-
Feature Request
-
Resolution: Done
-
Major
-
JBossAS-5.1.0.GA
-
None
situation, web request:
- guest tries to access secured resource
- guest is challenged by container managed security
- guest logs in, but does not have permissions to access the requested resource
- logged in user is forwarded to <error-page> 403 /not-authorized
- java.lang.NullPointerException in custom Filter:
- filter is registered with <dispatcher>REQUEST</dispatcher>,<dispatcher>FORWARD</dispatcher>, <dispatcher>ERROR</dispatcher>
- javax.servlet.http.HttpServletRequest.isUserInRole(String) is called, yields NullPointerException because SecurityAssociationValve ThreadLocals not available due to SecurityAssociationValve not invoked in this forwarding/error chain
2009-08-17 12:27:25,879:4249013 [ http-0.0.0.0-8680-4] web].[localhost] ERROR Exception Processing ErrorPage[errorCode=403, location=/not-authorized] @org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]
java.lang.NullPointerException
at org.jboss.web.tomcat.security.JBossWebRealm.hasRole(JBossWebRealm.java:537)
at org.apache.catalina.connector.Request.isUserInRole(Request.java:2198)
at org.apache.catalina.connector.RequestFacade.isUserInRole(RequestFacade.java:763)
at javax.servlet.http.HttpServletRequestWrapper.isUserInRole(HttpServletRequestWrapper.java:164)
at UserContextFilter.doFilter(UserContextFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at TokenGenerationFilter.doFilter(TokenGenerationFilter.java:42)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at SystemStateFilter.doFilter(SystemStateFilter.java:120)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:638)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:446)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:382)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:310)
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:416)
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:342)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:905)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:592)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2036)
at java.lang.Thread.run(Thread.java:619)
