You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by "Gerhard Petracek (JIRA)" <ji...@apache.org> on 2019/06/25 20:57:00 UTC
[jira] [Commented] (DELTASPIKE-1383) Authorizer is marked
initialized before being fully initialed. NullPointerException follows.
[ https://issues.apache.org/jira/browse/DELTASPIKE-1383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16872706#comment-16872706 ]
Gerhard Petracek commented on DELTASPIKE-1383:
----------------------------------------------
@[~hidde.wieringa]:
thx for creating the pull-request.
(fyi: we currently re-visit the whole init-code)
it would be great if you can reword your commit-message.
our template:
DELTASPIKE-[xyz] [text]
> Authorizer is marked initialized before being fully initialed. NullPointerException follows.
> --------------------------------------------------------------------------------------------
>
> Key: DELTASPIKE-1383
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-1383
> Project: DeltaSpike
> Issue Type: Bug
> Components: Security-Module
> Affects Versions: 1.8.0, 1.8.1, 1.8.2, 1.9.0
> Reporter: Hidde Wieringa
> Assignee: Gerhard Petracek
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Similar to DELTASPIKE-1378!
> Authorizer is marked initialized before being fully initialed. A NullPointerException follows.
> This is caused by {{boundAuthorizerBean}} being used for determining if the Authorizer is initialized. Futhermore {{boundAuthorizerMethodProxy}} is also initialized in that method, and used elsewhere. Another thread can see the non-null {{boundAuthorizerBean}} and assume {{boundAuthorizerMethodProxy}} is also non-null. This results in a nullpointer exception.
> Stack trace (with some class names removed):
> {noformat}
> 14:17:14.541 [XNIO-1 task-3] ERROR c.n.h.g.h.u.h.DelegateExceptionHandler - java.lang.NullPointerException
> org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
> at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:78)
> at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:222)
> at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:175)
> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:418)
> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209)
> at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter.doFilter(XxxxxxFilter.groovy:106)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at javax.servlet.FilterChain$doFilter.call(Unknown Source)
> at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter.doFilter(XxxxxxFilter.groovy:31)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter.doFilter(XxxxxxFilter.groovy:50)
> at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter$$OwbInterceptProxy0.doFilter(XxxxxxFilter.java)
> at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter$$OwbNormalScopeProxy0.doFilter(XxxxxxFilter.java)
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.NullPointerException: null
> at org.apache.deltaspike.security.impl.extension.Authorizer.authorize(Authorizer.java:182)
> at org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.invokeBeforeMethodInvocationAuthorizers(DefaultSecurityStrategy.java:80)
> at org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.execute(DefaultSecurityStrategy.java:62)
> at org.apache.deltaspike.security.impl.extension.SecurityInterceptor.filterDeniedInvocations(SecurityInterceptor.java:44)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136)
> at org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65)
> at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxInterceptor.intercept(XxxxxxxInterceptor.groovy:58)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136)
> at org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65)
> at org.apache.webbeans.intercept.DefaultInterceptorHandler.invoke(DefaultInterceptorHandler.java:139)
> at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxResource$$OwbInterceptProxy0.getCarePath(xxxxxxxxx.java)
> at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxResource$$OwbNormalScopeProxy0.xxx(xxxxxxxxx.java)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
> at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:294)
> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:248)
> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:235)
> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402)
> ... 46 common frames omitted{noformat}
> See the PR which should fix this at [https://github.com/apache/deltaspike/pull/92]
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)