Details
-
Improvement
-
Status: In Progress
-
Major
-
Resolution: Unresolved
-
2.7.11
-
None
-
None
-
Unknown
Description
Currently two different SecurityContext interfaces are available in CXF:
a) standard java: javax.ws.rs.core.SecurityContext
b) internal CXF: org.apache.cxf.security.SecurityContext
Context injection using @Context annotation works only for standard one. If user purposely or deliberately tries to inject internal CXF SecurityContext, access to it caused not very informative NLP:
Caused by: java.lang.NullPointerException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.cxf.jaxrs.impl.tl.ThreadLocalInvocationHandler.invoke(ThreadLocalInvocationHandler.java:36) at com.sun.proxy.$Proxy5.getUserPrincipal(Unknown Source) at demo.rs.security.SimpleCustomerService.getCustomer(SimpleCustomerService.java:26) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181) at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97) ... 26 more
I would propose either to support injections of both contexts or provide more clear error message.