Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-1865

NPE when injected request used in bean called from JASPIC SAM

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.1
    • Fix Version/s: 7.0.2
    • Component/s: TomEE Core Server
    • Labels:

      Description

      When a CDI bean is called from a JASPIC SAM (validateRequest or secureResponse), and this bean has an injected HttpServletRequest, then a proxy is indeed injected, but when any method is called on this proxy a NullPointerException is thrown:

      java.lang.NullPointerException
      	at sun.reflect.GeneratedMethodAccessor43.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.apache.openejb.cdi.Proxys$ThreadLocalHandler.invoke(Proxys.java:95)
      	at com.sun.proxy.$Proxy15.setAttribute(Unknown Source)
      	at org.javaee7.jaspic.invoke.bean.CDIBean.setTextViaInjectedRequest(CDIBean.java:20)
      	at org.javaee7.jaspic.invoke.bean.CDIBean$$OwbNormalScopeProxy0.setTextViaInjectedRequest(org/javaee7/jaspic/invoke/bean/CDIBean.java)
      	at org.javaee7.jaspic.invoke.sam.TestServerAuthModule.callCDIBean(TestServerAuthModule.java:113)
      	at org.javaee7.jaspic.invoke.sam.TestServerAuthModule.validateRequest(TestServerAuthModule.java:57)
      	at org.javaee7.jaspic.common.TestServerAuthContext.validateRequest(TestServerAuthContext.java:36)
      	at org.apache.catalina.authenticator.AuthenticatorBase.authenticate(AuthenticatorBase.java:706)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:599)
      

      The same exception is thrown when a SAM doesn't call a CDI bean directly, but forwards to a Servlet, which is injected with the same kind of CDI bean.

      For using the bean directly from a SAM I've extended the existing test case here: https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/invoke-ejb-cdi

      The expected output is:

      validateRequest: Called from CDI
      validateRequest: Called from CDI via injected request
      Resource invoked
      cleanSubject: Called from CDI
      cleanSubject: Called from CDI via injected request
      secureResponse: Called from CDI
      secureResponse: Called from CDI via injected request
      

      But on TomEE 7.0.1 it's:

      validateRequest: Called from CDI
      Resource invoked
      cleanSubject: Called from CDI
      cleanSubject: Called from CDI via injected request
      secureResponse: Called from CDI
      

      On JBoss EAP 7/WildFly 10.0.0 and Payara 4.1.1.162 the output is as expected.

      The CDI bean looks as follows:

      @Named
      @RequestScoped
      public class CDIBean {
          
          @Inject
          private HttpServletRequest request;
      
          public String getText() {
              return "Called from CDI";
          }
          
          public void setTextViaInjectedRequest() {
              request.setAttribute("text", "Called from CDI via injected request");
          }
          
      }
      

      The call to this bean from a SAM is essentially this:

      CDIBean cdiBean = CDI.current().select(CDIBean.class).get();
      cdiBean.setTextViaInjectedRequest();
      

        Issue Links

          Activity

          Hide
          romain.manni-bucau Romain Manni-Bucau added a comment -

          adding a duplicates issue (TOMEE-1866) to mention the issue with tomcat semantic too

          Show
          romain.manni-bucau Romain Manni-Bucau added a comment - adding a duplicates issue ( TOMEE-1866 ) to mention the issue with tomcat semantic too
          Hide
          arjan.tijms Arjan Tijms added a comment -

          That's a really quick fix, thanks Romain!

          Show
          arjan.tijms Arjan Tijms added a comment - That's a really quick fix, thanks Romain!
          Hide
          romain.manni-bucau Romain Manni-Bucau added a comment -

          Arjan Tijms you did an awesome job to spot it out and let us reproduce it so was the least we can do

          Show
          romain.manni-bucau Romain Manni-Bucau added a comment - Arjan Tijms you did an awesome job to spot it out and let us reproduce it so was the least we can do

            People

            • Assignee:
              romain.manni-bucau Romain Manni-Bucau
              Reporter:
              arjan.tijms Arjan Tijms
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development