You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Romain Manni-Bucau (JIRA)" <ji...@apache.org> on 2016/07/13 05:41:20 UTC
[jira] [Commented] (TOMEE-1865) NPE when injected request used in
bean called from JASPIC SAM
[ https://issues.apache.org/jira/browse/TOMEE-1865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15374386#comment-15374386 ]
Romain Manni-Bucau commented on TOMEE-1865:
-------------------------------------------
adding a duplicates issue (TOMEE-1866) to mention the issue with tomcat semantic too
> NPE when injected request used in bean called from JASPIC SAM
> -------------------------------------------------------------
>
> Key: TOMEE-1865
> URL: https://issues.apache.org/jira/browse/TOMEE-1865
> Project: TomEE
> Issue Type: Bug
> Components: TomEE Core Server
> Affects Versions: 7.0.1
> Reporter: Arjan Tijms
> Labels: security
>
> When a CDI bean is called from a JASPIC SAM ({{validateRequest}} or {{secureResponse}}), and this bean has an injected {{HttpServletRequest}}, then a proxy is indeed injected, but when any method is called on this proxy a NullPointerException is thrown:
> {noformat}
> java.lang.NullPointerException
> at sun.reflect.GeneratedMethodAccessor43.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.openejb.cdi.Proxys$ThreadLocalHandler.invoke(Proxys.java:95)
> at com.sun.proxy.$Proxy15.setAttribute(Unknown Source)
> at org.javaee7.jaspic.invoke.bean.CDIBean.setTextViaInjectedRequest(CDIBean.java:20)
> at org.javaee7.jaspic.invoke.bean.CDIBean$$OwbNormalScopeProxy0.setTextViaInjectedRequest(org/javaee7/jaspic/invoke/bean/CDIBean.java)
> at org.javaee7.jaspic.invoke.sam.TestServerAuthModule.callCDIBean(TestServerAuthModule.java:113)
> at org.javaee7.jaspic.invoke.sam.TestServerAuthModule.validateRequest(TestServerAuthModule.java:57)
> at org.javaee7.jaspic.common.TestServerAuthContext.validateRequest(TestServerAuthContext.java:36)
> at org.apache.catalina.authenticator.AuthenticatorBase.authenticate(AuthenticatorBase.java:706)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:599)
> {noformat}
> The same exception is thrown when a SAM doesn't call a CDI bean directly, but forwards to a Servlet, which is injected with the same kind of CDI bean.
> For using the bean directly from a SAM I've extended the existing test case here: https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/invoke-ejb-cdi
> The expected output is:
> {noformat}
> validateRequest: Called from CDI
> validateRequest: Called from CDI via injected request
> Resource invoked
> cleanSubject: Called from CDI
> cleanSubject: Called from CDI via injected request
> secureResponse: Called from CDI
> secureResponse: Called from CDI via injected request
> {noformat}
> But on TomEE 7.0.1 it's:
> {noformat}validateRequest: Called from CDI
> Resource invoked
> cleanSubject: Called from CDI
> cleanSubject: Called from CDI via injected request
> secureResponse: Called from CDI
> {noformat}
> On JBoss EAP 7/WildFly 10.0.0 and Payara 4.1.1.162 the output is as expected.
> The CDI bean looks as follows:
> {code:java}
> @Named
> @RequestScoped
> public class CDIBean {
>
> @Inject
> private HttpServletRequest request;
> public String getText() {
> return "Called from CDI";
> }
>
> public void setTextViaInjectedRequest() {
> request.setAttribute("text", "Called from CDI via injected request");
> }
>
> }
> {code}
> The call to this bean from a SAM is essentially this:
> {code:java}
> CDIBean cdiBean = CDI.current().select(CDIBean.class).get();
> cdiBean.setTextViaInjectedRequest();
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)