[ 
https://issues.apache.org/jira/browse/TOMEE-1865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Romain Manni-Bucau resolved TOMEE-1865.
---------------------------------------
       Resolution: Fixed
         Assignee: Romain Manni-Bucau
    Fix Version/s: 7.0.2

> NPE when injected request used in bean called from JASPIC SAM
> -------------------------------------------------------------
>
>                 Key: TOMEE-1865
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1865
>             Project: TomEE
>          Issue Type: Bug
>          Components: TomEE Core Server
>    Affects Versions: 7.0.1
>            Reporter: Arjan Tijms
>            Assignee: Romain Manni-Bucau
>              Labels: security
>             Fix For: 7.0.2
>
>
> When a CDI bean is called from a JASPIC SAM ({{validateRequest}} or 
> {{secureResponse}}), and this bean has an injected {{HttpServletRequest}}, 
> then a proxy is indeed injected, but when any method is called on this proxy 
> a NullPointerException is thrown:
> {noformat}
> java.lang.NullPointerException
>       at sun.reflect.GeneratedMethodAccessor43.invoke(Unknown Source)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:498)
>       at 
> org.apache.openejb.cdi.Proxys$ThreadLocalHandler.invoke(Proxys.java:95)
>       at com.sun.proxy.$Proxy15.setAttribute(Unknown Source)
>       at 
> org.javaee7.jaspic.invoke.bean.CDIBean.setTextViaInjectedRequest(CDIBean.java:20)
>       at 
> org.javaee7.jaspic.invoke.bean.CDIBean$$OwbNormalScopeProxy0.setTextViaInjectedRequest(org/javaee7/jaspic/invoke/bean/CDIBean.java)
>       at 
> org.javaee7.jaspic.invoke.sam.TestServerAuthModule.callCDIBean(TestServerAuthModule.java:113)
>       at 
> org.javaee7.jaspic.invoke.sam.TestServerAuthModule.validateRequest(TestServerAuthModule.java:57)
>       at 
> org.javaee7.jaspic.common.TestServerAuthContext.validateRequest(TestServerAuthContext.java:36)
>       at 
> org.apache.catalina.authenticator.AuthenticatorBase.authenticate(AuthenticatorBase.java:706)
>       at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:599)
> {noformat}
> The same exception is thrown when a SAM doesn't call a CDI bean directly, but 
> forwards to a Servlet, which is injected with the same kind of CDI bean.
> For using the bean directly from a SAM I've extended the existing test case 
> here: 
> https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/invoke-ejb-cdi
> The expected output is:
> {noformat}
> validateRequest: Called from CDI
> validateRequest: Called from CDI via injected request
> Resource invoked
> cleanSubject: Called from CDI
> cleanSubject: Called from CDI via injected request
> secureResponse: Called from CDI
> secureResponse: Called from CDI via injected request
> {noformat}
> But on TomEE 7.0.1 it's:
> {noformat}validateRequest: Called from CDI
> Resource invoked
> cleanSubject: Called from CDI
> cleanSubject: Called from CDI via injected request
> secureResponse: Called from CDI
> {noformat}
> On JBoss EAP 7/WildFly 10.0.0 and Payara 4.1.1.162 the output is as expected.
> The CDI bean looks as follows:
> {code:java}
> @Named
> @RequestScoped
> public class CDIBean {
>     
>     @Inject
>     private HttpServletRequest request;
>     public String getText() {
>         return "Called from CDI";
>     }
>     
>     public void setTextViaInjectedRequest() {
>         request.setAttribute("text", "Called from CDI via injected request");
>     }
>     
> }
> {code}
> The call to this bean from a SAM is essentially this:
> {code:java}
> CDIBean cdiBean = CDI.current().select(CDIBean.class).get();
> cdiBean.setTextViaInjectedRequest();
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to