Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-541

NPE in DefaultAuthorizationManager.hasRole()

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • PLINK_2.7.0.Beta2
    • PLINK_2.6.0.Final
    • BASE, DELTASPIKE
    • None

      When the following method is invoked I'll get a NPE in DefaultAuthorizationManager.hasRole(). See stacktrace below.

      @Dependent
      @RolesAllowed({ "admin", "mitarbeiter" })
      @Log  // own interceptor for logging
      public class KundeService implements Serializable {
         //@RolesAllowed({ "admin", "mitarbeiter" })
         public AbstractKunde findKundeById(Long id, FetchType fetch) {...}
      

      However, when I additionally insert @RolesAllowed(

      { ..}

      ) ahead of the method, then everything the NPE doesn't occur. I'm using the latest snapshot of WildFly 9.0.0.Alpha1, and tried both PicketLink 2.6.0 (which is preconfigured) and 2.6.1

      The stacktrace

      2014-08-04 20:55:02,900 ERROR [io.undertow.request] UT005023: Exception handling request to /shop/rest/kunden/301: org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
      	at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
      	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at org.picketlink.authentication.web.AuthenticationFilter.doFilter(AuthenticationFilter.java:156) [picketlink-api-2.6.1.Final.jar:]
      	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:234) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:153) [undertow-servlet-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:737) [undertow-core-1.1.0.Beta5.jar:1.1.0.Beta5]
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_11]
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_11]
      	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_11]
      Caused by: java.lang.NullPointerException
      	at org.picketlink.authorization.DefaultAuthorizationManager.hasRole(DefaultAuthorizationManager.java:122) [picketlink-deltaspike-2.6.1.Final.jar:]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_11]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_11]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_11]
      	at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_11]
      	at org.apache.deltaspike.core.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:189) [deltaspike-core-api-1.0.1.jar:1.0.1]
      	at org.apache.deltaspike.core.util.metadata.builder.InjectableMethod.invoke(InjectableMethod.java:189) [deltaspike-core-api-1.0.1.jar:1.0.1]
      	at org.apache.deltaspike.security.impl.extension.Authorizer.authorize(Authorizer.java:182) [deltaspike-security-module-impl-1.0.1.jar:1.0.1]
      	at org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.invokeBeforeMethodInvocationAuthorizers(DefaultSecurityStrategy.java:80) [deltaspike-security-module-impl-1.0.1.jar:1.0.1]
      	at org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.execute(DefaultSecurityStrategy.java:62) [deltaspike-security-module-impl-1.0.1.jar:1.0.1]
      	at org.apache.deltaspike.security.impl.extension.SecurityInterceptor.filterDeniedInvocations(SecurityInterceptor.java:44) [deltaspike-security-module-impl-1.0.1.jar:1.0.1]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_11]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_11]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_11]
      	at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_11]
      	at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNext(AbstractInterceptionChain.java:116) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNextInterceptor(AbstractInterceptionChain.java:94) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.proxy.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:149) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at de.shop.util.interceptor.LogInterceptor.log(LogInterceptor.java:96) [classes:]
      	at sun.reflect.GeneratedMethodAccessor97.invoke(Unknown Source) [:1.8.0_11]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_11]
      	at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_11]
      	at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNext(AbstractInterceptionChain.java:116) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNextInterceptor(AbstractInterceptionChain.java:94) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.proxy.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:149) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.hibernate.validator.internal.cdi.interceptor.ValidationInterceptor.validateMethodInvocation(ValidationInterceptor.java:87) [hibernate-validator-cdi-5.1.2.Final.jar:5.1.2.Final]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_11]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_11]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_11]
      	at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_11]
      	at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNext(AbstractInterceptionChain.java:116) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNextInterceptor(AbstractInterceptionChain.java:94) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:43) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:36) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:51) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at de.shop.kundenverwaltung.business.KundeService$Proxy$_$$_WeldSubclass.findKundeById(Unknown Source) [classes:]
      	at de.shop.kundenverwaltung.rest.KundeResource.findKundeById(KundeResource.java:135) [classes:]
      	at de.shop.kundenverwaltung.rest.KundeResource$Proxy$_$$_WeldSubclass.findKundeById(Unknown Source) [classes:]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_11]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_11]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_11]
      	at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_11]
      	at org.jboss.weld.interceptor.proxy.SimpleInterceptionChain.interceptorChainCompleted(SimpleInterceptionChain.java:51) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNextInterceptor(AbstractInterceptionChain.java:96) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.proxy.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:149) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at de.shop.util.interceptor.LogInterceptor.log(LogInterceptor.java:96) [classes:]
      	at sun.reflect.GeneratedMethodAccessor97.invoke(Unknown Source) [:1.8.0_11]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_11]
      	at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_11]
      	at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNext(AbstractInterceptionChain.java:116) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNextInterceptor(AbstractInterceptionChain.java:94) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.proxy.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:149) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at com.arjuna.ats.jta.cdi.transactional.TransactionalInterceptorBase.invokeInOurTx(TransactionalInterceptorBase.java:92) [narayana-jts-jacorb-5.0.2.Final.jar:5.0.2.Final (revision: d1e56)]
      	at com.arjuna.ats.jta.cdi.transactional.TransactionalInterceptorRequired.intercept(TransactionalInterceptorRequired.java:52) [narayana-jts-jacorb-5.0.2.Final.jar:5.0.2.Final (revision: d1e56)]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_11]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_11]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_11]
      	at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_11]
      	at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNext(AbstractInterceptionChain.java:116) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.chain.AbstractInterceptionChain.invokeNextInterceptor(AbstractInterceptionChain.java:94) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:43) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:36) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:51) [weld-core-impl-2.2.3.Final.jar:2014-07-07 07:39]
      	at de.shop.kundenverwaltung.rest.KundeResource$Proxy$_$$_WeldSubclass.findKundeById(Unknown Source) [classes:]
      	at de.shop.kundenverwaltung.rest.KundeResource$Proxy$_$$_WeldClientProxy.findKundeById(Unknown Source) [classes:]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_11]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_11]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_11]
      	at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_11]
      	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237) [resteasy-jaxrs-3.0.8.Final.jar:]
      	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356) [resteasy-jaxrs-3.0.8.Final.jar:]
      	... 36 more
      

              psilva@redhat.com Pedro Igor Craveiro
              juergen.zimmermann Juergen Zimmermann (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: