advance.

SabhT

DCTM_Guru

If you are doing this in DA, why dont you just find the ACL and update it using UI instead of trying to execute these API?

DCTM_SABH1

We had to remove access from multiple ACL so tried with API for one user but now I can't see properties.Can you please guide if I have to perform any other step to fix null pointer exception.

DCTM_Guru

If you cant see properties page, its probably b/c you upgraded your JRE to later version than what is officially supported by your DA version. Either upgrade your DA version or downgrade JRE version and you should be able to see properties page.

DCTM_SABH1

Thank you for your response.This is not the case with all ACL. This null pointer exception is only coming to ACL for which I executed API. Other ACL properties I can view .So seeking your advise on this to fix.

DCTM_Guru

Maybe you corrupt it. Find a document that is referencing this ACL and then look at Permissions tab for the document. This will tell you accessors and accessor permits for each. You can then try to create a new acl that duplicates it and reassign the acl_namme to this new one.