Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-9240

SecurityDomain.getCurrent() throws NPE when invoking SLSB using a Weld thread

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 11.0.0.Final
    • 11.0.0.Beta1, 11.0.0.CR1
    • CDI / Weld, Security
    • None
    • Hide
      1. clone Weld WildFly fork and build the project
      2. clone Weld repo, build the project and run org.jboss.weld.tests.event.async.context.security.SecurityContextPropagationTest
      $ git clone -b 11.0.0.CR1-weld3 git@github.com:weld/wildfly.git
$ cd wildfly
$ mvn clean install -DskipTests
$ cd ../
$ git clone git@github.com:weld/core.git
$ cd core
$ mvn clean install -DskipTests
$ export JBOSS_HOME=WFLYREPO/dist/target/wildfly-11.0.0.Beta1
$ mvn clean test -Dincontainer -Dtest=SecurityContextPropagationTest -f tests-arquillian/pom.xml
      Show
      clone Weld WildFly fork and build the project clone Weld repo, build the project and run org.jboss.weld.tests.event.async.context.security.SecurityContextPropagationTest $ git clone -b 11.0.0.CR1-weld3 git@github.com:weld/wildfly.git $ cd wildfly $ mvn clean install -DskipTests $ cd ../ $ git clone git@github.com:weld/core.git $ cd core $ mvn clean install -DskipTests $ export JBOSS_HOME=WFLYREPO/dist/target/wildfly-11.0.0.Beta1 $ mvn clean test -Dincontainer -Dtest=SecurityContextPropagationTest -f tests-arquillian/pom.xml

      The integration code used by Weld 3 to propagate the security context of the current thread to different threads (needed for async events CDI 2.0 feature) is not able to obtain the current org.wildfly.security.auth.server.SecurityDomain anymore.

      The invocation of SecurityDomain.getCurrent() returns null.

      UPDATE: The original description was wrong. We wrongly assumed that Elytron is active for a deployment by default which isn't the case.

      NullPointerException being reported DURING calls to SecurityDomain.getCurrent():

      Caused by: java.lang.NullPointerException
	at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:936)
	at org.wildfly.security.auth.server.SecurityDomain.getCurrent(SecurityDomain.java:171)
	at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:74)
	at org.jboss.weld.tests.event.async.context.security.Printer$$$view2.print(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jboss.weld.util.reflection.Reflections.invokeAndUnwrap(Reflections.java:411)
	at org.jboss.weld.module.ejb.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:128)
	at org.jboss.weld.bean.proxy.EnterpriseTargetBeanInstance.invoke(EnterpriseTargetBeanInstance.java:56)
	at org.jboss.weld.module.ejb.InjectionPointPropagatingEnterpriseTargetBeanInstance.invoke(InjectionPointPropagatingEnterpriseTargetBeanInstance.java:68)
	at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106)
	at org.jboss.weld.tests.event.async.context.security.Printer$Proxy$_$$_Weld$EnterpriseProxy$.print(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      Note that this worked on WildFly 11.0.0.Alpha1.

      It's also possible that the test (see also steps to reproduce) is wrong. A review/help from a security expert would be appreciated.

              darran.lofthouse@redhat.com Darran Lofthouse
              mkouba@redhat.com Martin Kouba
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: