Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-904

The property AuthorizationManager is null exceptions and NPE on SimpleSecurityManager when connecting firstly from a remote client

    XMLWordPrintable

Details

    • Hide

      How reproducible: 100% always

      Steps to Reproduce:

      1. write a simple remote client and connect with principal and credentials (that are defined in application-*.properties)

      2. Add some declarative security to your EJB – even @PermitAll will do

      3. Try and connect and use an EJB method. Exceptions are described above are thrown.

      4. Now undeploy your app and deploy the ejb-security quickstart app, log in with one of the users you defined, undeploy the quickstart and redepoly your app.

      5. Try connecting and using EJB methods again. All perfectly fine. Undeploy, deploy again, connect and invoke the method as many times you want, all works as expected. Undeploy.

      6. Restart the server and redeploy your app.

      7. Try using your client, the exceptions are back. Until you run the quickstart again.

      Actual results: Exceptions, including a Server NPW

      Expected results: Secure EJBs working as expected when used from remote clients.

      Show
      How reproducible: 100% always Steps to Reproduce: 1. write a simple remote client and connect with principal and credentials (that are defined in application-*.properties) 2. Add some declarative security to your EJB – even @PermitAll will do 3. Try and connect and use an EJB method. Exceptions are described above are thrown. 4. Now undeploy your app and deploy the ejb-security quickstart app, log in with one of the users you defined, undeploy the quickstart and redepoly your app. 5. Try connecting and using EJB methods again. All perfectly fine. Undeploy, deploy again, connect and invoke the method as many times you want, all works as expected. Undeploy. 6. Restart the server and redeploy your app. 7. Try using your client, the exceptions are back. Until you run the quickstart again. Actual results: Exceptions, including a Server NPW Expected results: Secure EJBs working as expected when used from remote clients.
    • Workaround Exists
    • Hide

      Run the ejb-security quickstart every time you stat your Server

      Show
      Run the ejb-security quickstart every time you stat your Server

    Description

      Description of problem:

      If one tries and use security enabled EJBs from a remote client (authenticated connection) before connecting first from a servlet both a Server NPE and an erroneous exception are thrown. However, if one uses some servlet-based authentication first, the missing field is "primed" and from that point on the remote application can use the secure EJBs normally, proper Role authorization is checked and enforced etc. With absolutely no changes in configuration, code (incl. annotation) whatsoever. Any number of remote client connections will succeed until you restart the server. Then the errors are back, until you "prime" the Server by connecting using a Servlet.

      More complete data is attached, but here are some info:

      NPE is thrown at:

      org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:394)

      Bean method invocation fails with exceptions containing the message:

      JBAS011048: Failed to construct component instance

      I am using the "other" security context for testing.

      I am running the Server in standalone mode.

      When I say remote I mean not in the Server, but I am running my client from localhost.

      Version-Release number of selected component (if applicable): Seen on EAP 6.1.0 alpha (apparently present on AS 7.1.1 as well).

      Attachments

        1. NPEinSimpleSecurityManager
          6 kB
        2. PBOX000075
          25 kB
        3. QSecuredEJB.jar
          5 kB
        4. QSecuredEJB.zip
          15 kB
        5. SecurityRelatedSettings
          3 kB

        Issue Links

          links to

          Web Link Corresponding Bugzilla issue

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              fnasser Fernando Nasser
              Votes:
              6 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: