Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-6545

SecurityActions throws a NullPointerException when client invokes method on the local interface of a secure EJB 2 bean

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • EAP_EWP 5.1.2 ER1
    • EAP_EWP 5.1.0
    • System
    • None
    • Release Notes
    • Hide
      The security interceptor did not create a security context if one did not already exist. A new clean thread (the thread with no security context) was unable to invoke the local interface of the EJB. However, a new clean thread was able to invoke the remote interface of an EJB without any problems. The fix provides modifications to the PreSecurityInterceptor, which now creates a new security context if one does not exist. A new thread with no security context is able to invoke the local interface of the EJB.
      Show
      The security interceptor did not create a security context if one did not already exist. A new clean thread (the thread with no security context) was unable to invoke the local interface of the EJB. However, a new clean thread was able to invoke the remote interface of an EJB without any problems. The fix provides modifications to the PreSecurityInterceptor, which now creates a new security context if one does not exist. A new thread with no security context is able to invoke the local interface of the EJB.
    • Documented as Resolved Issue
    • ASSIGNED

      A NullPointerException (see the stack trace below) is thrown when a thread that has no security context hits the local interface of a secure EJB 2 bean.

      15:31:43,792 ERROR [LogInterceptor] RuntimeException in method: public abstract com.redhat.jboss.support.test.HelloStatefulLocal com.redhat.jboss.support.test.HelloStatefulLocalHome.create() throws javax.ejb.CreateException:
      java.lang.NullPointerException
      at org.jboss.ejb.plugins.security.SecurityActions$8.run(SecurityActions.java:140)
      at java.security.AccessController.doPrivileged(Native Method)
      at org.jboss.ejb.plugins.security.SecurityActions.setSecurityManagement(SecurityActions.java:136)
      at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:119)
      at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
      at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
      at org.jboss.ejb.Container.invoke(Container.java:1109)
      at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:362)
      at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:133)
      at $Proxy125.create(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)

      I have attached a reproducer (testcase.zip) that the customer has provided. Their test case is a beanshell script (test-ejb-call.bsh) that invokes the local interface of the ejb. The interesting thing with this bug is that a new clean thread (ie, the thread has no security context) is able to invoke the remote interface of the ejb without any problems. This can be seen by uncommenting the call in their test script that looks up the remote interface instead of the local interface.

              rhn-support-dehort Derek Horton
              rhn-support-dehort Derek Horton
              Jared Morgan Jared Morgan (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: