Uploaded image for project: 'DeltaSpike'
  1. DeltaSpike
  2. DELTASPIKE-1383

Authorizer is marked initialized before being fully initialed. NullPointerException follows.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.8.0, 1.8.1, 1.8.2, 1.9.0
    • 1.9.1
    • Security-Module
    • None

    Description

      Similar to DELTASPIKE-1378!

      Authorizer is marked initialized before being fully initialed. A NullPointerException follows.

      This is caused by boundAuthorizerBean being used for determining if the Authorizer is initialized. Futhermore boundAuthorizerMethodProxy is also initialized in that method, and used elsewhere. Another thread can see the non-null boundAuthorizerBean and assume boundAuthorizerMethodProxy is also non-null. This results in a nullpointer exception.

      Stack trace (with some class names removed):

         14:17:14.541  [XNIO-1 task-3] ERROR c.n.h.g.h.u.h.DelegateExceptionHandler - java.lang.NullPointerException
    org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
        at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:78)
        at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:222)
        at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:175)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:418)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209)
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
        at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter.doFilter(XxxxxxFilter.groovy:106)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at javax.servlet.FilterChain$doFilter.call(Unknown Source)
        at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter.doFilter(XxxxxxFilter.groovy:31)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter.doFilter(XxxxxxFilter.groovy:50)
        at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter$$OwbInterceptProxy0.doFilter(XxxxxxFilter.java)
        at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxFilter$$OwbNormalScopeProxy0.doFilter(XxxxxxFilter.java)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
        at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
    Caused by: java.lang.NullPointerException: null
        at org.apache.deltaspike.security.impl.extension.Authorizer.authorize(Authorizer.java:182)
        at org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.invokeBeforeMethodInvocationAuthorizers(DefaultSecurityStrategy.java:80)
        at org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.execute(DefaultSecurityStrategy.java:62)
        at org.apache.deltaspike.security.impl.extension.SecurityInterceptor.filterDeniedInvocations(SecurityInterceptor.java:44)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136)
        at org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65)
        at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxInterceptor.intercept(XxxxxxxInterceptor.groovy:58)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136)
        at org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65)
        at org.apache.webbeans.intercept.DefaultInterceptorHandler.invoke(DefaultInterceptorHandler.java:139)
        at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxResource$$OwbInterceptProxy0.getCarePath(xxxxxxxxx.java)
        at xxx.xxxx.xxxxxx.xxxxxx.XxxxxxResource$$OwbNormalScopeProxy0.xxx(xxxxxxxxx.java)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:294)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:248)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:235)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402)
        ... 46 common frames omitted

      See the PR which should fix this at https://github.com/apache/deltaspike/pull/92

       

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. DELTASPIKE-1378 EntityManagerRefLookup returns null globalEntityManager when lazyInitGlobalEntityManager is called by multiple threads

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. DELTASPIKE-1385 support init under high load

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #92

          Activity

            People

              gpetracek Gerhard Petracek
              hidde.wieringa Hidde Wieringa
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m