You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by "Hidde Wieringa (JIRA)" <ji...@apache.org> on 2019/06/19 07:46:00 UTC
[jira] [Created] (DELTASPIKE-1383) Authorizer is marked initialized
before being fully initialed. NullPointerException follows.
Hidde Wieringa created DELTASPIKE-1383:
------------------------------------------
Summary: Authorizer is marked initialized before being fully initialed. NullPointerException follows.
Key: DELTASPIKE-1383
URL: https://issues.apache.org/jira/browse/DELTASPIKE-1383
Project: DeltaSpike
Issue Type: Bug
Components: Security-Module
Affects Versions: 1.9.0, 1.8.2, 1.8.1, 1.8.0
Reporter: Hidde Wieringa
Authorizer is marked initialized before being fully initialed. A NullPointerException follows.
This is caused by {{boundAuthorizerBean}} being used for determining if the Authorizer is initialized. Futhermore {{boundAuthorizerMethodProxy}} is also initialized in that method, and used elsewhere. Another thread can see the non-null {{boundAuthorizerBean}} and assume {{boundAuthorizerMethodProxy}} is also non-null. This results in a nullpointer exception.
Stack trace (with some class names removed):
{noformat}
14:17:14.541 [XNIO-1 task-3] ERROR c.n.h.g.h.u.h.DelegateExceptionHandler - java.lang.NullPointerException
org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:78)
at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:222)
at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:175)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:418)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter.doFilter(XxxxxxFilter.groovy:106)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at javax.servlet.FilterChain$doFilter.call(Unknown Source)
at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter.doFilter(XxxxxxFilter.groovy:31)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter.doFilter(XxxxxxFilter.groovy:50)
at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter$$OwbInterceptProxy0.doFilter(XxxxxxFilter.java)
at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter$$OwbNormalScopeProxy0.doFilter(XxxxxxFilter.java)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException: null
at org.apache.deltaspike.security.impl.extension.Authorizer.authorize(Authorizer.java:182)
at org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.invokeBeforeMethodInvocationAuthorizers(DefaultSecurityStrategy.java:80)
at org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.execute(DefaultSecurityStrategy.java:62)
at org.apache.deltaspike.security.impl.extension.SecurityInterceptor.filterDeniedInvocations(SecurityInterceptor.java:44)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136)
at org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65)
at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxInterceptor.intercept(XxxxxxxInterceptor.groovy:58)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136)
at org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65)
at org.apache.webbeans.intercept.DefaultInterceptorHandler.invoke(DefaultInterceptorHandler.java:139)
at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxResource$$OwbInterceptProxy0.getCarePath(xxxxxxxxx.java)
at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxResource$$OwbNormalScopeProxy0.xxx(xxxxxxxxx.java)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:294)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:248)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:235)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402)
... 46 common frames omitted{noformat}
See the PR which should fix this at
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)