MeinardG opened a new issue, #1484: URL: https://github.com/apache/shiro/issues/1484
### Search before asking - [X] I had searched in the [issues](https://github.com/apache/shiro/issues?q=is%3Aissue) and found no similar issues. ### Environment I am running a PoC using Tomcat Embedded (10.1.23) with CDI (Weld 5.1.2) + JSF (Mojarra 4.0.7) ### Shiro version I am using Shiro 2.0.0 with Jakarta classifier ``` implementation('org.apache.shiro:shiro-jakarta-ee:2.0.0:jakarta') { exclude(group: 'org.apache.shiro', module: 'shiro-core') exclude(group: 'org.apache.shiro', module: 'shiro-cdi') exclude(group: 'org.apache.shiro', module: 'shiro-web') } implementation('org.apache.shiro:shiro-cdi:2.0.0:jakarta') { exclude(group: 'org.apache.shiro', module: 'shiro-core') } implementation('org.apache.shiro:shiro-web:2.0.0:jakarta') { exclude(group: 'org.apache.shiro', module: 'shiro-core') } implementation 'org.apache.shiro:shiro-core:2.0.0:jakarta' ``` ### What was the actual outcome? I am getting a NullPointerException when the login fails. The reason is that the LOGIN_WAITTIME_ATTR_NAME request attribute was not set. https://github.com/apache/shiro/blob/f532a2112993a5f7c47c286dcbd3f34e4e1cc906/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/Forms.java#L161 There is code to set the value in `AuthenticationFilterDelegate.preHandle()`. I debugged it, and the method never is called. I am not sure if this is due to my custom configuration. I tried setting up the SecurityManager and my custom realm using CDI and EnvironmentLoaderListener (shiro.ini), but in both cases, I got the same exception. ### What was the expected outcome? The method `AuthenticationFilterDelegate.preHandle()` is executed and adds the LOGIN_WAITTIME_ATTR_NAME param to the request or assumes a default value when the attribute is null. ### How to reproduce 1. Setup a project using shiro-jakarta-ee 2.0.0 2. Add a realm (in my case it is a custom class inherited from AuthenticatingRealm) using CDI https://shiro.apache.org/jakarta-ee.html#configuring_cdi_without_jakarta_ee_module_or_shiro_ini 3. Add a JSF login page https://shiro.apache.org/jakarta-ee.html#jakarta_faces_jsf_features 4. Fails the login by throwing an AuthenticationException from the AuthenticatingRealm ### Debug logs ``` SEVERE: Servlet.service() for servlet [FacesServlet] in context with path [] threw exception [Cannot invoke "java.lang.Integer.intValue()" because the return value of "org.omnifaces.util.Faces.getRequestAttribute(String)" is null] with root cause java.lang.NullPointerException: Cannot invoke "java.lang.Integer.intValue()" because the return value of "org.omnifaces.util.Faces.getRequestAttribute(String)" is null at org.apache.shiro.ee.filters.Forms.login(Forms.java:161) at org.apache.shiro.ee.filters.Forms$AuthenticationMethods.login(Forms.java:84) at org.apache.shiro.ee.filters.Forms$AuthenticationMethods.login(Forms.java:73) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.apache.el.parser.AstValue.invoke(AstValue.java:252) at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:266) at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:70) at com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:74) at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:62) at jakarta.faces.component.UICommand.broadcast(UICommand.java:205) at jakarta.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:858) at jakarta.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1332) at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:56) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:72) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:131) at jakarta.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:691) at jakarta.faces.webapp.FacesServlet.service(FacesServlet.java:449) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:196) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) at java.base/java.lang.Thread.run(Thread.java:833) ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
