[ https://issues.apache.org/jira/browse/TOMEE-1865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15374736#comment-15374736 ]
Arjan Tijms commented on TOMEE-1865: ------------------------------------ That's a really quick fix, thanks Romain! > NPE when injected request used in bean called from JASPIC SAM > ------------------------------------------------------------- > > Key: TOMEE-1865 > URL: https://issues.apache.org/jira/browse/TOMEE-1865 > Project: TomEE > Issue Type: Bug > Components: TomEE Core Server > Affects Versions: 7.0.1 > Reporter: Arjan Tijms > Assignee: Romain Manni-Bucau > Labels: security > Fix For: 7.0.2 > > > When a CDI bean is called from a JASPIC SAM ({{validateRequest}} or > {{secureResponse}}), and this bean has an injected {{HttpServletRequest}}, > then a proxy is indeed injected, but when any method is called on this proxy > a NullPointerException is thrown: > {noformat} > java.lang.NullPointerException > at sun.reflect.GeneratedMethodAccessor43.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.openejb.cdi.Proxys$ThreadLocalHandler.invoke(Proxys.java:95) > at com.sun.proxy.$Proxy15.setAttribute(Unknown Source) > at > org.javaee7.jaspic.invoke.bean.CDIBean.setTextViaInjectedRequest(CDIBean.java:20) > at > org.javaee7.jaspic.invoke.bean.CDIBean$$OwbNormalScopeProxy0.setTextViaInjectedRequest(org/javaee7/jaspic/invoke/bean/CDIBean.java) > at > org.javaee7.jaspic.invoke.sam.TestServerAuthModule.callCDIBean(TestServerAuthModule.java:113) > at > org.javaee7.jaspic.invoke.sam.TestServerAuthModule.validateRequest(TestServerAuthModule.java:57) > at > org.javaee7.jaspic.common.TestServerAuthContext.validateRequest(TestServerAuthContext.java:36) > at > org.apache.catalina.authenticator.AuthenticatorBase.authenticate(AuthenticatorBase.java:706) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:599) > {noformat} > The same exception is thrown when a SAM doesn't call a CDI bean directly, but > forwards to a Servlet, which is injected with the same kind of CDI bean. > For using the bean directly from a SAM I've extended the existing test case > here: > https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/invoke-ejb-cdi > The expected output is: > {noformat} > validateRequest: Called from CDI > validateRequest: Called from CDI via injected request > Resource invoked > cleanSubject: Called from CDI > cleanSubject: Called from CDI via injected request > secureResponse: Called from CDI > secureResponse: Called from CDI via injected request > {noformat} > But on TomEE 7.0.1 it's: > {noformat}validateRequest: Called from CDI > Resource invoked > cleanSubject: Called from CDI > cleanSubject: Called from CDI via injected request > secureResponse: Called from CDI > {noformat} > On JBoss EAP 7/WildFly 10.0.0 and Payara 4.1.1.162 the output is as expected. > The CDI bean looks as follows: > {code:java} > @Named > @RequestScoped > public class CDIBean { > > @Inject > private HttpServletRequest request; > public String getText() { > return "Called from CDI"; > } > > public void setTextViaInjectedRequest() { > request.setAttribute("text", "Called from CDI via injected request"); > } > > } > {code} > The call to this bean from a SAM is essentially this: > {code:java} > CDIBean cdiBean = CDI.current().select(CDIBean.class).get(); > cdiBean.setTextViaInjectedRequest(); > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)